Loading...

Website Security – How to Secure Your Site

Website Security – How to Secure Your Site

In 2014, an extensive data breach occurred, the biggest known in history. Hold Security were able to ascertain that it was a Russian cyber gang involved in the theft of 500 million email addresses and 1.2 billion username and password combinations.  

Most Content Management Systems (CMSes) have built in security attributes. It is still important, when setting up a website, to be aware of the various security downfalls. You can take steps yourself to secure your site. It is important that we all do our part in counteracting this contemporary security breach.

Who Is the Target?

While your data is on the World Wide Web, you are at risk of being targeted. It could be either a direct or indirect hit. Indirectly it could occur through goods or service providers, employers or friends and family.

The Russian cyber gang did not limit their activities to large companies. Every site visited by their victims was also targeted. The scam involved all worldwide industries as well as a large number of small and personal websites.

Some of the Precautions You Need to Take to Secure Your Site.

Software

It is essential that software is kept up to date. This concerns the server operating system and software such as a forum. You should not hesitate to use security patches to deter would-be hackers.

SQL Injection

A hacker will attempt to place a foreign code into your query. This will alter tables, get information and wipe out data. It is essential to always use parameterized queries which are a feature of most web languages.

Cross Site Scripting

Cross-site scripting occurs when a hacker uses JavaScript or other codes to run malevolent code for visitors. It is important to continually check the submitted data and encrypt or eliminate any HTML.

Error Messaging.

You should be mindful when applying error messages. You should limit the message to generic terms such as ‘incorrect password or username’.  It is important that the error message does not give away the fact that one of the fields are correct.

Server Side Validation/ Form Validation

It is essential to validate the browser and server side.  The browser is able to pick up simple failures like compulsory fields that are empty and text in a numbers only field.  Failure to do this allows the hacker to insert malicious code or cause unwanted results on the site.

Passwords

It is important to use strong passwords to your server and admin area.  It is also important to encourage visitors to use safe password practices to protect their accounts.  Passwords should be stored with scrambled values and salting to increase security.

When you believe you have done everything you can it is time to test the site for security using a free tool.  Netsparker, one of the free tools, promises to provide:

  • Advanced Scanning.
  • Proof Based Scanning.
  • Flexibility
  • Reporting
  • Ease of Use.

The hacker must acknowledge ultimate responsibility for web page breaches.  However, all of us, are accomplices, when we refuse to do nothing.  When setting up a website, it is essential to be aware of the risks and the procedures to secure your site.  Using free security software from well-known companies is also recommended.  What happened in 2014 may soon be a thing of the past.

Jason About the Author / Jason

It is a long established fact that a reader will be distracted by the readable content of a page when looking at its layout. The point of using Lorem Ipsum is that it has a more-or-less normal distribution.

Related Blogs

Leave Comment

Hey, so you decided to leave a comment! That’s great. Just fill in the required fields and hit submit. Note that your comment will need to be reviewed before it’s published.

Captcha

1330 Avenue of the Americas, Floor 23.
Suite 23A, New York, 10019

Revenue Insider Weekly