Why Web sites get hacked

[Larwee]

A lot of site owners think about security when there is new coverage about a big security breach. However, experts say that most people don't pay much attention to security when building web applications.

According to some experts most site owners are more interested in the way their site looks than they are in security. They say that security is often thought of after a site is built rather than before.

"The Ten Most Critical Web Application Security Vulnerabilities" is a report by the Open Web Application Security Project (OWASP). They want to raise awareness about the biggest security challenges facing Web developers.

The first OWASP list was issued in 2004. They say security hasn't improved much since then. They also say that new technologies such as Rich Internet Applications and AJAX make Web sites look better but also create more opportunities for attacks.

Here are the top 10 Web vulnerabilities according to the Open Web Application Security Project.

1. Cross site scripting (XSS)
2. Injection flaws
3. Malicious file execution
4. Insecure direct object reference
5. Cross site request forgery
6. Information leakage and improper error handling
7. Broken authentication and session management
8. Insecure cryptographic storage
9. Insecure communications
10. Failure to restrict URL access

This link will give you a description of each vulnerability, as well as examples and how to fix it. The information is fairly detailed The top 10 reasons Web sites get hacked | InfoWorld | News | 2007-10-05 | By Jon Brodkin, Network World

[route609]

This post is spot on for accuracy. In my time i have known many people/site owners not to pay much attention to site security. This has then lead to hacking, fraud, copywriting etc etc and due to the lazyness or neglegence of the site owner, nothing can be provided as compensation.

One of the main problems i have came accross as a designer is the amount of eccommerce stores that do not pay much attention and care to security pages. (HTTPS)

This is not something that will affect most affiliates as the secure pages will be found on the product site, however site security is something everybody should seriously consider and take note of when designing a site.

Yes, pretty/good looking designs are good, however, common issues like security and other factors e.g download speed, html/css size etc are issues which should always be at the front of mind when creating websites.

Thanks

[aureliustjin]

I agree with that. Website security must above all, be every site owners priority. Or else they keep their sites susceptible to hacker attacks.

Design and attractive looking site is but secondary. :-)

[videosoflife]

Are there any organisations or software that will assess a sites vunerability to hackers. Is this subject covered in detail on any sites in a format that can be understood by non techies.

[Larwee]

videosoflife, Gibson Research is a free service that I have used for years. They do a decent job. You will probably want to scroll down to ShieldsUp and give that a try.

You will notice they have many other tests that you can try. You may want to check some of them out since they can be very helpful.

Here is the link GRC | Gibson Research Corporation Home Page

After you spend some time at the Gibson Research site, you may then want to try Symantec Security Check. It is also free. Here is a link to it Symantec Security Check

[videosoflife]

Thanks for your support on this topic..........you really do have your finger on the pulse.

[Larwee]

Thanks, videosoflife. Glad I could help.

Our members face many issues as webmasters. The purpose of the Webmasters Universe Forum is to cover some of the important, interesting, informative and/or useful issues. Most of the time you will find topics here that aren't normally covered in any of the other 5 Star forums.