WebApps we have been developing since long we code with utmost attention, we code securely. Here are certain tips which might prevent us from a few attacks, they cannot save us completely, if they could why will be need security experts
- Always create an index.html or index.php in each directory which is publicly accessible. We generally create folders like config, includes etc but dont create an index file in these due to which a Directory listing is shown which shows all files under the directory, so make a habit to create index.html leave it blank no probs or i would suggest that write a redirecting script in it so that if by chance a normal user goes to the directory he is redirected without seeing any of your files. Hey even Wordpress Drupal Joomla subdirectories should be checked they dont contain index.html as a result u can view http://<yourblog>/wp-content/plugins easily if its a wordpress go go and create index.html there
- Dont keep backups on the live server i.e on publicly accessible folders.
- Turn Server Signature Off if you can do generally in shared hosting you cant do this.
- Create a connector file to store db name and password do not put these in each of your files.
- Dont make unnecessary directories on web servers.
- Keep the database and files separately.