They are tools used in safeguarding every intended website.
Due to the development of threats that comes up every now and then, it is advisable that every developer or owner of a website to use the appropriate tools or processes to guard their website so that it will not be stolen or fraudulent activity to happen.
Before talking about the tools or processes in safeguarding a Website, I want to talk about thethreats, every website may face, if someone intend to break in.
Threats on websites
1. Injections: This is writing codes not written by the author into the input forms. This affect the database.
What is SQL injection?
First, the meaning or the acronym of SQL stands for Structured Query Language. It is a standard language used in obtaining or collecting data, and controlling the database. It builds the database with RDBMS (Relational Database Management System) like MS Access, MySQL, etc., Works with PHP (server-side), and HTML, and CSS (to style).
So, SQL injection is writing codes into the input to override the database of a website. Let say, ina database, there is:
SELECT * FROM users WHERE username =
‘Ade’ AND password =
‘Michael4Me’
In the website, Ade is a user and the password is Michael4Me. SELECT is a syntax used in extracting data from the database.
Now, someone wants to hack into Ade’s account. He uses the code ‘ OR 1=1;– into the
username and leaves the password blank, this sends info into the database. Logically, 1=1 is
true, so it passes through every authentication and break through. It does not always work, but it does work.
Another code of injection is ‘; DROP TABLE user;–
This code is used in detecting a data. The data will be
SELECT * FROM users WHERE username =
‘ ‘; DROP TABLE users;–
‘ AND password =
‘ ‘;
The SQL injection is definitely the most common hacking technique used by hackers.Using SQL injection might actually destroy a complete database.
What is command injection? This is where the hacker expands the utility of the application. And it is related to OS.
2. Phishing: This is an act of sending messages like mails to others, with the intention to steal information like credit card numbers, etc. It usually appears to be legit in the receiver’s inbox. The victim’s mail address or phone number is used, and the victim gets a message maybe from a bank (fake) displaying expired special offer, and may ask the receiver to sign into their bank account. This is a level of scamming. Others are
3. DDoS (distributed denial-of-Service): It involve flooding server with internet traffic.
4. Viruses: programs to destroy a network.
5. Worms: program to weaken a computer.
6. Spyware: A malware that gather data from users without the notice of the owner.
Protective Security Measures
These are the Measures used to enjoy a safe life from hackers/attackers.
1. Monitoring: You have to always to monitor your website to check for any abnormality.
2. SSL and HTTPS: HTTPS stands for hypertext transfer protocol secure while SSL secure
sockets layers. SSL secure financial information while HTTPS secure communicating between a
web browser and a website.
3. Firewall: This protects website from injection, etc.
4. Strong Authentication
5. Use OWASP measurement
As a web developer/designer, you must venture into cybersecurity.
Build, Test and apply security measures to your website.
Conclusion
Kindly Like and Comment, You can check for other related articles like OWASP Top 10 Vulnerabilities explained and others