Preventing a Hack on sites

This site helps you in details how you can prevent hackers on your tail. The summary of it is given below.

A web application – how it is structured

[1] Given here is a reference to a web application that allows you to handle the hacking activity.

A web application (aka website) is an application based on the client-server model. The server provides the database access and the business logic. It is hosted on a web server. The client application runs on the client web browser. Web applications are usually written in languages such as Java, C#, and VB.Net, PHP, ColdFusion Markup Language, etc. The database engines used in web applications include MySQL, MS SQL Server, PostgreSQL, SQLite, etc.

Most web applications are hosted on public servers accessible via the Internet. This makes them vulnerable to attacks due to easy accessibility.

Common web application threats

SQL Injection – the goal of this threat could be to bypass login algorithms, sabotage the data, etc. This can be protected by sanitizing and validating user parameters before submitting them to the database. Database engines such as MS SQL Server, MySQL, etc. support parameters, and prepared statements. They are much safer than traditional SQL statements

Denial of Service (DoS) Attacks – the goal of this threat could be to deny legitimate users access to the resource. Firewalls can be used to drop traffic from suspicious IP address if the attack is a simple DoS. Proper configuration of networks and Intrusion Detection System can also help reduce the chances of a DoS attack.

Cross Site Scripting XSS – the goal of this threat could be to inject code that can be executed on the client-side browser. Validating and sanitizing headers, parameters passed via the URL, form parameters and hidden values can help reduce XSS attacks.

Cookie/Session Poisoning – the goal of this threat is to modify cookies/session data by an attacker to gain unauthorized access. It can be prevented by encrypting the contents of the cookies, timing out the cookies after some time, associating the cookies with the client IP address that was used to create them.

Form Tampering – the goal of this threat is to modify form data such as prices in e-commerce applications so that the attacker can get items at reduced prices. This can be prevented by validating and verifying the user input before processing it.

Code Injection – the goal of this threat is to inject code such as PHP, Python, etc. that can be executed on the server. The code can install backdoors, reveal sensitive information, etc. This can be prevented by treating all parameters as data rather than executable code. Sanitization and Validation can be used to implement this.

Defacement – the goal of this threat is to modify the page been displayed on a website and redirecting all page requests to a single page that contains the attacker’s message. A good web application development security policy should ensure that it seals the commonly used vulnerabilities to access the web server. This can be done by a proper configuration of the operating system, web server software, and best security practices when developing web applications.

Good luck and save yourselves ….


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s