Top 10 Online Threats

The strategies hackers use to break into your site can be complicated but the results are usually pretty simple – lost revenue. Here are the 10 most common threats identified by the Open Web Application Security Project:

1. Injection.

It’s not uncommon for web applications to have injection flaws, especially SQL injection flaws. A hacker who finds one will send malicious data as part of a command or query. The attacker’s message tricks the app into changing data or executing a command it was not designed to obey.

2. Cross-site Scripting.

Cross-site Scripting flaws occur whenever an application sends user-supplied data to a web browser without validating it first. Hackers use these flaws to hijack users away from the site or deface it, thereby costing the site owner in lost business.

3. Insecure Direct Object References.

Applications that lack checks to verify a user is authorized to view particular content can be manipulated to access private data.

4. Broken Authentication.

When account credentials and session tokens aren’t properly protected, hackers can assume users’ identities online.

5. Cross-site Request Forgery (CSRF).

A CSRF attack tricks unknowing site visitors into submitting forged HTTP requests via image tags, XSS, or other techniques. If the user is logged in, the attack succeeds.

6. Security Misconfiguration.

Security misconfiguration flaws give hackers unauthorized access to system data via default accounts, unused pages, unpatched flaws, unprotected files and directories.

7. Insecure Cryptographic Storage.

Many web applications don’t do enough to protect sensitive data such as credit card numbers, Social Security numbers and login credentials . Thieves may use this data for identity theft, credit card fraud or other crimes.

8. Failure to Restrict URL Access.

Often an app will protect sensitive interactions by not showing links or URLs to unauthorized users. Attackers use this weakness to access those URLs directly in order to carry out unauthorized actions.

9. Insufficient Transport Layer Protection.

Applications often fail to authenticate, encrypt and protect the confidentiality of network traffic. Some use weak algorithms, expired or invalid certificates or use them incorrectly. This allows hackers to “eavesdrop” on online exchanges. An SSL Certificate typically neutralizes this threat.

10. Invalidated Redirects & Forwards.

Web applications often redirect or forward legitimate users to other pages and websites, using insecure data to determine the destination. Attackers use this weakness to redirect victims to phishing or malware sites, or use forwards to open private pages.

More about Top 10 Online Threats

Premium DNS free with Premium SSL Certs

SSL certificates encrypt customer communications and transactions to keep hackers from stealing sensitive information. But what if a hacker redirects visitors to a fake website? With DNSSEC security – included in Premium DNS – customers can secure up to 5 domains, so hackers can’t redirect visitors to fake, malicious sites.

Visit our Premium DNS and Premium SSL Certs for more information

Website Protection Site Scanner

What Is Website Protection Site Scanner?

Website Protection Site Scanner is a website scanning service that identifies security vulnerabilities on any page or file in your website. It can diagnose threats such as phishing exploits, SQL injection flaws and cross-site scripting (XSS). Vulnerabilities are ranked by severity, and each issue includes suggestions for how to resolve it.

A website must pass a scan to receive and display a date-stamped Site Scanner seal. The seal assures visitors that the website they are browsing or shopping on is vigorously scanned on a daily basis and has no known vulnerabilities.

To maintain the site seal, issues that cause a failed scan must be corrected within 72 hours. The seal is revoked if the website fails a re-scan.

What is a Web application vulnerability?

A Web application vulnerability is a security weakness in a website or its environment. Vulnerabilities usually occur when there is a site development or implementation flaw.

Depending on the type of flaw, malicious users might exploit vulnerabilities, which could change the website, collect visitor’s personal information, steal visitor’s browser data, or perform other harmful actions to the site or visitors.

Vulnerabilities can be difficult for Web developers to locate because, in many cases, they do not affect the intended use of the application. Plus, there are hundreds of “known” vulnerabilities and new ones are discovered daily.

For example: If a log-in page submits credentials in “clear text,” the log-in information is sent to the server unencrypted. Visitors can log in and might not notice any issue.

Attackers who discover the “clear text” vulnerability might try to intercept another visitor’s log-in information and exploit it.

You can resolve this issue by adding an SSL certificate to the website, which encrypts transactions between visitors and the site.

To avoid vulnerabilities, regularly evaluate your site and its environment for flaws. Also, use a daily vulnerability scanner, such as Website Protection Site Scanner, to detect issues.

Why Website Protection Site Scanner?

Website Protection identifies security issues on your website that could allow a hacker to steal information, deface your site, or infect your customers. Site Scanner’s daily vulnerability scan looks for threats and categorizes them by severity with an easy-to-read scorecard and gives you recommendations on how to fix them.

Site Scanner looks for weaknesses on your website that a hacker can exploit. It scans forms, login and password fields, internal and external links – places where a hacker could get in to deface your website, steal information or infect your customers with malware. Site Scanner scans for more than 3,000 vulnerabilities every day, including spyware, back doors, SQL injection opportunities and cross-site scripting (XSS) holes.

Visit our Website Protection – Site Scanner for more information