Website security is important to prevent unauthorized access, use, modification or disruption of websites. Threats can come from software flaws, insecure configurations, or misuse of features. Confidentiality, integrity and availability of information must be ensured. Common attacks include eavesdropping, tampering and impersonation of network traffic. Security controls like access management, operational procedures and technical measures help mitigate vulnerabilities and threats. Regular software updates, layered protections, HTTPS usage, and strong unique passwords are advised.
2. Introduction
Ensuring that your website or open web application is secure is critical. Even simple bugs in
your code can result in private information being leaked, and bad people are out there
trying to find ways to steal data. This introductory article won't make you a website security
guru, but it will help you understand where threats come from, and what you can do to
harden your web application against the most common attacks
3. What is Website
security?
The Internet is a dangerous place! With great
regularity we hear about websites becoming
unavailable due to denial of service attacks, or
displaying modified information on their home pages.
And other high-profile cases millions of passwords,
email addresses and credit card details have been
leaked into the public domain, exposing website users
to both personal embarrassment and financial risk
4. What is Website
security?
The purpose of website security is to prevent any sorts of
attacks. More formally, website security is the act/practice of
protecting websites from unauthorized access, use,
modification, destruction or disruption
5. Information Security Basics
A basic understanding of information security can help you avoid unnecessarily leaving your software and sites insecure and
vulnerable to weaknesses that can be exploited for financial gain or other malicious reasons. These articles can help you learn
what you need to know. With this information, you can be aware of the role and importance of security throughout the web
development cycle and beyond into deployment of your content
Confidentiality, Integrity, and Availability
Vulnerabilities
Threats
Security Controls
6. Confidentiality, Integrity, and Availability
Confidentiality:
It refers to protecting information from being accessed by unauthorized parties. In other words, only the people
who are authorized to do so can gain access to sensitive data.
Integrity:
It refers to ensuring the authenticity of information—that information is not altered, and that the source of the
information is genuine.
you try to connect to a website and a malicious attacker between you and the website redirects your traffic to a
different website. In this case, the site you are directed to is not genuine
Availability:
It means that information is accessible by authorized users.
7. Vulnerabilities
There are many ways in which vulnerabilities can be categorized. But I will use three high-level vulnerability categories:
software flaws, security configuration issues, and software feature misuse.
A software flaw vulnerability:
A software flaw vulnerability is caused by an unintended error in the design or coding of software. An example is an
input validation error, such as user-provided input not being properly evaluated for malicious character strings and
overly long values associated with known attacks
A security configuration:
A security configuration setting is an element of a software’s security that can be altered through the software itself
A security configuration issue vulnerability involves the use of security configuration settings that negatively affect the
security of the software.
A software feature misuse:
A software feature misuse vulnerability is a vulnerability in which the feature also provides an avenue to compromise
the security of a system. These vulnerabilities are caused by the software designer making trust assumptions that
permit the software to provide beneficial features, while also introducing the possibility of someone violating the trust
assumptions to compromise security
8. Threats
A threat is any circumstance or event with the potential to adversely impact data or systems via unauthorized access,
disclosure, or modification of information, and denial of service. Threats may involve intentional actors or unintentional actors.
Threats can be local, such as a disgruntled employee, or remote, such as an attacker in another geographical area.
A threat source is the cause of a threat, such as a hostile cyber or physical attack, a human error of omission or commission, a
failure of organization-controlled hardware or software, or other failure beyond the control of the organization. A threat event is
an event or situation initiated or caused by a threat source that has the potential for causing adverse impact.
Network traffic typically passes through intermediate computers, such as routers, or is carried over unsecured networks, such as
wireless hotspots. Because of this, it can be intercepted by a third party. Threats against network traffic include the following:
9. Threats against network traffic
Eavesdropping:
• Information remains intact, but its
is compromised. For example, someone
could learn your credit card number,
record a sensitive conversation, or
intercept classified information.
1
Tampering:
• Information in transit is changed or
replaced and then sent on to the
recipient. For example, someone could
alter an order for goods or change a
person's resume
2
Impersonation:
• Information passes to a person who
poses as the intended recipient.
3
10. Security Control
Sensitive data should be protected based on the potential impact of a loss of confidentiality, integrity, or
availability. Protection measures tend to fall into two categories.
First, security weaknesses in the system need to be resolved
Second, the system should offer only the required functionality to each authorized user, so that no one
can use functions that are not necessary
There are three types of security controls
Management controls: The security controls that focus on the management of risk and the management
of information system security
Operational controls: The security controls that are primarily implemented and executed by people
Technical controls: The security controls that are primarily implemented and executed by the system
through the system's hardware, software, or firmware
11. Few Tips to Consider
Keep all software updated
Build layer of security around your site
Switch to HTTPS
Use strong passwords, change regularly
Make Admin directories tough to spot
Conclusion:
12. Few Tips to Consider
Most of us go through life with the philosophy ‘It won’t happen to me’. However, that
philosophy has been proven not t be true in the world of online security. A successful
attack on your site not only leads to compromising of users’ data and your own
information, it can also lead to a blacklisting of your site by Google and other search
providers as your infected site risks spreading malicious content throughout the web