Web Security deals with the security of data over the internet/network or web while it is being transferred to the internet. Websites are always prone to security threats/risks. Hacking of Website may result in theft of important Customer Data.
Security attacks are mainly aimed at stealing altering or destroying a
piece of personal and confidential information, stealing the hard drive space,
illegally accessing passwords.
Security Consideration:
- Updated Software: It is mandatory to keep your software updated,
It plays an important role in keeping your personal data secure. Hackers
may be aware of vulnerabilities in certain software, which are sometimes caused
by bugs and can be used to damage your computer system and steal personal
data. Older versions of software can become a gateway for hackers to enter
your network. There is a need to always update software which will fix
vulnerable or exposed areas.
- Beware of SQL Injection: SQL
Injection is an attempt to manipulate your data or your database by
inserting a rough code into your query. One should be aware of the SQL
injection attack.
- Cross-Site Scripting (XSS): XSS allows
the attackers to insert client-side script into web pages. It is a term
used to describe a class of attacks that allow an attacker to inject
client-side scripts into other users’ browsers through a website. As the
injected code enters the browser from the site, the code is reliable and
can do things like sending the user’s site authorization cookie to the
attacker.
- Error Messages: Error
messages are generated to give the information to the users while users
access the website and some error messages are generated due to one or
another reason. Provider should be very careful while providing the
information to the users. For example a login attempt fails the error
message should not let the user know which field is incorrect: Username or
Password.
- Data Validation:
Validation of data should be performed on both server-side and
client-side. Data validation should occur when data is received from an
outside party, especially if the data is from untrusted sources.
- Password: Password
provides the first line of defense against unauthorized access to your
device and personal information. Hackers in many cases use sophisticated
software that uses brute force to crack passwords. Passwords must be
complex to protect against brute force. It is good to enforce password
requirements such as a minimum of eight characters long must including
uppercase letters, lowercase letters, special characters, and numerals.
No comments:
Post a Comment