Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / New
Stats: 3,209,522 members, 8,006,337 topics. Date: Monday, 18 November 2024 at 10:12 PM

10 Website Security Issues Every Website Owner Should Be Aware Of - Webmasters - Nairaland

Nairaland Forum / Science/Technology / Webmasters / 10 Website Security Issues Every Website Owner Should Be Aware Of (8211 Views)

Website Security: A General Guide To Protect Your Content Management System / 6 Personal Details Every Website And App You Use Knows About You / Disadvantages Of Dating A Blogger (website Owner). (2) (3) (4)

(1) (2) (Reply) (Go Down)

10 Website Security Issues Every Website Owner Should Be Aware Of by segtak25: 1:01pm On May 14, 2015
Beyond security reported that, Web sites are unfortunately prone to security risks. And so are any networks to which web servers are connected. Setting aside risks created by employee use or misuse of network resources, your web server and the site it hosts present your most serious sources of security risk.
However sitepronews explained that Technology has become more advanced, and with it, hack attacks in the online world are increasing at an alarming rate.
Hackers use known vulnerabilities in third-party software to target your website and web server, and use it for their advantage.

The object of this maybe just to deface your website, steal your confidential client data, or even worse, use your server resources to perform illegal activities.
There are some simple tips you can leverage to strengthen your website software and sleep with peace of mind.

1. XSS or Cross Site Scripting

XSS occurs when a hacker embeds scripting code into a web form or url, and run malicious code to change your web visitor’s experience and steal passwords or other data.
XSS can also be persistent in nature, where an attacker can manipulate a specific web page and show it as a login screen to users. The recent XSS comment hack on WordPress 4.2 is an example of such a permanent loophole.

2. SQL Injection

SQL injection occurs when a hacker uses a web form field or URL parameter to manipulate your database. Almost all web platforms have a database and generally open source CMS platforms maintain dynamic aspects of the website in the database.

3. DoS or Denial of Service Attack

Denial of Service (DoS) or Distributed Denial of Service (DDos) attacks are by far the most notorious kinds of attacks.
That is because, any level of hacker with a small investment can bombard a website, with millions of requests, and make it look like they are from legit users.
This eventually crashes the web server, and takes the site offline, requiring manual intervention to bring it back online.

4. Weak Passwords

We should all use complex passwords, because the weakest link is all it takes to break the chain. It is imperative to use strong passwords for admin areas, but equally important for all users to protect the security of their accounts.
One compromised account can lead to another and that could lead to the admin account being hacked. It is recommended that passwords have a minimum of 8 letters, digits and special characters to avoid quick password guesses.

5. Brute-force Attack

These attacks are trial-n-error methods to guess your username and password. Weak passwords are prone to getting hacked easily.
Methods like temporary blocking of IP’s and accounts, and multi-factor authentication, help mitigate such attacks.

6. Code Injection

Websites with file upload capability, or sites missing proper client and server side form validation, can be vulnerable.
The risk is that any file uploaded, could contain a script which could be leveraged as root-kit ie. administrator access to your website.
Lack of form validation on simple form fields could lead to malicious code being inserted into the database, and could cause undesirable results to your website.

7. Unencrypted Protocol

An unencrypted channel allows man-in-middle attacks to steal information from your users.
The use of a security certificate SSL, whenever passing personal information between the website and web server or database is recommended.

8. Debug Mode on Production Server

Some developers may accidentally enable debug mode on the live production server, which dumps extensive error logs to the browser.
A hacker can then obtain valuable information about the software used by the webserver and target an attack much better. It’s crucial to hide as much internal information about your server as possible to minimize and delay any attacks.

9. Old Software Versions

It may seem obvious, but ensuring you keep all software up to date is vital in keeping your site secure. This applies to both the server operating system and any software you may be running on your website such as a CMS or forum.
When website security holes are found in software, hackers are quick to abuse them.

10. No Backup Plan

No matter how vigilant you are, attackers can find new loopholes to target your website. So in addition to preventative measures, you should also have a backup-restore plan.
Just in case your site is compromised, you should have a team which can quickly restore the last known backup, and avoid reputation and sales loss.

source : http://techcribng.com/10-website-security-issues-every-website-owner-should-be-aware-of/

6 Likes 4 Shares

Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by importexpert(m): 2:55pm On May 14, 2015
Nice job

1 Like

Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by DaPhilosopher(m): 3:01pm On May 14, 2015
Nice1

1 Like

Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by Dmayor7(m): 3:49pm On May 14, 2015
OP there is no doubt that what you said is true.... And it is an excellent article... But have got to talk with a hacker? Have you got the chance to know what made them tick? Have you in anyway thought deep as to how the term HACKER and HACKING come about... I bet it might not be what you think.... I bet you might be surprised by what i have to disclose to you....

Ok, the term HACKER means a self-taught computer geek. Do you chuckle?... Yep, and i add that Bill Gates, Paul Allen, Steve Jobs and some bunch of others are HACkERS.

It is just that in recent times the term is being misused for negative things...

Actually HACKERS come in different colour which are Gray hat Hacker, White hat Hacker, and Black Hat Hacker..... You can read my post on it to understand this more clearly: www.w3programs.com/do-you-know-who-the-real-hackers-are-know-how-it-all-started-now/

I can swear that Hackers are who made the evolution in all that we see today in the web and computer possible!

But like i said before, do you know what made them tick off? What really piss them off?

I bet you will find that it is not what you thinks when you read this confession of a HACKER, where he explains the BIG WHY: www.w3programs.com/a-hacker-explains-why/

He ends it all by saying "I am a HACKER, and this is my MANIFESTO. You can stop this individual but you can't stop us all!

Wow!

1 Like

Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by segtak25: 5:55pm On May 14, 2015
this shld be on the homepage

1 Like

Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by okooloyun1(m): 11:56am On May 15, 2015
Good job
Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by igbsam(m): 11:57am On May 15, 2015
abi
Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by AnneMomoh: 11:59am On May 15, 2015
Nice piece

1 Like

Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by Adesunkanmi(m): 12:00pm On May 15, 2015
Nice
Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by money121(m): 12:01pm On May 15, 2015
Ok
Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by umarc19: 12:01pm On May 15, 2015
Chai...knowledge is power.

Am sure some will just read and go without understanding a single thing outta the piece... grin





Talking from experience

3 Likes

Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by Nobody: 12:04pm On May 15, 2015
importexpert:
Nice job
DaPhilosopher:
Nice1
okooloyun1:
.
igbsam:
abi
AnneMomoh:
Nice piece
Adesunkanmi:
Nice
umarc19:
Noted
money121:
Ok

It's not compulsory to comment on a topic you obviously know nothing about,
Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by winetapper: 12:05pm On May 15, 2015
In other words.. Ways hackers can hack your site
Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by helphelp: 12:08pm On May 15, 2015
Informative
Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by kombats: 12:08pm On May 15, 2015
So which one did nairaland fell into that almost 15% of NL data got lost
Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by umarc19: 12:10pm On May 15, 2015
MzNelly:









It's not compulsory to comment on a topic you obviously know nothing about,


U nko, wat do u know about d topic undecided?
Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by Nobody: 12:12pm On May 15, 2015
umarc19:



U nko, wat do u know about d topic undecided?

At least I didn't go about booking space. undecided
Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by yahoofak(m): 12:17pm On May 15, 2015
Nice post
Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by naijainfogalery: 12:22pm On May 15, 2015
Thanks for the info
Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by ClintonNzedimma(m): 12:27pm On May 15, 2015
Hmmm
Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by yahoofak(m): 12:29pm On May 15, 2015
kombats:
So which one did nairaland fell into that almost 15% of NL data got lost
the server was attacked, not nairaland.
Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by accessventures(m): 12:33pm On May 15, 2015
ACCESS LOAN VENTURES LTD Are Direct Providers of Loan, Project Finance, BG, SBLC and all Letters of Credit. We offer very flexible loan terms and our interest rate is just 3% per year.

ALL OUR BG, SBLC AND LETTERS OF CREDIT ARE ISSUED BY TOP PRIME AAA RATED BANKS LIKE BARCLAY'S BANK LONDON, DEUTSCHE BANK AG GERMANY, HSBC, STANDARD CHARTERED BANK ETC.

Agents and brokers are also welcomed. We pay good commission to agents and brokers so if you want to be our broker or company representative just contact us for more details.

Email: accessloanventures@outlook.com OR info@accessloanventures.com
Website: http://www.accessloanventures.com
Twitter: @accessloankh
Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by Nobody: 12:34pm On May 15, 2015
Nigerians don't have such hacking ability. So let me relax a bit.
Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by DaPhilosopher(m): 12:48pm On May 15, 2015
MzNelly:









It's not compulsory to comment on a topic you obviously know nothing about,
Ode ni e! And what did u write? You mentioned us to write poo! Who is more stwepid among us?

Olodo!

Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by umarc19: 12:58pm On May 15, 2015
MzNelly:


At least I didn't go about booking space. undecided

U take style book space by quoting us nah.. tongue
Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by Vicintonsh(m): 12:59pm On May 15, 2015
Ontarget:
Nigerians don't have such hacking ability. So let me relax a bit.
drop ur site url nd letz see ow true ur comment is cheesy
Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by Dlastofmykind(m): 1:43pm On May 15, 2015
Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by unite4real: 2:02pm On May 15, 2015
nice
Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by Elove1: 2:29pm On May 15, 2015
you forget to add
xpath injection
unsecure of data through http eg password
buffer over flow
disclosure of internal path
to mention but few
Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by yomalex(m): 2:49pm On May 15, 2015
Tips
Re: 10 Website Security Issues Every Website Owner Should Be Aware Of by benjamin007: 3:11pm On May 15, 2015
LOOKING FOR MY PENCIL

(1) (2) (Reply)

Help On How To Activate Deactivated Gmail Account Please. / Web4africa.net Is A Fraud And They Are Already Scamming Me. / Glo Biiiiig 5 Promo: Get X5 Recharge Bonus To Call Any Network And Browse FREE

(Go Up)

Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health
religion celebs tv-movies music-radio literature webmasters programming techmarket

Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10)

Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 60
Disclaimer: Every Nairaland member is solely responsible for anything that he/she posts or uploads on Nairaland.