In the past you may have heared about more and more security bugs on well-known web sites you use maybe more often a day. Below there are some tips you should have in mind when browsing:

1. Don't use feautres like "save user credentials on this computer". This feature is really nice but will allow anybody use your account. Bugs in web sites can be used to gain access to your account.
2. Very often session cookies are used to login to web sites (FormsAuthentication). These cookies are accessible in only on web browser instance (i.e. one iexplore.exe). If you don't signout or open a new tab in this instance this cookie could be accessible. Use a seperate instance (not Ctrl + N in Internet Explorer or Firefox!!) if you want to login to a web page.
3. You should be on the qui vive when clicking on (sub-)domains. Is there any encrypted string inside the URL or does the path belong to a web site where you have an account?

I know that there are more tips for safer Internet browsing like disable ActiveX or Scripting. But today I'd like to give developers an appeal to write more secure web applications. There are a lot of libraries available that can help to write secure web applications. Tools like Visual Studio .NET 2005 Express let's developers create web sites in seconds without writing any line of source code. Can this be secure? What do you think? Why is it possible to use someones cookie information to access denied web site URLs?

The next days I will show some small topis how I made my web sites more secure. Maybe there are some ideas for you how to secure your web site.

No Comments