venus/CyberSecurityClub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
CyberSecurityClub/Crimson_Defense/Skills/Website_Security
History
stephensottosanti 0b51262827 commit
2021-03-08 22:10:38 -06:00
..
README.md
commit
2021-03-08 22:10:38 -06:00

README.md

Website Security

BACK TO UACTF

One of the most overlooked aspects of the corporate environment is the health and security of the company website. Far too often it is not until after a security breach has occurred that investments in website security practices are made. To protect the security of the website, one needs to be proactive with a defensive mindset.

OWASP, the Open Web Application Security Project (https://www.owasp.org), has several resources for improving web application security. One of many informative and helpful items produced is their Top 10 list of Application Security Risks. Below is the link to the 2017 version.

https://owasp.org/www-project-top-ten/

SQL Injections

Number one on that list is injection flaws, and one of the most common injections are SQL Injections. These flaws are the result of an all too common failure to filter untrusted input. By not filtering user input, an attacker can easily inject commands that can potentially result in the loss of important or confidential data and even the hijacking of a clients browser.

Below is a tutorial on SQL Injection.

https://www.guru99.com/learn-sql-injection-with-practical-example.html

Cross-Site Scripting

Number seven on the list is another very common vulnerability, Cross-Site Scripting (XSS). This is another vulnerability that has its roots in failure to filter input. Here an attacker will provide JavaScript tags as input to a web application. Without the filtering of the input, the users browser will execute it. One of the more common results is getting a user to click on the crafted link.

Below is a tutorial on Cross-Site Scripting.

https://excess-xss.com/

BACK TO UACTF