Beyond security reported that, Web sites are unfortunately prone to security risks. And so are any networks to which web servers are connected. Setting aside risks created by employee use or misuse of network resources, your web server and the site it hosts present your most serious sources of security risk.
However sitepronews explained that Technology has become more advanced, and with it, hack attacks in the online world are increasing at an alarming rate.
Hackers use known vulnerabilities in third-party software to target your website and web server, and use it for their advantage.

The object of this maybe just to deface your website, steal your confidential client data, or even worse, use your server resources to perform illegal activities.
There are some simple tips you can leverage to strengthen your website software and sleep with peace of mind.

1. XSS or Cross Site Scripting

XSS occurs when a hacker embeds scripting code into a web form or url, and run malicious code to change your web visitor’s experience and steal passwords or other data.
XSS can also be persistent in nature, where an attacker can manipulate a specific web page and show it as a login screen to users. The recent XSS comment hack on WordPress 4.2 is an example of such a permanent loophole.

2. SQL Injection

SQL injection occurs when a hacker uses a web form field or URL parameter to manipulate your database. Almost all web platforms have a database and generally open source CMS platforms maintain dynamic aspects of the website in the database.

3. DoS or Denial of Service Attack

Denial of Service (DoS) or Distributed Denial of Service (DDos) attacks are by far the most notorious kinds of attacks.
That is because, any level of hacker with a small investment can bombard a website, with millions of requests, and make it look like they are from legit users.
This eventually crashes the web server, and takes the site offline, requiring manual intervention to bring it back online.

4. Weak Passwords

We should all use complex passwords, because the weakest link is all it takes to break the chain. It is imperative to use strong passwords for admin areas, but equally important for all users to protect the security of their accounts.
One compromised account can lead to another and that could lead to the admin account being hacked. It is recommended that passwords have a minimum of 8 letters, digits and special characters to avoid quick password guesses.

5. Brute-force Attack

These attacks are trial-n-error methods to guess your username and password. Weak passwords are prone to getting hacked easily.
Methods like temporary blocking of IP’s and accounts, and multi-factor authentication, help mitigate such attacks.

6. Code Injection

Websites with file upload capability, or sites missing proper client and server side form validation, can be vulnerable.
The risk is that any file uploaded, could contain a script which could be leveraged as root-kit ie. administrator access to your website.
Lack of form validation on simple form fields could lead to malicious code being inserted into the database, and could cause undesirable results to your website.

7. Unencrypted Protocol

An unencrypted channel allows man-in-middle attacks to steal information from your users.
The use of a security certificate SSL, whenever passing personal information between the website and web server or database is recommended.

8. Debug Mode on Production Server

Some developers may accidentally enable debug mode on the live production server, which dumps extensive error logs to the browser.
A hacker can then obtain valuable information about the software used by the webserver and target an attack much better. It’s crucial to hide as much internal information about your server as possible to minimize and delay any attacks.

9. Old Software Versions

It may seem obvious, but ensuring you keep all software up to date is vital in keeping your site secure. This applies to both the server operating system and any software you may be running on your website such as a CMS or forum.
When website security holes are found in software, hackers are quick to abuse them.

10. No Backup Plan

No matter how vigilant you are, attackers can find new loopholes to target your website. So in addition to preventative measures, you should also have a backup-restore plan.
Just in case your site is compromised, you should have a team which can quickly restore the last known backup, and avoid reputation and sales loss.

source : http://techcribng.com/10-website-security-issues-every-website-owner-should-be-aware-of/

Nice job

Nice1

OP there is no doubt that what you said is true.... And it is an excellent article... But have got to talk with a hacker? Have you got the chance to know what made them tick? Have you in anyway thought deep as to how the term HACKER and HACKING come about... I bet it might not be what you think.... I bet you might be surprised by what i have to disclose to you....

Ok, the term HACKER means a self-taught computer geek. Do you chuckle?... Yep, and i add that Bill Gates, Paul Allen, Steve Jobs and some bunch of others are HACkERS.

It is just that in recent times the term is being misused for negative things...

Actually HACKERS come in different colour which are Gray hat Hacker, White hat Hacker, and Black Hat Hacker..... You can read my post on it to understand this more clearly: www.w3programs.com/do-you-know-who-the-real-hackers-are-know-how-it-all-started-now/

I can swear that Hackers are who made the evolution in all that we see today in the web and computer possible!

But like i said before, do you know what made them tick off? What really piss them off?

I bet you will find that it is not what you thinks when you read this confession of a HACKER, where he explains the BIG WHY: www.w3programs.com/a-hacker-explains-why/

He ends it all by saying "I am a HACKER, and this is my MANIFESTO. You can stop this individual but you can't stop us all!

Wow!

this shld be on the homepage

Good job

abi

Nice piece

Nice

Ok

Chai...knowledge is power.

Am sure some will just read and go without understanding a single thing outta the piece...





_{Talking from experience}

importexpert:
Nice job

DaPhilosopher:
Nice1

okooloyun1:
.

igbsam:
abi

AnneMomoh:
Nice piece

Adesunkanmi:
Nice

umarc19:
Noted

money121:
Ok

It's not compulsory to comment on a topic you obviously know nothing about,

In other words.. Ways hackers can hack your site

Informative

MzNelly:









It's not compulsory to comment on a topic you obviously know nothing about,

U nko, wat do u know about d topic ?

umarc19:



U nko, wat do u know about d topic ?

At least I didn't go about booking space.

Nice post

Thanks for the info

Hmmm

kombats:
So which one did nairaland fell into that almost 15% of NL data got lost

the server was attacked, not nairaland.

ACCESS LOAN VENTURES LTD Are Direct Providers of Loan, Project Finance, BG, SBLC and all Letters of Credit. We offer very flexible loan terms and our interest rate is just 3% per year.

ALL OUR BG, SBLC AND LETTERS OF CREDIT ARE ISSUED BY TOP PRIME AAA RATED BANKS LIKE BARCLAY'S BANK LONDON, DEUTSCHE BANK AG GERMANY, HSBC, STANDARD CHARTERED BANK ETC.

Agents and brokers are also welcomed. We pay good commission to agents and brokers so if you want to be our broker or company representative just contact us for more details.

Email: accessloanventures@outlook.com OR info@accessloanventures.com
Website: http://www.accessloanventures.com
Twitter: @accessloankh

Nigerians don't have such hacking ability. So let me relax a bit.

MzNelly:









It's not compulsory to comment on a topic you obviously know nothing about,

Ode ni e! And what did u write? You mentioned us to write poo! Who is more stwepid among us?

Olodo!

MzNelly:


At least I didn't go about booking space.

U take style book space by quoting us nah..

Ontarget:
Nigerians don't have such hacking ability. So let me relax a bit.

drop ur site url nd letz see ow true ur comment is

segtak25:


source : http://techcribng.com/10-website-security-issues-every-website-owner-should-be-aware-of/

Educational.

nice

you forget to add
xpath injection
unsecure of data through http eg password
buffer over flow
disclosure of internal path
to mention but few

Tips

LOOKING FOR MY PENCIL