To Improve Your Website Security
One big question that haunts most website owners is this. Just how safe or how secure is your website right now? If your website is not secure and you got attacked by some sort of unwanted or unforeseen security problems that could potentially hamper your online business or website activity for a long time. If the problem is serious, then it might even completely shut down your site, and you might even have to decide to close down your business permanently.
Mind you that these attacks happen just about every day, and it could happen to your site specifically or it could happen to your host and affect every site that is hosted on the said host. Just because it has not happened to you or anyone whom you know of doesn’t mean it won’t happen to you.
Imagine having no backups to your site data and all your data is lost. If you are not able to retrieve them and if your host could not help you as well, then there are really nothing you can do but to start everything all over from scratch. Hence the best thing to do before anything happens is learn how to reduce your risks and also learn how to improve your website security site from the common security attacks. Improve your site security using the methods mentioned below should serve to help prevent some of the attacks that happen every-day online.
Note: This article serves to help you understand more of the types of attacks that might occur on your website. If you are not familiar with some of the technical terms, it is advisable for you to do more research on Google for a better understanding and make sure you ask your webmasters or programmers to look into the matter of making your site more secure for best results.
Cross site scripting prevention.
If you do not know what is Cross site scripting (XSS for short), then take a look at this quick quote that you can find on Wikipedia.
“Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications, such as web browsers through breaches of browser security, that enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007. Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site’s owner.”
You can attempt to reduce the threat using these 3 ways below.
1) Contextual output encoding/escaping of string input.
This is the primary method that is used to stop XSS. However, it is said that such method alone might not be always sufficient to stop XSS from happening to your website.
2) Always Validate untrusted HTML input.
Always limit the use of HTML inputs that is allowed for your site users to place on your site. It is always better to be safe than sorry.
3) Cookie Security
Use web applications that tie the use IP with their cookies so that only the user with that IP can use the cookie. This is to prevent the cookie from getting stolen and used by an unknown party.
SQL injection attacks.
Again here’s the Wikipedia’s definition on SQL injection attacks.
“SQL injection is a technique often used to attack a website. This is done by including portions of SQL statements in a web form entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g., dump the database contents to the attacker). SQL injection is a code injection technique that exploits security vulnerability in a website’s software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL commands are thus injected from the web form into the database of an application (like queries) to change the database content or dump the database information like credit card or passwords to the attacker. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.”
The SQL injection takes advantage of your website when you fail to improve your website security form post processing that has an anti-injection function.
If you are using the PHP coding, then you can use the ‘mysql_real_escape_string’ to improve your website security codes. You can also use the strip tag function for this purpose. Remember if you are not using PHP and plan to use other programming languages for your website. Then make sure that you learn how to improve your website security website from SQL injection attacks for that particular language.
It is important that you understand both the security problems above because they are very common, and it could happen to any site that has not taken any precautions to prevent it. If you are not adept with the programming and technical terms, you should place this responsibility into the hands of your programmer or webmaster so that they can make sure that your site is fully protected. Prevention is always better than cure.
To Improve Your Website Security
Online security basics for small business websites – Computerworld New Zealand, on Tue, 04 Dec 2012 – Everyone on the web is a target for scams, malware, piracy and a host of other online security dangers. Small business owners are no exception. These tips will help you protect your website, your assets and your information. By Nathan Segal
Dell SonicWALL’s Popular Interactive ‘Road Test’ Portal Gets a Revamp, Is Now … – EON: Enhanced Online News (press release), on Tue, 04 Dec 2012 – BUSINESS WIRE)–Dell SonicWALL, one of the leading providers of intelligent network security and data protection solutions, today announced it relaunched its Live Demo site, available at http://livedemo.sonicwall.com. The popular site lets VARs, MSPs …
CloudFlare and Parallels to Bring Website Performance and Security to Millions … – Virtual-Strategy Magazine (press release), on Tue, 04 Dec 2012 – SAN FRANCISCO, CA — (Marketwire) — 12/04/12 — CloudFlare, the web performance and security company, and Parallels, a worldwide leader in hosting and cloud service enablement, announced that service providers using Parallels software can now …