Having your website hacked into can be a nightmare. An organization can adopt the following policies to protect itself against the most common web server attacks.

SQL Injection

SQL Injection (SQLi) is a type of injection attack that makes it possible to execute malicious SQL statements. These statements control a database server behind a web application. They can also use SQL Injection to add, modify, and delete records in the database. Sanitizing and validating user parameters before submitting them to the database for processing can help reduce the chances of been attacked via SQL Injection. Database engines such as MS SQL Server, MySQL, etc. support parameters, and prepared statements. They are much safer than traditional SQL statements

Denial of Service Attacks

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users by flooding it with traffic. Firewalls can be used to drop traffic from suspicious IP address if the attack is a simple DoS. Proper configuration of networks and Intrusion Detection System can also help reduce the chances of a DoS attack been successful.

Cross Site Scripting

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Validating and sanitizing headers, parameters passed via the URL, form parameters and hidden values can help reduce XSS attacks. Related Article: How to Keep your Android device safe

Cookie/Session Poisoning

Cookie poisoning is the modification of personal information in a Web user’s computer by an attacker to gain unauthorized information about the user for purposes such as identity theft. The attacker may use the information to open new accounts or to gain access to the user’s existing accounts. This can be prevented by encrypting the contents of the cookies, timing out the cookies after some time and associating the cookies with the client IP address that was used to create them.

Parameter tampering

Parameter tampering is a form of Web-based attack in which certain parameters in the Uniform Resource Locator (URL) or Web page form field data entered by a user are changed without that user’s authorization. This can be prevented by validating and verifying the user input before processing it.

Code Injection

Code injection is an attack perpetrated by an attacker’s ability to inject and execute malicious code into an app. This can be prevented by treating all parameters as data rather than executable code. Sanitization and Validation can be used to implement this.

Defacement

Website defacement is an attack on a website that changes the visual appearance of a website or a web page. A good web application development security policy should ensure that it seals the commonly used vulnerabilities to access the web server. This can be a proper configuration of the operating system, web server software, and best security practices when developing web applications. As security is something that can not be taken for granted, above are the common website attacks and how to prevent each of them.

How to protect your Website against hacking - 77How to protect your Website against hacking - 60