Web Security - Safeguarding Your Digital Footprint

The top 3 most viewed websites in 2018 are- Google, YouTube and Facebook. Can you imagine living a day without using at least one of them? These websites along with numerous other social networks have become an integral part of our lives. Whether it’s a teen googling for pictures of his/her favorite movie stars, a millennial sharing posts on Facebook or an elderly listening to songs of his choice on YouTube, browsing websites have become an important activity of our daily routine.

The latest research show that the number of minutes spent on social networking websites by the Internet users worldwide was 135 minutes per day. The numbers have been increasing since 2012. Facebook is one of the most addictive websites as an average user spends 50 minutes of his day on Facebook.

 As people spend more & more time on these websites, they become an easy target of online predators. We have been carelessly sharing our personal and professional info on the web, thus preparing ourselves for getting robbed.

Predators have devised various ways of raiding the novice- from creating fake profiles on Facebook to sending lottery emails to millions around the globe. There are various other ways to SCAM people online which haven’t come to light as yet.

According to a study released in 2011, about 69% of web apps had been injected by a SQL command at least once while the cross-site scripting accounted for 42% of websites.

Thus, it has become vital to safeguard yourself from online thefts and cyber criminals especially if you are a business dependent on websites/mobile apps for livelihood. The website security breach is not meant to mess with the layout of a website instead used to retrieve important data or files from the server and manipulate the existing.

No wonder we see a lot of website development companies mushrooming in the world. Even in India, there are lots of upcoming web development companies which are looking to make a mark.

Below are the Few Ways of Securing the Website Applications:

1)    Always keep the software up to date. This is applicable to both operating systems as well as the software running on your website. Use tools like Composer, NPM, or RubyGems to make your website more secure and stable. Other tools like Gemnasium can help you get automatic notifications whenever your components are vulnerable.

2)    Always set a strong password policy. Ask everybody in your vicinity to use complex passwords however it doesn’t mean they always do. It is advisable to insist the users to have a good password because it further adds to the security of their accounts. The users can implement measures like Captcha to alleviate from brute force attacks.

3)    Companies providing web development services need to understand security controls of the language (PHP, ASP.NET, JAVA, HTML) being used. There are many security providers in the market and everyone tries to offer best, but it’s the duty of website holder to ensure security providers are focussed to stop exploits such as SQL injection and cross-site attacks. Further, having inbuilt code checking tools at work can help as well.

4)    Always sanitize the inputs at the client and server side. The user should not be allowed to enter special characters or null characters. Doing so will prevent the attackers from XSS and various injections like SQL. It also eliminates the case of a hacker turning off JavaScript and changing the values submitted to your server. Use Strict Contextual Escaping (SCE) to avoid XSS and SQL attacks.

5)    Beware of the error messages as these can make complex attacks like SQL injection far easier. Keep detailed errors in your server logs and show users the only information they need.

6)    Users should be restricted from uploading files on the website as it can leave vulnerabilities. An ultimate recommended solution is to prevent direct access to uploaded files altogether. This way, any files uploaded to the website are stored in a folder outside of the web root directory or in the database as a blob. If the files are not directly accessible users will need to create a script to fetch the files from the private folder (or an HTTP handler in .NET) and deliver them to the browser.

7)    Always use HTTPS for all domain entries. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are secured and encrypted.

8)    It is suggested to get the website security tools installed. Once all website uploading work is done, at the end test the website security to be further sure. The most effective way of doing this is via the use of some security tools, often referred to as penetration testing or pen testing for short.

Some Suggested Tools for Checking This is-

a)    Netsparker, which is beneficial for testing SQL injection and XSS.

b)    SecurityHeaders.io is a tool used to quickly report security headers mentioned, the domain has enabled and correctly configured.

Final Words

The instant growth of having a web presence and potential digital footprints has led to the demand for web design and development companies too. This along with the need to be up to date with latest security measures (so as to save one’s website from hacking, data stealing or misuse of servers) has led to having a secure website as a basic necessity. Websites are one of the fastest growing revenue sources for businesses and having a safe website helps to earn and maintain customer’s trust as well.