Web applications and software are becoming increasingly complex, and are starting to tie in to more and more platforms – such as Twitter, Facebook, OAuth and other similar services. As this happens, protecting your customer’s data becomes increasingly important.
Web developers must work hard to make sure that their servers are robust, stable, and resistant to attacks. Common attack vectors include:
Denial Of Service
Denial of Service (DOS) attacks are the most common attack used by unskilled or “script kiddie” attackers. This attack involves sending a high volume of requests (often from bots or computers infected with malware) to your computer. You can lessen the impact of these attacks via temporary IP blocking, and the use of a CDN (Content Delivery Network) and caching to reduce bandwidth and CPU useage.
SQL Injection involves attempting to “break” web forms to fool the server into executing SQL commands send by a web browser. If you do not sanitize the input of your web forms to remove or escape special characters, then your site may be vulnerable to SQL injection attacks. If the attacker can access your database they can edit the content of your site, or query the database to access user’s login details and other data.
Cross Site Scripting
Cross Site Scripting, or XSS, is another popular attack. This attack involves embedding a link to a malicious script into a comment or forum post made by the attacker. When other users view this post, their browser will run the script because they believe it is coming from a trusted site. Cross site scripting can be used to do “drive by” installations of malware, steal cookies, or redirect the viewer to another malicious site.
There are other ways to attack websites, but the above are three of the most common. Protecting yourself against these attacks will do a lot to reduce the likelihood of your website being compromised.