Basic Web Application Security
6 steps to a safer more secure website solution
Secure Website Solutions for Banking Websites
1. Passwords are not stored on user accounts
A practice called “hashing” is implemented, which creates a unique token for each user. The hash is further obfuscated by adding a unique token to each user’s password. If someone were able to gain access to the database, they would not be able to determine what each user’s password is.
2. Users cannot recover their old passwords
If a user forgets their password, they can request to have their password reset. The user will enter their username into a form, and an email will be sent with instructions on how to reset the password. The email is sent to the email address that is on file. Once sent, the user has a set number of hours to read the email and follow the instructions within. When the user follows the instructions in the email, they will have the ability to choose a new password. This method is safer than other methods, because an attacker would have to know the user’s username, and have control of their email account.
3. Strict passwords are required
A minimum of 8 characters is required, and there must be at least one letter, one number, and one special symbol. This protects against attacks, where the attacker will have a program that randomly grabs words and common passwords from a dictionary, and keeps trying to guess the password over and over again.
4. Site encryption
The website may have all traffic encrypted, between the server and the user. Any information transmitted cannot be read by a third party.
5. PCI-DSS Compliance
Proper coding practices are put in place to protect the data stored and transmitted through the site. Any personal or sensitive information that is not absolutely required for the functioning of the site will be left out. This is the same compliancy required by all major credit card companies.
6. Secure authorization and authentication
Users of the site are placed in strict roles. All users are given only the information that they need, and nothing more. Users that try to access portions of the site, where they do not have clearance, will be redirected without a chance to view the information.
Contact us today for a free consultation on your website's security.