The Most Common Security Risks in Web Development | by Arno Pretorius | June 2022
Assess the most common security risks that exist in web development.
Cybersecurity is the protection of systems connected to the Internet. This includes software, hardware and data from cyber threats. Cybersecurity protects these systems against malicious hackers who will try to infiltrate these systems in multiple ways.
– SQL Injection
– Login/password theft
– Leakage of sensitive data
– XSS Attacks
– No monitoring and logging
– Improper configuration of security settings
– CSRF Attacks
– Use of components with vulnerabilities
– Exposing information via query strings in the URL
– Web application design flaws
SQL injection is a web security vulnerability where an attacker attacks data-specific applications, where dangerous SQL statements are injected into a data field.
Theft of login/password:
Login/password theft occurs when hackers attempt to steal your login credentials. This can be done through various techniques, such as phishing, brute force attacks, and many more attacks.
Leakage of sensitive data:
This is when data considered sensitive is accidentally leaked/exposed. This can happen for a variety of reasons, such as not encrypting data and not evaluating user permissions.
XSS is also known as Cross-Site Scripting attacks. It is when a user injects malicious code into a script.
No monitoring and logging:
A common problem when deploying a web application is insufficient monitoring and logging. It is important that users regularly check their servers and the administration section of the website to see if there are any issues.
Improper configuration of security parameters:
When deploying a website, it is important that the security settings are configured correctly, otherwise it can put your website at great risk. These security settings can include HTTP headers and detailed error messages.
CSRF (Cross-Site Request Forgery) attacks:
A CSRF attack is an attack that forces the user to perform unwanted and unexpected actions on the website on which they are currently authenticated.
Use of components with vulnerabilities:
It’s common for developers to install packages in their apps that perform a certain action, but many of these packages aren’t regularly maintained, which can lead to unexpected vulnerabilities in the source code.
Exposing information via query strings in the URL:
Information can be exposed in the query strings of the URL, it’s not a problem if the data of these strings are generic numbers or random strings, but if they contain passwords or e-mails , this can cause problems later.
Web application design flaws:
This security flaw is generic and depends on the quality of the design of the website by the developer. If, for example, the developer does not follow security best practices, it is likely that the web application will be hacked, however, if the appropriate measures are taken, the website will be more secure and will not encounter as many problems. long term, rather than doing nothing.