Skip to main content

How to Protect Your Website from Cyber Attacks?

In today's world of technology everything can be done online and millions of websites are on the internet. But along with it comes the darker sides like hacking, online fraud, phishing, spamming and other cyber-attacks. The trending topic in Information technology field today is Web security. As the web applications increase in number, so does the hackers and the instances of cyber-attacks.

Attackers always try to find the weak points in the website and exploit those flaws to perform any illegitimate or malicious activity. These flaws or weaknesses in the websites are known as vulnerabilities. Anything that can harm the security of the applications and the servers is vulnerability. The basis of web security is based on CIA triangle - Confidentiality, Integrity and Availability. Confidentiality lays stress on protection of data and sensitive information. Integrity involves the accuracy, reliability and consistency of data while availability deals with maintenance of hardware and software so that data is accessible uninterrupted all the time. These three components guide the information security policies. 
So to protect your website from cyber-attacks, you need to find out the vulnerabilities and then fix them. This process comprises of following steps:

1.     Information gathering and Reconnaissance
2.     Vulnerability Identification
3.     Risk and Impact assessment
4.     Remediation


Vulnerability Assessment can be done both manually and automatically with the help of tools. The easiest way is to use online tools which scan your complete website thoroughly and deeply in less amount of time. They find out all the vulnerabilities, segregate them according to their risks or severity. Some vulnerability is critical like Injections (SQL, Command, LDAP), Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Broken Authentication, etc. If an attacker successfully exploits any of these vulnerabilities, then the complete web application can be compromised leading to online fraud causing severe business impacts. These vulnerabilities need to be fixed immediately. There are other high, medium and low severity vulnerabilities like Information disclosure, malicious file upload, weak encryption algorithms, click-jacking, improper access controls, security misconfigurations, improper session management and others which are all reported by these online vulnerability scanners. The hackers or any malicious user can use these vulnerabilities to perform attacks like Denial of Service (DoS), introduction of viruses, updating customer information, phishing, performing illegitimate activities like online transactions to fulfill their motives.

Following is the list of good tools which efficiently find vulnerabilities in a website online:

1.   Acunetix
2.     SiteGuarding
3.
     Scan my server
4.
     Quttera
5.
     Detectify
6.
     SUCURI
7.
     Qualys FreeScan
8.
     AsafaWeb
9.
     Netsparker Cloud
10.
 Tinfoil Security

There are other tools also available online which can be used manually for testing and finding the vulnerabilities like BurpSuite, Nessus from Teenable Network Security, SQL map, Wireshark, Fiddler and many more. But you need to have enough knowledge to perform testing manually.


On the other hand online tools not only identify the vulnerabilities, but also output the results very nicely which is easy to understand and read. You can download the report in pdf, csv or html format. It also shows graphically the count of vulnerabilities along with their risks, which helps you identify which of these need to be fixed immediately. The report is quite extensive and covers almost everything. It also provides remediation steps for fixing the vulnerabilities found. Hence you can use online tools easily to protect your website from any sort of attacks.

Comments

Popular posts from this blog

Simplified DES Example: Step by Step

Simplified DES or S-DES is an encryption algorithm which follows feistal cipher structure. In this tutorial, we will take an example of S-DES. Let’s get started.
We need plaintext and key to start with. For this example, let’s consider 01001000 be the 8-bit plaintext and 1110001110 be the 10-bit key.
Key Generation: The first step in S-DES process is key generation. From the 10-bit key that we give as input, it generates 2 1-bit keys called k1 and k2. Following is the process:
1.Pass the 10-bit input key into the P10 table:
3 5 2 7 4 10 1 9 8 6
This gives: 1011001110. (For example, take the 3rd bit from input key which is 1. It becomes the first bit for our new key) 2.Divide the new key into two halves and left shift each half’s bits by one. So by dividing we get 10110 and 01110. We perform left shift so the left most bit becomes the right most bit and remaining each bit is shifted to its left. This gives: 01101 and 11100. Or you can think of it as the left most bit is taken to the righ…

HCI: Research Topic Ideas

I was reading an interesting research paper (Personal Tasks at Work: An Exploration, ACM 2017) in which the writer talks about the personal tasks that we have to do at work such as scheduling appointments, paying electricity and other bills, etc. The problem at first seems to be a social science one which has nothing to do with computer science but when looked closely the problem highlights an important aspect of our daily life that has to be sorted out using technology. The paper basically discusses those tasks and categorizes them based on frequency of occurring based on a survey. So, for example out of the 93 people who participated in the survey presented in the paper, 51% reported a need for scheduling an appointment while 33% have to coordinate their personal activities. Some will say (specially management science guys) that few of the problems can be solved by proper time management but remember that the purpose of technology is to make life easier for humans. Also, not every …

Cyber Security Awareness: for Employees

The insecurity of data and information that exists on the internet and computer networks has been a major issue for a number of businesses, organizations, and institutions; which don't invest on network and internet security training and awareness programs for their employees. Ideally, most employers rush to invest in new and expensive technologies in the name of protecting their companies online, not knowing that in most cases, the safety of a company online largely depends on the cyber security awareness of the employees. Consequently, your company's protection online starts by ensuring that your employees are well equipped with basic network safety practices and policies, so that they can assist in keeping your computers and networks safe from cyber-attacks that come in form of a virus, malware, and cyber-crime.

Different Ways to Create Cyber Security Awareness to Your Employees:
1.Authentication
The most basic network security measure that your employees need to use is a pass…