Why web security is so important?

Why should developers care about web security?

Due To COVID-19 Pandemic Cybercrime Rise Up 600%. Between 2020 and 2021 number of malicious web applications grew to 88%. Broken access control and injection attacks represented more than 75% of web application attacks. As it has been pointed out writing secure applications is becoming more and more important, in this article, I will explore the most common attacks and how to prevent them.


Common web app security vulnerabilities

- Cross site scripting (XSS)

- SQL injection (SQi)

- Memory leak

- Cross-site request forgery (CSRF)

- Broken Authentication

- Sensitive Data Exposure


Cross site scripting (XSS)

XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. Attackers may use a cross-site scripting vulnerability to bypass access controls such as the same-origin policy.


What is the impact:

- Account compromise

- Page content replacement

- Inject keylogger into browser


How to prevent:

- Filter input on arrival: Filter user input as strictly as possible based on what is expected or valid input.

- Encode data on output: Filter output by changing the crucial HTML opening and closing tags form example: < --> < > --> > " --> " ' --> '

- Use appropriate response headers: Use the Content-Type and X-Content-Type-Options headers to ensure that browsers interpret the responses in the way you intend.


SQL injection (SQi)

SQi is a web security vulnerability that allows attackers to insert malicious SQL statements into an insecure entry field for execution.


What is the impact:

- Identity spoof

- Data tampering

- Hijack administrator privileges

- Database breach


How to prevent:

- Use input validation

- Parameterize queries including prepared statements


Memory leak

A memory leak occurs when a location in memory is unintentionally modified or a variable is accidentally created in the wrong scope resulting in the potential for unexpected behavior in the software.


What is the impact:

- The attacker might be able to launch a denial of service attack


How to prevent:

- Precise timers and event handlers

- Reduce use of global variables: Global variables are never disposed of by the garbage collector

- Avoid creating multiple references to the same object and object mutation. Make a copy of the object instead


Cross-site request forgery (CSRF)

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a bit of help from social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker’s choosing.


What is the impact:

- The attacker may be able to change the email address on the victim's account, change the victim's password, or make a funds transfer


How to prevent:

- For stateful software use the synchronizer token pattern

- For stateless software use double submit cookies

- Use the SameSite Flag in Cookies


Broken Authentication

Broken authentication lets someone log in to an account they’re not supposed to have access to, in general, refers to weaknesses in two areas: session management and credential management. In both cases, an attacker can use hijacked session IDs or stolen login credentials.


What is the impact:

- Session hijacking: The attacker may take over one or more accounts giving the attacker the same privileges as the attacked user


How to prevent:

- Implement multi-factor authentication (MFA)

- Use weak-password checks by forcing users to create strong passwords

- Place a limit on failed login attempts


Sensitive Data Exposure

Sensitive Data Exposure occurs when an individual or organization unintentionally reveals personal data such as user account/passwords, banking information, health information, personal information, etc.


What is the impact:

- Financial loss

- Identity hijacking

- Decreased brand trust


How to prevent:

- Encrypt data during transport

- Use encryption algorithms

- Use HTTPS protocol

- Disable data caching that may store sensitive information


So why web security is important?

Web security is important regardless of project size, every developer should be aware of the tools that can help make applications be safe.


An ounce of prevention is worth a pound of cure.


– Benjamin Franklin.


sources: https://www.radware.com/2021-2022-global-threat-analysis-report/ https://owasp.org/

click here to go to the contact form

Content

Got a project?

Let's talk!

__wf_zastrzeżone_dziedziczyć
Technologies
Technologies
HTML - co to?
arrow icon
3.20.2024
2 min czytania
Technologies
What is HTML?
arrow icon
3.21.2024
2 min read
Technologies
Technologies
TypeScript? - co to?
arrow icon
3.20.2024
3 min czytania
Technologies
What is TypeScript?
arrow icon
3.20.2024
3 min read
Technologies
Technologies
PHP - co to?
arrow icon
3.19.2024
1 min czytania
Technologies
What is PHP?
arrow icon
3.19.2024
1 min read
Technologies
Technologies
Swift - co to?
arrow icon
3.18.2024
5 min czytania
Technologies
What is Swift?
arrow icon
3.18.2024
5 min read
Technologies
Technologies
Kotlin - co to?
arrow icon
3.16.2024
4 min czytania
Technologies
What is Kotlin?
arrow icon
3.16.2024
4 min read
Technologies
Technologies
Vue.js - co to?
arrow icon
3.15.2024
3 min czytania
Technologies
Technologies
What is Vue.js?
arrow icon
3.15.2024
3 min read
Technologies
Technologies
JAVA - Co to?
arrow icon
3.14.2024
4 min czytania
Technologies
What is JAVA?
arrow icon
3.13.2024
2 min read
Technologies
Technologies
React Native - co to?
arrow icon
3.13.2024
3 min czytania
Technologies
What is React Native?
arrow icon
3.13.2024
3 min read
Technologies
Technologies
React.js - co to?
arrow icon
3.13.2024
2 min czytania
Technologies
What is React.js?
arrow icon
3.13.2024
2 min read
Technologies
Node.js - co to?
arrow icon
3.13.2024
1 min czytania
Technologies
What is Node.js?
arrow icon
3.13.2024
1 min read
Technologies
Technologies
JavaScript - co to?
arrow icon
3.13.2024
1 min czytania
Technologies
What is JavaScript?
arrow icon
3.13.2024
1 min read
Knowledge hub
Knowledge hub
Kim jest fullstack developer?
arrow icon
3.13.2024
1 min czytania
Knowledge hub
What is a fullstack developer?
arrow icon
3.13.2024
1 min read
Knowledge hub
Knowledge hub
Co to jest frontend?
arrow icon
3.13.2024
2 min czytania
Knowledge hub
What is frontend?
arrow icon
3.13.2024
2 min read
Knowledge hub
Knowledge hub
Co to jest backend?
arrow icon
3.13.2024
2 min czytania
Knowledge hub
What is backend?
arrow icon
3.13.2024
2 min read
Business
Business
Profesjonalna aplikacja dla firmy - 10 wskazówek
arrow icon
5.12.2023
7 min czytania
Business
Business
Doradztwo IT - korzyści dla Twojej firmy
arrow icon
3.21.2023
6 mi czytania
IT
How to get started in IT?
arrow icon
3.6.2023
7 min read
IT
WEB3 - What is it? Introduction
arrow icon
2.21.2023
4 min read
Code
Code
Czy MobX to dobra alternatywa dla Redux?
arrow icon
2.1.2023
3 min czytania
UX/UI
UX/UI
UX Design - przewodnik dla programistów
arrow icon
1.30.2023
4 min czytania
Code
Code
Podstawy React’a - stan i hook useState
arrow icon
1.26.2023
5 min czytania
Startup
Startup
Startup - z jaką firmą IT współpracować?
arrow icon
12.20.2022
11 min czytania
Business
Business
Najlepszy kraj do outsourcingu IT
arrow icon
12.12.2022
4 min czytania
Business
Business
Jak zmienić firmę programistyczną?
arrow icon
12.2.2022
4 min czytania
Business
Business
Outsourcing IT- kompletny PRZEWODNIK!
arrow icon
11.28.2022
3 min czytania
Business
Business
Team Augmentation - Korzyści!
arrow icon
11.23.2022
9 min czytania
Business
Business
W co inwestować pieniądze w 2021 roku?
arrow icon
11.21.2022
3 min czytania
Business
Business
Praca w różnych strefach czasowych. Jak to działa?
arrow icon
11.18.2022
7 min czytania
Startup
Startup
Co to jest startup? (Nowoczesne Przedsiębiorstwo)
arrow icon
11.17.2022
6 min czytania
Business
Business
Co to jest outsourcing pracowników IT i ILE kosztuje
arrow icon
11.14.2022
5 min czytania
IT
IT
Jak stworzyć aplikację mobilną?
arrow icon
11.11.2022
5 min czytania