Have you ever attempted to understand all that technical jargon that goes along with web security? Some of these technical websites, while extremely important, can be almost impossible for most people to understand. The easiest solution is to click away and figure out that you will deal with any security issues as they happen. Of course, this is not the best approach at all. This article will hopefully help simplify some of the basic terms so that you can look into this topic more deeply.
URI – Uniform Resource Identifier
This is the address of your website, or the portion that shows up in the browser bar. When someone enters the first part of the address the search engines start their search. This address is then appended with additional information to deepen the search into any website.
It is the code that is added to the URI that is important when it comes to web security. You can add all kinds of elements to the main address, including links to images, elements and frames. If a hacker can override these and add things to your HTML code, you have no idea where your site might point to. Or more importantly what it might show to a visitor, parts or files of your website that you do not want exposed.
Next we will look at the types of attacks your site might experience:
- SQL Injection – This is when an SQL command is sent to your server via the URI or through a form field.
- Path Traversal – this is a function that you do not want to allow on your server. It would allow people to find all your folders on your server. You can imagine what they would do if they had this type of access.
- Cross Site Request Forgery – the best way to describe this is by allowing information to be sent into your database. This is done by forms. Potentially it can allow any form of attacker to get access to private information such as payment and banking details.
- Remote File Inclusion or RFI – this happens when a flaw in your website allows a hacker to add a code from another server to run on your server.
- Phishing – this is a method that fools people into entering personal information into a bad website.
- Clickjacking – this uses CSS and inline frames and gets people to click something without them realizing what or where they are clicking too.
This at least gives you a better understanding of some of those terms that you may have seen when reading about web security.