November 8, 2013
rosemary published this at 7:59 am
By Brittany Thorley
Cyber attacks have been a growing trend and an ever-growing challenge for organisations of all sizes with the financial loss as a result of cyber attacks and the cost of resolving such threats costing billions worldwide. Whilst the global price tag of cyber attacks is staggering and hackers by no means defeated, organisations across the globe are taking steps to optimise their websites to avoid hacking disasters.
Prevent hackers from using your server as a transmitter of spam and illegal files using these five steps to a website that is safe, secure and ultimately uncompromised.
1. Update regularly to close hacker loopholes
Updating software and backing up files should be the mantra of every online business and this regime is an important step to protecting your site from hackers. Updating all software on your server and any web applications on a regular basis is essential and will close loopholes that leave your site vulnerable to attacks. Exercise particular diligence when using any third party software (e.g., CMS) by regularly running security updates. CMS software (such as WordPress) informs you of any available updates when logging in.
2. Use parameterised queries
Preventing SQL Injection vulnerabilities is a developer’s nightmare when it comes to web application security, and many have quite the battle on their hands to ensure the code they write is secure and a number of other factors are controlled to inhibit compromise. Despite developers’ best efforts, SQL Injection, whereby the hacker uses a URL parameter or web form field to access and manipulate databases, is all too common but you can do your bit in protecting your website from unauthorised changes, data collection and deletion.
Parameterised queries can be used in collaboration with many web languages and will prevent the hacker from changing URL parameters to add their additional query to the SQL statement.
3. Censor error messages
Unbeknownst to many, error messages can give away essential information that leaves your system compromised. One area in particular where hackers can use error messages to attack and gain access to your website is the admin login form. For example, they use vague error messages such as ‘Your username or password was incorrect,’ implying that one of the two fields is correct. This will give the hacker the information they need to launch an attack on the incorrect field and gain access to your system even quicker.
4. Use strong passwords server and browser side
The importance of strong passwords may be an obvious one, but many organisations still fail to make their password as complex as they should, especially when protecting their server and admin area. Follow the principles and create a password that will outwit the most persistent hackers and defend your website appropriately.
- Ensure your password is at least eight characters in length
- Regularly update your password and ensure it is dramatically different every time
- Do not include your username, company name or real name
- Use a mixture of uppercase letters, lowercase letters, numbers and symbols
- Avoid using complete words or phrases
The use of memorable information in a password can make it easy to remember, but apply the principles above and the following example to form a stronger alternative. If you’d like to use your husband’s birthday as the basis of your password, use the values in the following example: ‘My husband’s birthday is 25 November 1987’, opt for this password – ‘Mhbi25/Nov,87’.
5. Assess your website security with penetration testing
Penetration testing (or pentest) uses similar scripts as hackers to simulate a hacker attack and highlight and exploit vulnerabilities within your IT infrastructure. These weaknesses can be found and remedied before hackers have the chance to abuse them in a bid to compromise your website. Internal, external and hybrid penetration testing can provide organisations across all industries with a level of certainty and reassurance when protecting their website from hackers.
Have you taken steps to secure your website?