Website Verification

Learn about how you can make your website secure and safe for your customers

  • Website Verification Poll

  • Mybloglog

    Join My Community at MyBloglog!
  • Check out my website verification online magazine:

  • Add my blog to:

    Add to Technorati Favorites

Posts Tagged ‘website threats’

Avoid Website Vulnerabilities

Posted by websiteverification on November 11, 2010

When you have created your own website, you need to be aware of the risks of website vulnerabilities.  You spend a lot of time producing your website and maintaining it.  You don’t want an attack against your site because most likely, you would have to start all over.  Be sure that your site is not vulnerable to malicious attacks.  Below are listed some of the most prevalent website attacks that you should be aware of.

Cross Site Scripting

Cross site scripting (also known as XSS) has been proven to be the most prevalent threats to websites. XSS happens when one of your web applications gathers malicious data because of an attacker setting it up. Malicious attackers insert client side script into web pages that are viewed by other users.  When the user clicks on a link to your site from another website, instant message, or email message, it attacks your site.  The attacker is then able to gather data from your site, and it can cause major problems. The best way to avoid this is as a user, only open links from web pages that are trusted.  Cross site scripting is one of the most common threats to websites.

SQL Injection

SQL injection attacks are another common website threat. SQL stands for “structured query language”.  An SQL injection attack is when a person places malicious code into the SQL strings of your website.  The producer of the website may accept the code while they are creating their website, not realizing that it is malicious.  It will then cause major problems to the website because the attacker will now have access to website data.  They may change or steal data from your website.

Session Hijacking

Another threat to be sure your website is not vulnerable of is session hijacking.  This is when a valid computer session is exploited.  The attacker is able to take over a web user’s computer session by obtaining the session id and then pretending to be the authorized user.  They can then steal important information from the victim.  Session hijacking may or may not be detectable to the website owner.  But if your website is not responding in the normal or expected way, session hijacking could be a possible cause, so be aware.

So if you are an owner of a website, you need to watch out for these website vulnerabilities.  One of the best ways to get rid of any website vulnerabilities is to have quarterly scans of your website by an approved scanning vendor.

Posted in pci compliance, website verification | Tagged: , , , , , | Leave a Comment »