The question of the security of the web site has long been a priority for designers and web developers. Prevent methods of attacks on web sites has become a whole profession, thanks to the range of possibilities that exist to attack a web site. Not only the large databases banking are the white ideal for hacker, there are also various data bases that can be extracted from large websites such as forums or communities, and this is just example of what could be achieved with their attacks hackers. At this point of insurance you may ask: does my Web site is ready for any attack of Hackers?
Any website, blog, Survey Websites, Forum, online store or a corporate web page, can and surely will be attacked by a hacker. Now, as a designer or developer of web pages, have the task of not only to create eye-catching web pages visually, but also, to keep them protected the attackers who wish to extract information or to simply make some evil.
There are a number of ways to hack a web site. For this reason, many measures must be implemented to prevent these unfortunate situations. However, there is no foolproof method to prevent and eradicate the intrusions of hackers. In this article, learn about the measures that could be taken to make your web site be prepared for possible known attacks.
Common Hacking methods
As mentioned above, are different methods that an attacker can use to attack a web site. For this reason, will explain you the methods more common that use attackers, and of course, their respective measures to prevent such intrusion.
The SQL injection attack, is without doubt one of the attacks more serious for a site or web application. This attack is aimed at fields in query or data entry, even, could come to be used directly in the browser URL box. An attack of this kind, can give access to database information to the intruder.
The SQL injection attacks occur when a hacker tries to paste SQL commands in their fields on the web page. In the event that data contains a single quotation mark (‘) at the end of a user name, your database could see this as a built SQL query. Because of this, receive data from an SQL query could.
Hackers can not access your web site using the query, but the method will enable them to haveaccess to your name database, tables and key fields. From these data, the hacker can use the information you need to use SQL commands in the other fields of your web site. With this method, they will collect the necessary data to use in an intrusion.
How defend my website against the SQL injection?
- To ensure correct data types management.
- Parameterized queries
- Permissions for queries
- Consider the use of an ORM
Categorised as: Hacker News