Saturday, April 12, 2008

Improving Web Site Security

by: Charles Taylor

Hackers are devising new attacks and new ways to slip past security measures every day. One of their favorite kind targets is a Web site. Three quarters of all attacks on Web sites are designed to hamper the forms, log-in pages, shopping carts on online shops and other Web content. Since the design of Web applications make them accessible at anytime from anywhere, it is important that a Web site has protection that works well all the time. This not only protects important consumer details such as credit card numbers; it also protects the Web site itself.

Even the best firewalls, Secure Sockets Layer (SSL) and other protective measures will not enough to guard Web applications against every attack. It is infinitely more difficult for security professionals to figure out what new and innovative trick will be used to bypass security than it is for the hackers to find that trick

It can seem as if there is no solution to this problem. What is needed is a program that can check Web applications and further improve the security. That program is Acunetix WVS. It deals specifically with SQL Injection and other vulnerabilities like XSS. It helps to secure Web sites from harsh attacks, checks for scripting in cross-sites, and strengthens the authentication pages and passwords. It also audits shopping carts in an effort to prevent attacks. With the security audit reports peace of mind can finally be gained.

CRLF injection, directory traversal, code execution and file inclusion attacks are other ways to cripple a Web site's security. Authentication as well as input validation attacks are also likely.

The Google Hacking Database (GHDB) can identify important data like the logon pages, network information and so on and so forth that might be vulnerable, making it an important tool to improving Web site security. With the Acunetix, the queries wedged in the Google Hacking Database will be launched long before something goes wrong.

Acunetix gives suggestions on how to correct any problems through its report generator that will create quick reports and data to zero in any vulnerabilities that might exist.

It is necessary to reconstruct HTTPs and analyze them for cross-site scripting and SQL injection to ensure better security. Also important is HTTP fuzzer to validate the input and test the overall performance of the Web site.

It’s vital that passwords be configured and protected. Input configuration should utilize HTML form fillers as a matter of course. This allows testing how certain occasions and different inputs influence how the site behaves.

Important things to consider:

1. Is the Web site ready and prepared for a dictionary attack?

2. Support from other technologies such as PHP, CGI and ASP.

3. Search directories for weak permissions

4. Detect errors in pages as early as possible

5. Re-auditing all changes in the Web site to check for new vulnerabilities

dotDefender 2.1 is one of the programs that can protect and secure. It takes care of spammer bots, attacks, probes, SQL injections, hijackings, pronounced tampering and even proxy takeovers.

It can be a daunting task to improving Web site security, but is absolutely critical to do so. By following a few simple steps and using programs tailored to assist in the task everything will work efficiently and effectively.