1) Use a server-side script
What is required for this method: One must be able to understand and write PhP, AsP, etc., to use these types of scripts. They can largely help programmers in running scripts without any security problems like cross-site scripting. There are many different server-side programming languages but the most widely used ones that could be used to implement this method are:
PhP (Hypertext Preprocessor) is an open-source scripting language that is popularly known as server-side Html embedded scripting language.
AsP – This is a microsoft scripting language that is used in most web applications.
Perl (practical extraction & report language) – Perl was designed for text manipulation and is widely popular among system administrators. It is also widely used for Cgi programming on Unix servers, mainly because of its excellent support for string manipulation and regular expressions.
3) Make use of easily-guessable variable names This method is based on making use of variables with easily-guessable names that can be detected by attackers who want to steal them from the server. They have to remember that hackers know most programming languages just as well as they do and they can find these variables quickly during their hacking attempts if the names are not well chosen. It is recommended not to use names such as “user” or “password” because these variables are always the first that hackers will try.
8) Avoid hard-coding one’s sensitive data Look for different locations in their project where they could store some important values, such as session ids or database access credentials. There are many different techniques that they could use to access these values, but the most common practice is to use constant variables. One can then define them somewhere in their code and substitute their actual content just before the app runs on the user’s computer.
9) Make use of URL routing appended parameters This method is based on storing some sensitive information inside certain Uri-formatted parameters instead of using HttP Get requests. This way they are hiding the data by sending it through a different channel with an extra parameter named after its value. Hackers won’t be able to steal this kind of data easily because they will have no idea what value each parameter stores unless they intercept their data connection between their web application and its source code.
11) Make use of Html encoding It’s recommended that they encode all of the data displayed inside the HttP response body by using characters such as “<” and “&”. These entities would be filtered out from being returned to users so they won’t be able to steal any sensitive data from it since this encoding typically hides Html code from showing up in the output.