Security of applications are a major concern today. Nearly all applications are vulnerable to attacks. Every software contains bugs and vulnerabilities. It really does not matter whether the software is open source or closed source or whether is is developed by small company or big company.
What matters is that how quickly bugs can be patched or resolved. Here the real difference comes, big and professional companies patch the bugs really fast. In case of nuke, since the cms is opensource and there is no real company behind it, it takes a lot of time to actually get the bugs resolved. But now it is no longer the case.
You can get your cms patched instantly. Basically if you get do few things you can reduce the risk of getting your website hacked upto 95%. In order to secure your nuke cms you need to do the following things:
- Variables sanitization: Since most of the attacks are done just because the variables in the source code are not properly filtered before talking any actions. So, this is most important that all the variables in the source codes should be properly checked and sanitized before talking any action.
- SQL Injection: SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another,
- XSS Vulnerability: Genrally known as Cross Site Scripting constitute a large portion of web application attacks. Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users ,
- Dual Layer Admin Authentication: Most of the attacks are targeted to gain control of admin panel of your website. and therefore you should take proper precations to safeguard your admin panel. Admin panel is the most important part of your website and proper care must be done to protect your admin panel.
- Rename database table prefix: Genrally most people install nuke as a default package. they do not invest their time to customize it and this is being taken advantage of by bad people. It is generally advised to change the database prefix of the database, this will add additional security protection for your website.
- Path mirage: Most Script kiddies want to trace the configuration file of your website. configuration file is the most important file of the website. it contains the user name and password of the database and other important additional details of the the website . if malicious people gets access to this website, they can do anything they like provided they have the right know how. It is important that you you hide configuration somewhere where users cannot have access to the file directly. this is a required step in order to protect your website against hackers.