I am looking to spend some money in buying a book on internet security which mostly deals with how can we make websites secure. Any suggestions/recommendations ?
If your websites are written using PHP then the best book I read was: PHP|Architect's Guide to PHP Security by, Ilia Alshanetsky Or you can take a look at learning PHP thread on my forum.
Thanks! I have read many books in PHP, MySQL and security, but these, I will guarantee that are the best.
if your gonna secure your website/ server secure all other pc's connected to that network. BUY "The Unofficial Guide To Ethical hacking" By Ankit Fadia. First chapter got loads of registry edits for logons and such. Go to book shop and browse through the book first tho ya!
Check Chris Shiflett blog, it's full of tips, and anyway there are many approaches you can take to secure your website according to the OS it is on and the language it is written in. You could also check my signature
any book on this is obsolete , keep checking security sites lik www.securitydot.net for new exploits and vulnerabilities .
Interesting advice, I wouldn't follow most of it though. I would grab a book on PHP security if you like to have a tangible reference, but if not theres thousands of articles online about it (main way people "hack" scripts is because they're poorly coded which result in XSS, SQL Injections, or remote includes because REGISTER_GLOBAL's is on). But surprisingly I didn't see any mention of learning anything about the Unix* system and common web services (such as SSHd, httpd, ftpd, etc).. which are all (not only, just most common) part of the lame "hacks" you see. So my advice? Learn more about Unix* and the services that are ran and how to secure it. A lot of hacks could be avoided by simple configurations (disable root login directly through SSH / ftp, change SSH port from default, turn register_globals off) which would all take about 30 seconds to do.
The Best Way Is To HIRE PEN-TESTERS but make sure they are reliable and arn't gonna screw you over by hiding a few things from you. Keep Records Of Everything That they do that you pick up on when there testing your security. If you get a warning on a firewall. Archive It To Some Records That YOU Keep SAFE.