1 min read

6 Threats to Web Application Security & How to Avoid It

6 Threats to Web Application Security & How to Avoid It

Corporations spend millions to ensure that their online networks and servers are secure. However, Web security at the application level is often ignored, or at least underrated. This is unfortunate, because today, most security breaches online occur through the application rather than the server. Last year, the Gartner Group reported that "75% of cyber-attacks and Internet security violations are generated through Internet applications." Many people do not understand the security threats that can exist in Web applications. The image below is a typical website login page, as a hacker sees it.

Let's take a look at these threats in a bit more detail:

Cross-site scripting - Injecting lines of JavaScript into web pages. If not defended against, a hacker can submit malicious code through the search bar, for example, or post it in a user comment.

Session Hijacking - Each unique user is assigned a "session" when they log in to a website. Session hijackers will jump into the session of another user, reading information as it passes between the user and the server.

Parameter Manipulation - Websites often pass information from one web page to the next through URL parameters. For example, if you search on Google, your search terms will be passed to the results page through the URL. A hacker can take advantage of this fact to rewrite these parameters in harmful ways.

Buffer Overflow - A buffer is a small amount of space allotted to store data. If a buffer is overloaded, the extra data will overwrite data in other areas. Hackers have exploited this knowledge to overfill a buffer, than overwrite other data with their own malicious code.

Denial of Service - Denial of Service attacks are simple but effective. They operate by overwhelming a site with requests for information, severely slowing the operation of a website or bringing it down entirely.

SQL Injection - SQL injection works similarly to cross-site scripting; in this case, however, it is malicious SQL statements that are inserted into the site. These statements are intended to manipulate the database in some way - either accessing sensitive data, or deleting it entirely, causing major headaches for the owners.

What can you do to avoid these threats? The most important thing is not to underestimate the importance of Web application security - and put your users and yourself at risk. CommonPlaces offers a wide range of security services, including industry-leading security scans, code review, and remediation services. Contact us today to discuss the security of your site.

Related Posts

2 min read

User Testing Vs. Usability Testing

For any business building a new website, the terms user testing and usability testing might seem like a case of semantics, or even po-tay-to/po-tah-to. However you look at it, everybody is a user of...
3 min read

The Balance Between Web Design and Usability

In the realm of web interface design, there is a constant game of tug-of-war between creativity and usability. On one hand everyone wants to build a beautiful site that stands out from the crowd...
1 min read

New Book Advises You to "Underdo" the Competition

One of the main tenets of Rework, a popular new book on Web profitability, is that the path to success lies in "underdoing" your competition; in other words, offer fewer features, but do it better...
3 min read

The Future of Artificial Intelligence and Chatbots in Business

By 2020, Gartner estimates that “consumers will manage 85% of their relationships with enterprises without ever interacting with a human.” So, the question becomes, who will they interact with? The...