Ensuring the code safety
The article "Ensuring website safety" is provided by Sophos Plc and SophosLabs.
December 2007
Developing a secure code is not always as easy as it seems. For this, you need not only experienced programmers but also the knowledge about specific security problems [12]. There are many books about secure code development. Here we just present the basics [13].
Always disable global variables since they can be intentionally initialized with a forged GET or POST request.
Disable error messages. Instead, write error information to a log file, because error information may allow the attackers to provoke a similar problem and use it to find other vulnerabilities.
Don't trust the data provided by the users as secure. To remove special SQL characters and escape sequences, use filters.