Have you ever attempted to understand all that technical jargon that goes along with web security? Some of these websites, while extremely important, can be difficult for people to understand. What most novice webmasters do is to click away in confusion and figure out that you will deal with any security issues as they happen. Naturally this is not the right approach at all. This article will help simplify some of these terms so that you can look into this topic more deeply and with more understanding.
The Most Fundamental Part of the Internet
Uniform Resource Identifier is the address of your website, or the part that shows up in the browser bar. When someone enters the first part of the address the search engines start their search. This address is then appended with more information to deepen the search into any website.
It is the code at the end of the URI that is important when it comes to web security. For example:
will take you to our homepage.
takes you straight to this article.
You can add all kinds of elements to the main address, including links to images, articles and files. If a hacker can override these and add things to your HTML code, you have no idea where your site might point to. Or more importantly what it might show to a visitor; be they parts of your website or files that you do not want exposed.
Specific Types of Internet Security Issues
Next we will look at the types of attacks your website might experience:
This is when a URI or form field sends your server an SQL command . SQL is the language understood by most database systems to store and retrieve information.
Cross Site Scripting or XSS
This is a function that you definitely do not want to allow on your server. It would allow people to find all your folders on your server. You can imagine what they would do if they had this type of access.
Cross Site Request Forgery
The best way to describe this is by allowing users to send information to into your database. The most common method is by forms. Potentially it can allow any form of attacker to get access to private information such as payment and banking details.
Remote File Inclusion or RFI
This happens when a flaw in your website allows a hacker to add a code from another server to run on your server.
This is a method that fools people into entering personal information into a website designed to look like another. The most common are banking websites, PayPal, etc.
This uses CSS and inline frames and gets people to click something without them realizing what or where they are clicking too.
A hacker may trick people into entering or revealing information they may not otherwise. By changing the URI and taking advantage of the flaws listed above, you may not realise what is happening.
This short article at least gives you a better understanding of some of those terms that you may have seen when reading about web security.