Wubbleyou
Call for a free quote today
Newcastle 0191 259 1272 / London 0333 0118 277
contact@wubbleyou.co.uk

It looks like you've found our blog! Here is where we keep you up to date with the latest Wubbleyou news,
and also provide news articles on the latest ideas and trends in the world of web design.

Most common website security issues and prevention

Design Blogs

Due to the recent spate of website exploitations we have decided to compile a list of the most common website vulnerabilities to look out for, and how we at Wubbleyou provide websites which a protected from them.

 

SQL Injection

One of the most common attack vectors with the most devastating results is SQL injection.  SQL injection occurs when a malicious user injects code into your website to modify, steal or even erase information stored in your database.  SQL injection is easily avoidable but tends to be overlooked or untested, especially in older websites.

SQL Injection Prevention

There are several proven methods employed to prevent this which we will always employ, but the most basic rule is to trust no data received from any user and properly validate all input.

Cross Site Scripting (XSS)

According to Security firm Semantic, XSS accounted for 80% in website vulnerabilities in 2007.  XSS is a method employed by malicious users whereby they inject code into your website to complete a range of actions from stealing your clients log in details, to installing malicious software on your user’s computers.  Websites that have been exploited by this can be blacklisted and marked by search engines as unsafe; making it paramount this issue is checked for.

Cross Site Scripting (XSS) Prevention

To prevent this it is also necessary to validate all user input and remove any malicious attempts to exploit a vulnerability.  Again all websites created by Wubbleyou are screened and methods are put into place to prevent this.

 

Email Form Header Injection

This vulnerability is a slightly less known one and sometimes overlooked.  This occurs when a malicious user attempted to inject data into your website’s email contact form to force it to email many users instead of you.  This is exploited to manipulate your website to send large amounts of spam emails.  If this is occurring your email address and server may be blacklisted as a known culprit for sending spam.

Email Form Header Injection Prevention

Again the way to prevent this is to screen user input and remove all malicious attempts at exploiting this.

 

Malicious File Upload and Execution

This can occur anywhere on your website where you allow users to upload files.  If they are successful in uploading a malicious file they will be able to gain full control of your website and most likely full access to your database.

Malicious File Upload and Execution Prevention

It is important to validate the firstly the file name and then the true nature of the file before storing it on your website.  For example it is fairly easy to disguise a malicious payload as an image file/word document, upload it to your website and execute it later.

 

Other important aspects

 

User Authentication

It is important that any information that you want to show one group of users but hide from another is properly secured.  For example it must be ensured that a user is properly validated and cannot spoof their way into a protected area or circumvent the security features completely.

 

Logging actions

Sometimes a lot of trust is placed on the users in your system/company that you employee to run your website and therefore have escalated privileges.  It is paramount that each user has their own log in details and that all actions they cause are logged, making every user accountable for what they have done, especially if it was malicious.

 

Proper error suppression

All errors triggered by a user causing an action accidently or maliciously should be properly handled so as not to give away any information regarding the inner workings of your system.

 

How can Wubbleyou help me?

At Wubbleyou we employ a strict set of security policies whilst creating every website to ensure that nothing is left untied which will lead to any of the above.  If you already have a website which you suspect could be susceptible to one of the above we can also audit and patch an existing website.  If you aren’t sure, get in touch and we can even complete a basic assessment free of charge!

If you store user data is very important that sensitive data is secured (such as personal details and credit card numbers).  If you are storing your information in plain text and your system is compromised it can be very embarrassing.  For this reason we also provide a service whereby we ensure all the important information in your system is heavily encrypted, taking longer than the age of the universe to crack!

 

Please feel free to contact us if you have any concerns what so ever.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>