commit

Crimson_Defense/Skills/Website_Security/README.md

@@ -0,0 +1,27 @@
+# Website Security 
+[BACK TO UACTF](/UACTF)<br>
+
+One of the most overlooked aspects of the corporate environment is the health and security of the company website. Far too often it is not until after a security breach has occurred that investments in website security practices are made. To protect the security of the website, one needs to be proactive with a defensive mindset. <br> 
+
+OWASP, the Open Web Application Security Project (https://www.owasp.org), has several resources for improving web application security. One of many informative and
+helpful items produced is their Top 10 list of Application Security Risks. Below is the link to the 2017 version. <br>
+
+https://owasp.org/www-project-top-ten/ <br>
+
+<i>SQL Injections</i> <br>
+
+Number one on that list is injection flaws, and one of the most common injections are SQL Injections. These flaws are the result of an all too common failure to filter untrusted input. By not filtering user input, an attacker can easily inject commands that can potentially result in the loss of important or confidential data and even the hijacking of a client’s browser. <br>
+
+Below is a tutorial on SQL Injection. <br>
+
+https://www.guru99.com/learn-sql-injection-with-practical-example.html <br>
+
+<i>Cross-Site Scripting</i> <br>
+
+Number seven on the list is another very common vulnerability, Cross-Site Scripting (XSS). This is another vulnerability that has its roots in failure to filter input. Here an attacker will provide JavaScript tags as input to a web application. Without the filtering of the input, the user’s browser will execute it. One of the more common results is getting a user to click on the crafted link. <br>
+
+Below is a tutorial on Cross-Site Scripting. <br>
+
+https://excess-xss.com/
+
+[BACK TO UACTF](/UACTF)<br>