Sep, 2014 : 4 Ways to Make your Website a Target for Intrusion
📅 - Web hosting security can be complex and time consuming. There are so many creative ways for people with nefarious intent to do harm to your website, and you might spend a good amount of time trying to make sure they do not succeed. There are also many things you can do that would leave the door wide open for them to come right in, and these four mistakes are near the top of the list of security blunders you should avoid.
1. The unpatched web app - Web applications permeate the web, and your website will likely be no exception. Most web apps use server-side scripting languages, which need to be guarded against exploits and vulnerabilities. If you have developed your own, you need to rigorously test it for vulnerabilities and patch any holes. If someone else develops it, make sure you keep it updated.
2. Unencrypted information collection – If you do not collect user data, this is not a concern, but if you collect anything, even if it is just an email address and a password, you should have SSL encryption in place to prevent prying eyes from viewing user data. If possible, you should also encrypt that information on disk.
3. Bad permissions – Server permissions are easy to set, but this means it's also easy to get them wrong. If your files are not permissive enough, many web apps will not run at all. If they are too permissive, you open the door for hackers. The best practice is to only make the files as permissive as they need to be. If a script needs full permissions for a data file, for whatever reason, move it out of your web-viewable directories at the very least. No good web application should require full permissions in your web directory.
4. Weak passwords – While this is probably the easiest security issue to fix, it is probably the most common one left unfixed. A bad password is practically like rolling out the red carpet for cyber criminals. The question becomes not if they will attack your site but when. Make strong passwords. If need be, use a password generator and test your passwords to make sure they are as strong as possible.
1. The unpatched web app - Web applications permeate the web, and your website will likely be no exception. Most web apps use server-side scripting languages, which need to be guarded against exploits and vulnerabilities. If you have developed your own, you need to rigorously test it for vulnerabilities and patch any holes. If someone else develops it, make sure you keep it updated.
2. Unencrypted information collection – If you do not collect user data, this is not a concern, but if you collect anything, even if it is just an email address and a password, you should have SSL encryption in place to prevent prying eyes from viewing user data. If possible, you should also encrypt that information on disk.
3. Bad permissions – Server permissions are easy to set, but this means it's also easy to get them wrong. If your files are not permissive enough, many web apps will not run at all. If they are too permissive, you open the door for hackers. The best practice is to only make the files as permissive as they need to be. If a script needs full permissions for a data file, for whatever reason, move it out of your web-viewable directories at the very least. No good web application should require full permissions in your web directory.
4. Weak passwords – While this is probably the easiest security issue to fix, it is probably the most common one left unfixed. A bad password is practically like rolling out the red carpet for cyber criminals. The question becomes not if they will attack your site but when. Make strong passwords. If need be, use a password generator and test your passwords to make sure they are as strong as possible.
Reads: 1762 | Category: General | Source: TheHN : The Hosting News
Want to add a website news or press release ? Just do it, it's free! Use add web hosting news!
📅 -