Posts Tagged Website Security

The Different Types Of Web-Based Attacks

20 December, 2016

With majority of the business operations being conducted online, web based attacks are continually on the rise. Cyber criminals devise innovative and more sophisticated techniques to exploit unpatched vulnerabilities in the web applications. The motive behind these attacks may be different, to steal a company’s sensitive information, display spam advertizements on the website or download malware to the user’s computer.

Discussed below are the different types of web based attacks:

Structured Query Language (SQL) Injection

SQL injection is a common technique that involves injecting a malicious code to alter the sensitive information in the website’s back-end database. It may also be performed to steal payment card details, username and password as well as insert spam links to the website. SQL attacks are quite easy to execute and can severely compromise the data security of a company.

Cross-Site Scripting (XSS)

Cross-site scripting (XSS) can be defined as a client-side code injection attack in which the hacker injects a malicious script, predominantly JavaScript, in a legitimate website. As these scripts appear to be from a trusted source, they are often executed by the end users. This, in turn, allows the hacker to gain access to the cookies, session tokens, passwords and other sensitive information.

Drive-By Downloads

In this type of attack, the hackers tamper a web application with an HTML code that stealthily downloads a malware whenever a user visits the website. Once downloaded, the program may execute itself to record keystrokes, access important files, hijack online banking sessions or use the computer as a part of botnet.

Brute Force

Brute force attacks are mainly targeted attempts to decode a user’s login credentials. In this, the hackers use a trial and error method using different user names as well as passwords till they are able to identify the correct one. Creating strong passwords and limiting the number of invalid login attempts may help to prevent a brute force attack.

DoS And DDoS

Denial of service (DoS) and distributed denial of service (DDoS) attacks are carried out by flooding a website with traffic from multiple sources, making it unavailable for the genuine users. In a DoS attack, a single computer system may attempt to crash the target server with data packets. A DDoS attack is when multiple computers, widely distributed in a botnet, send simultaneous requests to slow down and ultimately halt the web server.

We, at Centex Technologies, can help to protect your corporate network from different web-based attacks. For more information, you can call us at (855) 375 – 9654.

,

No Comments

Common Website Security Issues

September 29, 2016

Website security is one of the major issues faced by businesses of all sizes. Even a minor mistake in website coding may increase the risk of unauthorized access by the hackers. Without proper security measures in place, there are higher chances that the database may be manipulated or the hacker may infiltrate the restricted parts of the website.

Listed below are some common website security issues that business owners need to watch out:

SQL Injection

Structured Query Language (SQL) injection is one of the most prevalent attack vectors used by the cybercriminals. In this, a malicious code is injected to delete important data, steal payment card details, insert spam links into your website or alter sensitive information stored in the back-end database.

Cross-Site Scripting (XSS)

It can be defined as a technique in which the hackers inject a malicious client-side script, usually JavaScript, directly into the website. Once the user visits the infected URL, the code gets executed and allows the hacker with access to the browser’s session tokens as well as cookies or redirect the user to other malicious websites.

Cookie Tampering

Cookies are a vital part of website development that allow users to log in to a website, view personalized ads and promotional offers as well as manage items in a shopping cart. Cookies can also be tampered or hijacked by the cybercriminals to create fake user accounts and capture information of the logged in users. This can ultimately evoke serious consequences for your website, particularly if you do not have any set criterion to validate cookies.

Cross-Site Request Forgery (CSRF)

In a cross-site request forgery, the user is tricked to perform a malicious action when he is logged in to the website. The attack mainly involves two stages – attracting the logged-in users to another malicious website and using their online identity to post spam comments or collect confidential data. Social media websites, online banking portals and web-based email clients are the most common targets for a cross-site request forgery.

Email Form Header Injection

This form of vulnerability is not much common and often overlooked by web developers. It occurs when the hacker injects a malicious code into the website’s contact form to send out bulk emails. This can eventually cause your website, email address and web server to be blacklisted for sending spam emails.

Contact Centex Technologies for complete website security solutions for your business firm in Central Texas.  We can be reached at (855) 375 – 9654.

,

No Comments