How to Secure your Data in 2019 - ByteScout
  • Home
  • /
  • Blog
  • /
  • How to Secure your Data in 2019

How to Secure your Data in 2019

Data is the new oil and data security is the most crucial part of any software programming. If data is lost, everything is lost. Programmers always make sure that the data is properly encrypted and secured before launching or releasing any web application. If you want to create any robust application then the security of your data is very important. This post will explain how to secure your data in 2019 by using various programming languages.

How to secure data in PHP?

PHP is a traditional language for the development of various software applications and web app development. It is so widespread that in any circumstances organizations do shot several bounty programs in which they beckon various security specialists to investigate their application from the kernel and submit significant PHP security best practices for it. Following are some of the security issues and their solutions are given by PHP.

Preventing Cross-site scripting (XSS) and SQL injection

The following code example is showing how to prevent XSS and SQL injection attacks in PHP. The below code is using various PHP built-in functions to prevent various XSS and SQL injection attacks. XSS and SQL are common PHP vulnerabilities.

<?php
function validate_data($data)
{
// Eliminates any script checks
$data = strip_tags($data);
// Stripslashes
if (get_magic_quotes_gpc())
{
$data = stripslashes($data);
}
// Leave specific characters
if (!is_numeric($data))
{
$data = mysql_real_escape_string($data);
}
// Check numeric number
if (is_numeric($data))
{
$data = intval($data);
}
return $data;
}

Also to prevent SQL injection attack the following code is useful:

<strong>$sql = ‘SELECT `username`, `password` FRO</strong>M<strong> `users` WHERE `username`=”‘ . mysql_real_escape_string($_POST[‘username’]) . ‘”‘;?>
</strong>

The above code will prevent the SQL Injection attack. Just make sure to separate tables and columns from grades utilizing `, separate string values utilizing “, leave utilizing the database’s individual escape function, and add specific value to what it is assumed to be.

How to store the encrypted password in the MySQL database?

Saving a delicate data in understandable text format could transform into a bummer if the entrance to the database has been jeopardized. To reduce damages in such a cases MySQL gives functions for encrypting and hashing data.

The hash functions are designed to outline data of absolute size to data of fixed size. Hashing is a one-way method, i.e. the initial data cannot be reclaimed. Rather than saving the password, a standard method is to save only its checksum. The following code is displaying how to store the encrypted password in the MySQL database. For this, we use the MD5(str) function. This function computes the 128-bit checksum for an addressed string, returned as a string of 32 hex digits.

mysql> INSERT INTO `users` (`email`, `password`) VALUES ('user@abc.com', MD5('password2000'));

The above row is inserted in the table users. Now if we fire select command to retrieve this data then it will display the following result:

mysql> SELECT `password` FROM `users` WHERE `email` = 'user@abc.com';

Password

47762996a0dca22d43ac7894f466db56

 The above result is showing you to how to protect sensitive data.

How to secure URL in PHP?

Encryption is the most suitable method to transfer variables to the subsequent page using URL.
e.g. index.php?id=5
This URL displays the utility of id, so it will be weak. This is the reason one should always encode it for defense prospect. For this purpose always use urlencode() function.
urlencode(string) : This function is utilized in a query part of a URL. URL encoding is applied when putting text in a query to bypass it being involved with the URL itself. It is usually utilized when the browser posts form data to a web server.
base64_url_encode($value) : This function is useful when encoding a string to be utilized in a URL. The following example is displaying step by step instructions on how to create this function.

1. Design a function for encrypting input data.

function base64_url_encode($data)
{
return strtr(base64_encode($data), ‘+/=’, ‘-_,’);
}

The above code is showing us that the base64_encode always encodes data with MIME base64. Due to this, the URL is safe.
Now, by using the urldecode(string) function one can easily decrypt the URL.
urldecode(string) : This function decodes a URL string. It is utilized when putting text in a query string to bypass it with the URL. It is frequently applied when the browser posts form data to a web server.

2. Build a function for decrypting input data.

function base64_url_decode($data)
{
return base64_decode(strtr($data, ‘-_,’, ‘+/=’));
}

The above script is displaying how to decode data using PHP base64_decode. It decodes data encoded with MIME base64.

How to secure data in Java?

Java is one of the most used programming languages in the software world. The following example is displaying how to encrypt and decrypt the java code using AES functionality. The following code is showing you:

public static void main(String[] args)
{
final String secureKey = "ohhhhhh";

String myString = "My name is James Bond";
String securedString = AES.encrypt(myString, secureKey) ;
String disclosedString = AES.decrypt(securedString, secureKey) ;

System.out.println(myString);
System.out.println(securedString);
System.out.println(disclosedString);
}

The output of the above code will be:

My name is James Bond
Gg2pn1wDXOL6Xc+1jjjkZTQ9FAf2a2/LBLcwQJHN4o=
My name is James Bond.

Big Data and data protection

Big data is the most widely used technology to derive meaningful conclusions. There are many projects which are using this technology. NoSQL database is devised to give real-time execution while handling large volumes of data. There are many parameters such as security configuration utility, authentication methods, encryption, external password storage and role-based authorization which come under the best data security practices.
The following example is displaying how to use a simple a simple SSL key management strategy in Oracle NoSQL database. When reaching a NoSQL occurrence that is guarded utilizing SSL/TLS, the user must follow the following given example.

java -Doracle.kv.security=safelogin.txt \
-jar KVHOME/lib/kvstore.jar runadmin

where the file safelogin.txt should be a representation of the customer.security file with extra features frameworks for authentication. The file would then comprise content like this:

oracle.kv.auth.username=root
oracle.kv.auth.wallet.dir=login.wallet
oracle.kv.transport=ssl
oracle.kv.ssl.trustStore=client.trust
oracle.kv.ssl.protocols=TLSv1.2,TLSv1.1,TLSv1
oracle.kv.ssl.hostnameVerifier=dnmatch(CN\=NoSQL)

In short, security is the most crucial part of any software application and various programming languages like PHP, MYSQL, Java, Python, and NoSQL have mentioned various security policies in their documentation.

 

About the Author

ByteScout Author

Prasanna Peshkar

Prasanna is an independent cybersecurity consultant and technical writer, focusing on penetration testing and vulnerability assessment. He provides penetration testing services to a wide variety of clients, including financial institutions, brokerage firms, professional regulators, manufacturing companies and transportation companies.

 

prev
next