Blog

Is Your Website Safe From Hackers?

Mar. 31, 2010
by Henry
0 Comments

hacker hit

Attacks. There are many attacks out there, but one of them stands out as it become very popular among the hacker community. Most hackers gain unauthorized access to websites and break into back-end databases through this attack; the SQL injection attack. This attack can happen when the sloppy web designer releases a webpage with an input text box without checking the proper input parameter validation. An attacker can send and execute SQL commands through input text boxes and gain the access to the back-end database. In online banking websites, there are so many input text boxes starting with the sign-up, sign-in, customer comments, and inside account pages. There should be a code behind all of these text boxes to check proper parameter validation to ensure that the input text does not have any type of SQL commands or parameters embedded in. I have seen so many log-in pages with userid and password boxes that are not validated for proper parameters mentioned above. A bad guy can get unauthorized access and download the entire database. There is a lot of information out there about SQL injection attacks; you can learn and take precautions as to not become a victim of this. The following are some of the things that you could take as precautions:

  • Sanitized the input data. For an example, if the text box is expecting a number, do not allow the user to enter text, vise-versa. Scan the input data through the code to filter out any SQL commands and parameters.
  • Again validate the data before executing the back end SQL query to ensure there are no embedded commands in the SQL query variables.
  • Encrypt the data such as userId and passwords so hacker can not access them to gain access to the site and the back-end database.
  • Ensure that the account setup to execute the back-end database is setup based on least privileges. Not only this account, all user and application accounts should be based on least privileges.
  • Ensure all error messages are very generic and do not give any clues to the attacker unnecessary information that can be used to brake in to your website.

Protecting against these types of attacks are easy if you go into building the websites with the right mindset. Let us know if we can continue to help you understand these protections further.

Recent Posts

feature image
BSA/AML Whistleblower Provisions
Dec. 16, 2021
feature image
Multi-Factor Authentication
Dec. 9, 2021
feature image
Customer Service with S.P.E.E.D
Nov. 4, 2021

Posts by Tag