Imagine this: You’re tasked with developing a PHP web application for a fast-growing startup. You spend months writing code and going back and forth with the client’s project manager to get their approval. After 4-6 months, you complete 90% of the work, and just need to add finishing touches before you deliver the final product and see your bank account fill up.
But one night, as you sip a warm cup of coffee while working on the last part of the project, something goes wrong. The web application page returns a 404 error. You think you entered in the wrong URL, or made another mistake. You try everything, but nothing works. In the end, you discover that the server and database (hosting your web application) were hacked. All your hard work goes down the drain.
You browse the internet to see if there’s an escape, but all you find is stories of web developers who lost their project data to adversaries because they didn’t take any measures to increase the security of their web development projects. While certain aspects of the project are destined to fall through the cracks, you can take a few steps to keep your web development endeavors secure from adversaries. Below are 3 measures you can take.
Backup Your Data
It’s essential to create a backup of the data stored in your database and server. You can use a cloud backup service as well as store the data on an external hard disk. Remote data recovery services are available for web developers who’ve already suffered data hacks and losses. Such solutions bring back the data that’s not recoverable through normal commands and provide the fastest option in an emergency situation for projects which are still ongoing but have experienced data loss due to hacks, corruption or error.
Use Server Side Sessions & Don’t Keep User Data On Front-End
When you’re managing a web development project, it’s likely that you’re using sessions. Make sure to use server side sessions instead of client side sessions. If you’re not aware of which sessions are being used, check the cookie for the apps domain. If you can see any identifiable details, modify them immediately. Identifiable information is an eye candy for hackers as it helps them to get into your system. Also, don’t keep user sensitive information on the front end; the less you reveal about your project’s underlying structure, the better.
Work on Projects with Encrypted Connections
Whether you’re working from the premises of your office or from your mobile office, always use encrypted protocols like SSH to validate the security of the resources you’re going to access, using OpenSSH and other verifiably secure tools. That’s because with weakly encrypted connections or unencrypted connections, like HTTP and FTP for websites, you can be a victim of network sniffing and man-in-the-middle attacks. Once your login credentials are compromised by an adversary, he/she would be capable of doing anything you’re able to do.
With these 3 measures, you’ll dramatically improve the security of your web development projects. While they don’t serve as a guarantee that your server, database, network or website won’t get hacked ever, taking them will keep the vast majority of hacking attempts by adversaries at bay, bringing down your risk posture.