Website security vulnerabilities you should look out for.

 Website security vulnerabilities you should look out for.


1. SQL Injection


This is where an attacker exploits weakly written SQL queries to gain access to a database and exploit it.


The attacker might insert malicious code, read sensitive data, and can even delete the entire database.


2. Broken Authentication


This could happen because of many reasons — from minor bugs to a huge gap hole in the program.


If you have broken authentication, a user could potentially get access to restricted resources.


3. Cross-Site Scripting


Also known as XSS, this attack is where the hacker manages to install malicious JavaScript code into your website.


The attacker might get access to cookies, session IDs, and local storage data. They can also execute any JavaScript code.


4. Cross-Site Request Forgery


Also known as CSRF, this is an attack where a malicious website or program causes the browser to perform an unwanted action on a site the user is currently authenticated.


This is notoriously dangerous since the attacker has unlimited access.


5. Insecure Cryptographic Storage


This is where sensitive data, such as passwords, are not securely encrypted and stored. This is a common developer mistake.


Always salt sensitive data before hashing them, and never save the plain text in your database.


6. Unvalidated Redirects and Forwards


This is when a website has no proper validation while redirecting users to other pages. An attacker can use this to send users to other malicious sites.


They can also use unvalidated forwards to access unauthorized pages within your app.


7. Insecure Direct Object References


This is when there is no proper authentication while downloading files. An attacker can use this to download your backups, emails, app code, and more.


They can also exploit this to crash your server by sending multiple bot requests.


8. Using Vulnerable Code


This one is on the developer. Directly copying and pasting the code you got on the internet is a bad practice as it can be malicious.


Always read every line of the code that you copy and paste and make that it does only what you want it to do.


9. Cross-Origin Resource Sharing


CORS allows restricted resources on a web page to be requested from another domain outside the domain.


A badly implemented CORS policy can lead to major security breaches like API leaks, loss of personal data and files, and more.


10. Not having an SSL


If you don't have an SSL certificate on your website, then the communication between your server and the browser is not encrypted.


This means all the confidential information might be accessed by hackers. Not to mention that Google downranks such websites.

Comments

Post a Comment

Must Read

Indian Government Confirms Crypto Bill Is 'Awaiting Approval'

The Indian government has confirmed in a Right to Information (RTI) reply that the inter-ministerial committee’s cryptocurrency bill is “awaiting approval of the government.” The bill is currently being examined by various ministries. Indian Government’s Confirmation The government of India has been sitting on a cryptocurrency draft bill since it was  submitted  to the finance ministry early last year. Entitled “Banning of Cryptocurrency and Regulation of Official Digital Currency Bill, 2019,” the document was drafted by an inter-ministerial committee headed by former Finance and Department of Economic Affairs (DEA) Secretary  Subhash Chandra Garg . While no formal announcement regarding the progress of the bill has been made, some media reports suggest that  consultation  has begun on this bill. To establish the veracity of this news, lawyer Mohammed Danish, co-founder of Crypto Kanoon, filed an RTI application with the Department of Economic Affairs. In its sh...
Read more

ICO (Initial Coin Offering)

  ICO (Initial Coin Offering) term recently became very popular in startups. The era of traditional financial transactions is in the decline stage, but ICO is getting increasingly popular amongst investors. So, basically ICO is a method to raise funds for launching a new cryptocurrency in the market. It’s pretty similar to Bitcoin, Ethereum, Ripple, Litecoin, etc. By this process, ICO can attract many investors to invest in the initial stage of the project and can get the ROI after the launch. For participation in an ICO event, there are very few formalities with very few documentation involved. Also known as Token Generation Event (TGE), the ICO process also includes blockchain business which helps to generate a token for various customers. As I said, this is a prime era for ICO. Companies can raise funds within few hours of the announcement of ICO registration date and time. Some Facts: In 2017, ICO raised 5.6 billion dollars. In 2018, it increased to 6.3 billion dollars, only in...
Read more

Top 10 Crypto Exchanges to Trade Your Cryptocurrencies in 2020

According to data from coinmarketcap.com, there are over 4,900 cryptocurrencies in existence today. They operate in over 20,000 markets, with over 300 registered cryptocurrency exchanges. With so many platforms available where you can buy and sell digital coins, it's easy to get stuck when choosing the best exchange to begin your cryptocurrency journey. In this piece, I have tried to compile a list of the top 10 exchanges in 2020 based on actual trading volumes, accessibility in different geographical locations, liquidity, market quality, and team/management behind the platform. Without much ado, let’s get started. 1. Binance Launched in July 2017,  Binance  is a crypto exchange based in Malta. The platform has led the rest due to an excellent team behind the exchange, robust security, and support for many cryptocurrencies, stable coins, and tokens. The exchange is one of the few that never inflate its trading volume and is very open when it comes to its ...
Read more