Website Vulnerability introduction.
As a part of web developer it is good to know about website vulnerability because websites experience 22 attacks per day on average— that’s over 8,000 attacks per year , according to site Lock data so it will be good for client and developer to know about its prevention.Wiki help
What is a Website Vulnerability
A website vulnerability is a weakness or configuration issues in a website or in web application codes that allows an attacker to gain some level of control of the site and can be on hosting server.
How Can it be Exploited?
Most vulnerabilities are exploited through automated means, such as vulnerability scanners and botnets. Cyber criminals create specialized tools that scour the internet for certain platforms, like WordPress or Joomla, looking for common and publicized vulnerabilities.
Once found, these vulnerabilities are then exploited to steal data, distribute malicious content, or inject defacement and spam content into the vulnerable site and can take down the vulnerable site temporarily or permanently .
vulnerabilities are prioritized
The web security vulnerabilities are prioritized depending on exploitable , detectable and impact on system.
exploitable
What is needed to exploit the security vulnerability?
Attacker need only web browser or lowest being advanced programming and security tools to exploit vulnerability.
Detectable
How easy is it to detect the threat? Highest being the information displayed on URL, Form or Error message and lowest being source code.
Impact or Damage:
How much damage will be done if the security vulnerability is exposed or attacked? Highest being complete system crash and lowest being nothing at all.
The Top 10 security vulnerabilities as per O.W.A.S.P:
(click on lists to know on them)
- -SQL Injection (S.Q.L.i)
- -Cross Site Scripting(XSS)
- -Broken Authentication and Session Management
- -Insecure Direct Object References
- -Cross Site Request Forgery
- -Security Miss configuration
- -Insecure Cryptographic Storage Failure to restrict URL Access
- -Insufficient Transport Layer Protection
- -Invalidated Redirects and Forwards
join Everest Hackathon – First Biggest Hackathon In Nepal to know more about cyber security.