These days it seems there are as many bad guys as good ones out there on the web. And if you’re building and running your own websites, you need to be one step ahead of the hackers. We’ve identified the Top 10 threats to websites – feel free to contact us for more information and what to do about them. Forewarned is forearmed!
Injection happens when hostile data is sent to an interpreter as part of a query or command. This data tricks the interpreter, resulting in unintended commands and corrupt data. It’s a common problem in web applications, particularly with SQL injection.
2) Cross-Site Scripting
When an application sends user-supplied data to a web browser without first validating or encoding it, Cross-Site Scripting (XSS) can occur. This lets hackers execute scripts in the victim’s browser that hijack user sessions or vandalize websites.
3) Insecure Direct Object References
Web applications don’t always verify that the user is authorized for the target object. Without an access control check or similar protection, supposedly secure data can be accessed and stolen by attackers.
4) Cross-Site Request Forgery
CSRF tricks a victim into submitting fake HTTP requests via Cross-Site Scripting or image tags. It’s an issue for web applications that inadvertently allow hackers to predict the details of a transaction – automatically-generated session cookies for example. Attackers create hostile web pages which generate forged requests indistinguishable from real ones.
5) Insecure Cryptographic Storage
Hard to believe but many web applications still do not properly protect sensitive data such as credit card numbers and personal details. Attackers can easily access poorly encrypted data and use it to commit credit card fraud, identity theft and other data-related crimes.
6) Failure to Restrict URL Access
An application may protect sensitive functionality only by not displaying relevant URLs to unauthorized users. By accessing those ULRs directly, attackers can exploit this weakness to perform unauthorized operations.
7) Invalidated Re-Directs & Forwards
Web applications may re-direct and forward visitors to other pages and websites without proper validation. Attackers can then re-direct victims to phishing or malware sites or use forwards to access unauthorized pages.
8) Broken Authentication & Session Management
Account credentials and session tokens are sometimes not properly protected. Attackers simply use stolen passwords, keys and authentications tokens to steal other users’ identities and commit crimes.
9) Security Misconfiguration
Attackers exploit security configuration weaknesses at any level whether it’s the platform, web server, application server, framework or custom code. These flaws give attackers unauthorized access to default accounts, unused pages, un-patched flaws, unprotected files and system data.
10) Insufficient Transport Layer Protection
When applications fail to authenticate, encrypt and protect sensitive network traffic, they may support weak algorithms, use expired or invalid certificates, or execute commands incorrectly.
So how can you detect or decrease the changes of your website getting attached?
There are many tools out there that one can use to make sure they stay on top of any possible threats to their website.
- Sitelock helps protect more than just your website; it can protect your business too. Your online reputation and the security of your website are critical elements to your business.
- Cloudflare uses the collective intelligence shared by a diverse web community to provide you with top-notch protection against all these threats and more.