When we talk about security the most important aspect comes in mind is about the restriction. Where should i add restriction. But let me tell you one thing is that if you increase restriction on website, then there are chances of less traffic.
Because just imagine one case where for simply accessing contact information on the website you need to follow n number of security protocols. Then will you further proceed to that website or you simply leave it. Definetly you will close the page and move on to different website.
Therefore in web security, developer need to think very properly about where put most security protocol and where to put less protocols.
Now in this post am going to explain the key locations or points where we need to take care of the security the most.
Key points of security
1. Login Page
In login page you need to use mysql real escape concept, along with reCAPTCHA if possible. This reCAPTCHA is great thing for web security. You can use it mostly in all location where you may think that there will be any bot attack.
E-commerce Cart Checkout
In the e-commerce cart checkout the main issue might be is of changing the price of the product or service at the time of checkout. So the solution is very simple, all you have to do is never use the price came from the client side. Only consider the product id and the quantity. That will let you calculate the exact amount in back ground. As because the id will give you product price and the quantity is an integer with which you have to just multiple the price of the product. Then if the value calculated on server is same as client then you can proceed. If the values are different then you can prompt the transaction declined or track that activity.
In registration page for any website is the most important because this is the entry point of the user. And if we didnot increase security protocol here then it will problem for website in future. Now which security protocols are important here. Very important protocol is that the registration is performed by real human-being. Because if your form didnot have any hidden key then you might end up with fake account creation through software bots. Therefore i highly recommend to use reCAPTCHA here. This wont allow the bot to submit the form even if they can able to parse through the html form. It cannot submit the form.