How to Secure My Website?

Sensitive, Critical & Confidential information at stake!

Various websites provide a variety of services on the Internet. We all want to accomplish our desires in order to get complete satisfaction, and these desires are the origin of online services. Fulfilling your wishes or making online transactions is not wrong in any case.

Major vulnerabilities along with some simple solutions to avoid them:

SQL Injection

Hence almost each & every website creates an SQL statement to access the database on the basis of user input data. This means, if the SQL statement is not secured properly, your website is exposed to this vulnerability & injection of a small SQL statement can attack your database inside-out.

  • Possible threats

  1. Attackers could get access to sensitive data
  2. Hackers can modify the data stored in the database
  3. Hackers can authenticate unauthorized access to login page
  4. Attackers can completely hijack your system
  • Fundamental Solutions

  1. Use placeholders to construct all your SQL statements/queries
  2. Use special API offered by database engine to perform escaping
  3. Set a limit to the information displaying an error message on the web browser
  4. Grant minimum privileges to database accounts

Unchecked path parameter

Some websites allow providing name of files stored on a server through external parameters. If such websites are not properly coded, hackers may specify an arbitrary file & can execute inappropriate functions. This issue is called “Directory traversal vulnerability” & the attacking method which exploits this vulnerability is called “Directory Traversal Attack”.

  • Possible threats

  1. Attackers can disclose sensitive information
  2. Hackers can modify configuration files, data files & source codes
  • Fundamental Solutions

  1. Avoid specifying name of files stored on web server using external parameters directly
  2. Practice to implement fixed directory to handle filenames
  3. Manage file access permission properly & check filenames

Cross-site scripting

Few applications require user inputs to generate an output page. In case this process is not secured, an attacker could embed malicious content into the output page. This issue is called “Cross-site scripting” & one of the attacking methods which use this vulnerability is called “Cross-site scripting attack”. A possibility is that it may not harm the website but could impact the safety of visitors.

  • Possible threats

  1. Hackers can display a false webpage on the original website
  2. Attackers can steal cookies stored by the web browser
  3. Attackers can give instructions to the browser to save arbitrary cookies
  • Fundamental solutions

  1. Quote around variable and hex encoding. Prevent line breaks.
  2. While outputting URLs in HTML, permit only those which starts with some specific parameters (http://, https://)
  3. Nullify script strings in HTML text input
  4. Set the charset parameter of the HTTP Content-Type header

What is SSL Certificate?

SSL Certificate (Secure socket layer) is a standard security technology that provides secure communications between a web server and a browser. SSL certificate uses a combination of public key and private key encryption to protect sensitive information like credit card numbers, login credentials, email addresses, etc. Furthermore, HTTPS, padlock and green address bar ensure users for a safe website browsing and online transactions.

” https.in is Platinum Partner of the world’s leading Certificate Authorities (CA) including Symantec, GeoTrust, Thawte, and RapidSSL. We are the best SSL certificate provider in India

 

Recent Blog Posts

Questions?

If you have any questions, feel free to call us