File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes How to develop a secure website Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "How to develop a secure website" Watch "How to develop a secure website" New topic

How to develop a secure website

Prakash Dwivedi
Ranch Hand

Joined: Sep 28, 2002
Posts: 452
I have developed many websites, with servlet / jsp. My doubt is, are my websites hack-proof, how can i test it?. I am using simple architecture i.e. whenever user logs in i put his id in session , if user id is not in session than, he is not allowed to browse the site.
Is there any loop hole in such a architecture? Can these type of sites be hacked? If yes how can i make it more secure?

waiting for reply.

Prakash Dwivedi (SCJP2, SCWCD, SCBCD)
"Failure is not when you fall down, Its only when you don't get up again"
Lasse Koskela

Joined: Jan 23, 2002
Posts: 11962
Anything can be hacked. It's only a matter of making it difficult enough to eliminate the motivation for a cracker to do so.

If you really want a thorough picture of system security, I'm afraid you'll have to do some reading. I know a security consultant who's got literally over a hundred security-related titles on his bookshelf, but I'm sure most people suffice with just a few application-level security books like J2EE Security for Servlets, EJBs, and Web Services, Enterprise Java Security, Hacking Exposed: J2EE & Java, Hacking Exposed: Network Security Secrets & Solutions, and Hacking Exposed: Linux.

Author of Test Driven (2007) and Effective Unit Testing (2013) [Blog] [HowToAskQuestionsOnJavaRanch]
I agree. Here's the link:
subject: How to develop a secure website
It's not a secret anymore!