Common Security Issuesin the World Wide Web,

and how to mitigate them in Web Development

HACKERS

Bad ones want to make money out of what they know through copying other people’s private information.

Hackers can pose a serious threat to your security.

HACKERS

They are people who attempt to breach online security measures for a number of reasons:

Good hackers would just want to emphasize shortfalls to corporations and other website owners so that they can tighten their security up.

VIRUSES

Programs which are designed in order to gain entry onto unsuspecting users’ computers.

attempt to duplicate themselves before spreading via email, networks and/or removable storage devices.

VIRUSES

Corrupt or destroy data; otherwise damage the operation of the machine on which they reside.

Can be acquired through email, peer-to-peer downloading, internet messaging services and downloading infected files found on the internet.

SPYWARE

To collect personal information and browsing habits in order to deliver targeted advertising to you as you browse the web,

Spyware is software and, like a virus, is often deceptively added to the user’s machine.

 WORMSIt is a self-replicating program which will attempt to spread itself (network, via routers, internet, email) which could cause disruption to computer.

Unlike a virus, a worm does not need to attach itself to another program in order to spread.

SQL INJECTION

• Hackers could get access to your database by injecting SQL commands through the input fields in your website.

• To protect your website from SQL injection, setting up SQL parameters is a great help with this issue.

PHISHING

Phishing is a type of scam where the scammers disguise as a trustworthy source in attempt to obtain private information such as passwords, and credit card information, etc. through the internet.

PHISHING

In some respects, phishing is a confidence trick, designed by would-be thieves in order to part unsuspecting computer users from their most precious personal and/or financial information.

SPAMMING

Spam is any form of unsolicited message like email, private forum message or even Tweet.

Spammers can send many thousands of spam messages out every hour of the day with no cost.

Therefore, even an incredibly tiny response rate can lead to huge profits for the spammers.

SPAMMING

Spam messages don’t usually pose any threat to your security but can be incredibly annoying and distracting.

However, spammers could hide other unwelcome items (viruses, worms, spyware and other malware) within their spam messages.

IDENTITY THEFTThis crime can seriously damage a victim’s finances for many years.

Identity thieves acquire information about someone through a variety of means of which the favourite is phishing.

IDENTITY THEFT

If they can get personal data, such as names, dates of birth, social security numbers, etc, then they can quite literally steal the identity of the owner of that information.

IDENTITY THEFT

These thieves fake their identity and use the victim’s identity in committing crimes, such as credit card fraud, bank fraud and other financial misdemeanour

These will then be blamed upon the victim who will then have a very hard time and difficulty with clearing their names and recovering their money.

CROSS-SITE SCRIPTING (XSS)

• This is the injecting of scripting codes that may have malicious codes that could allow the attacker to gain access to your CMS codes, especially with e-commerce websites, whereas information stored in the database are vulnerable to such attacks (Added Bytes https://www.addedbytes.com ).

CROSS-SITE SCRIPTING (XSS)

• To solve this issue, as a web developer, you should turn off your trace and track support on the server and better yet, remove unwanted characters.

CROSS-SITE REQUEST FORGERY (CSRF)

• It is one form of website attack where the attacker is an authenticated user of the website. The attack, however, is not known to the user (Added Bytes https://www.addedbytes.com ).

ERROR MESSAGES • The error messages that you

should display and provide the users in your website should be generic and not specific.

• In displaying error messages with user Id and password inputs, the error message should indicate that either of the two field inputs are incorrect.

SOFTWARE FLAWS

• Flaws allows the internet criminals or hacker to enter a system or access files even password is not entered.

DATA POISONING

• Data that are stored in the database are lost. If it is not detected earlier the original data is hard to restore or return to original state.

http://www.forbes.com/sites/kenrapoza/2012/12/05/top-10-security-issues-that-will-destroy-your-computer-in-2013/

http://www.referenceforbusiness.com/small/Inc-Mail/Internet-Security.html

http://www.abs-cbnnews.com/lifestyle/gadgets-and-tech/12/09/14/why-you-should-be-careful-about-sites-you-visit