Amazines Free Article Archive
www.amazines.com - Friday, December 04, 2020
Read about the most recent changes and happenings at Amazines.com
Log into your account or register as a new author. Start submitting your articles right now!
Search our database for articles.
Subscribe to receive articles emailed straight to your email account. You may choose multiple categories.
View our newest articles submitted by our authors.
View our most top rated articles rated by our visitors.
* Please note that this is NOT the ARTICLE manager
Add a new EZINE, or manage your EZINE submission.
Add fresh, free web content to your site such as newest articles, web tools, and quotes with a single piece of code!
Home What's New? Submit/Manage Articles Latest Posts Top Rated Article Search
Google
Subscriptions Manage Ezines
CATEGORIES
 Article Archive
 Advertising (133435)
 Advice (161176)
 Affiliate Programs (34757)
 Art and Culture (73748)
 Automotive (145650)
 Blogs (75234)
 Boating (9844)
 Books (17221)
 Buddhism (4128)
 Business (1329027)
 Business News (426382)
 Business Opportunities (366354)
 Camping (10967)
 Career (72752)
 Christianity (15849)
 Collecting (11638)
 Communication (115068)
 Computers (241942)
 Construction (38921)
 Consumer (49685)
 Cooking (17068)
 Copywriting (6653)
 Crafts (18205)
 Cuisine (7544)
 Current Affairs (20419)
 Dating (45889)
 EBooks (19696)
 E-Commerce (48224)
 Education (185303)
 Electronics (83507)
 Email (6407)
 Entertainment (159839)
 Environment (28927)
 Ezine (3039)
 Ezine Publishing (5451)
 Ezine Sites (1550)
 Family & Parenting (110929)
 Fashion & Cosmetics (196424)
 Female Entrepreneurs (11847)
 Feng Shui (131)
 Finance & Investment (310448)
 Fitness (106332)
 Food & Beverages (62917)
 Free Web Resources (7940)
 Gambling (30223)
 Gardening (25151)
 Government (10533)
 Health (629687)
 Hinduism (2206)
 Hobbies (44055)
 Home Business (91582)
 Home Improvement (251106)
 Home Repair (46178)
 Humor (4832)
 Import - Export (5453)
 Insurance (45105)
 Interior Design (29585)
 International Property (3485)
 Internet (191008)
 Internet Marketing (146481)
 Investment (22849)
 Islam (1167)
 Judaism (1356)
 Law (80455)
 Link Popularity (4595)
 Manufacturing (20858)
 Marketing (99002)
 MLM (14136)
 Motivation (18221)
 Music (27012)
 New to the Internet (9496)
 Non-Profit Organizations (4048)
 Online Shopping (129631)
 Organizing (7805)
 Party Ideas (11853)
 Pets (38069)
 Poetry (2234)
 Press Release (12683)
 Public Speaking (5635)
 Publishing (7528)
 Quotes (2407)
 Real Estate (126636)
 Recreation & Leisure (95398)
 Relationships (87678)
 Research (16171)
 Sales (80337)
 Science & Technology (110257)
 Search Engines (23488)
 Self Improvement (153227)
 Seniors (6236)
 Sexuality (35949)
 Small Business (49284)
 Software (83015)
 Spiritual (23475)
 Sports (116095)
 Tax (7659)
 Telecommuting (34067)
 Travel & Tourism (307870)
 UK Property Investment (3121)
 Video Games (13428)
 Web Traffic (11748)
 Website Design (56838)
 Website Promotion (36596)
 World News (1000+)
 Writing (35790)
Author Spotlight
ELLISEN WANG

I'm Ellisen, nice to meet you! Obviously you're here because you want to know who I am. Wel...more
PUSHPA SRIVASTAVA

Pushpa Srivastava is an SEO strategist that helps online business owners figure out how to grow thei...more
CACEY TAYLOR

Im just a man who likes to be happy and see others happy. Im into home business, sports, family, and...more
ELLIOT CHANG

Financial analyst and author writing on economy and business. ...more
AVINASH KABRA

Avinash Kabra is a young & dynamic Technopreneur, Digital Marketer, Blogger, Foodie and Travel Enthu...more


Top Ten Data Security Risk and How To Counter Them by Kevin Thomas





Article Author Biography
Top Ten Data Security Risk and How To Counter Them by
Article Posted: 10/12/2012
Article Views: 410
Articles Written: 4
Word Count: 767
Article Votes: 0
AddThis Social Bookmark Button

Top Ten Data Security Risk and How To Counter Them


 
Internet,Science & Technology,Website Design
Internet applications face the constant threat of attack from numerous sources using an ever increasing number of methods to exploit vulnerabilities in the application or underlying infrastructure. Application and service providers need to be ever more vigilant in order to keep up. The following are the top ten methods used (not in order) and some suggestions to help counteract them.

1. Injection: When hostile data is sent to the interpreter as part of a command, an injection is said to have occurred. SQL, OS, and LDAP injection are common occurrences in this regard. The hostile data can trick the interpreter by performing commands intended by the attacker and can result in data leakage.

SQL Inject Me is a tool that can help to minimize the risk of injection.

2. Cross Site Scripting: When an application takes hostile data and sends it to a web browser without authorization, Cross Site Scripting (XSS) takes place. The damage done can result in the user being directed to malicious websites and the user sessions being hijacked. ZAP is a highly recommended tool to minimize the risk of XSS.

3. Broken Authentication: Broken authentication is a common security risk that can result in identity theft. If the web application functions that deal with user authentication and session management are not implemented properly, precious user data including their passwords and credit card information can be sent to an attacker. Hackbar deals proficiently with broken authentication security risk.

4. Insecure Direct Object References: These can occur if an object is under exposure of an insecure reference. If security measures are not implemented, hackers can easily control the reference in order to get their hands on data. Burp Suite can be used to test web applications for insecure direct object references.

5. Cross Site Request Forgery: As the name suggests, in this kind of security breach, the attackers can forge requests from an unaware logged on victim. The web application receiving the requests has no way of authenticating whether the requests are sent by the original user or by the attacker. Tamper Data is a commonly used tool to modify HTTP/HTTPS headers and POST parameters. However, the tool has recently run into some compatibility issues with Google accelerator.

6. Security Misconfiguration: Security misconfiguration occurs when the code libraries being used by the application are not up to date and secure configurations for all frameworks, platforms, and servers are not defined. Microsoft baseline security analyzer can be used to test the security configuration. Watabo is also a good tool in this regard.

7. Insecure Cryptographic Storage: Web applications must store sensitive data such as credit card information, passwords, SSNs, and other similar data entries by using proper encryption. If such data is weakly protected, attackers can easily gain access to it. Developers must ensure that the correct data is being encrypted, must avoid known bad algorithms, and must ensure that the key storage is adequate. Furthermore, the developers must be able to identify sensitive data and take steps to moved this data from memory as soon as it is not required.

8. Failure to Restrict URL Access: Most web applications check for URL security access when protected pages are being accessed, but do not perform these checks each time. As a result, attackers can easily forge URLs and access sensitive data and hidden pages. Veracode’s static code analysis tool is a good solution to find URL access vulnerabilities in your application code.

9. Insufficient Transport Layer Protection: Through transport layer protection, web applications can assure the users that their interaction with the website is happening in a secure environment and their data is secure from attackers. When there is insufficient TLS, the user can be prompted with a warning about the low protection. Without transport layer protection user confidentiality and sensitive data are at risk. Implementing SSL (secure Socket Layer) is currently the most common way to provide this protection and the SSL implementation need to be check to ensure that it is correctly implemented. Calomel SSL Validation is a helpful add-on in this regard.

10. Unvalidated Redirects and Forwards: Web applications sometimes direct users to different pages and links without any validation. These unvalidated redirects can result in the user landing on malicious pages and websites. Veracode’s static code analysis tool or Codeplex’s Watcher can be used to find and eradicate this security risk in your coding.

In conclusion, no web application can ever truly be 100% secure, but with consistent security analysis applications can be improved to protect the users from most attackers.

Related Articles - Data Security, Internet Security, XXS, Cross Side Scripting, SQL Injection, SSL, Encryption,

Email this Article to a Friend!

Receive Articles like this one direct to your email box!
Subscribe for free today!

 Rate This Article  
Completely useless, should be removed from directory.
Minimal useful information.
Decent and informative.
Great article, very informative and helpful.
A 'Must Read'.

 

Do you Agree or Disagree? Have a Comment? POST IT!

 Reader Opinions 
Submit your comments and they will be posted here.
Make this comment or to the Author only:
Name:
Email:
*Your email will NOT be posted. This is for administrative purposes only.
Comments: *Your Comments WILL be posted to the AUTHOR ONLY if you select PRIVATE and to this PUBLIC PAGE if you select PUBLIC, so write accordingly.
 
Please enter the code in the image:



 Author Login 
LOGIN
Register for Author Account

 

Advertiser Login

 

ADVERTISE HERE NOW!
   Limited Time $60 Offer!
   90  Days-1.5 Million Views  

 

Great Paranormal Romance


STEVERT MCKENZIE

Stevert Mckenzie, Travel Enthusiast. ...more
PAUL RICE

hello everyone l been on the net since 2000 and enjoy my work l work as an affiliate and also have w...more
GENE MYERS

Author of four books and two screenplays; frequent magazine contributor. I have four other books "in...more
JASON NG

Jason Ng has a huge passion for the health and fitness industry as he strongly believes that having ...more
LAURA JEEVES

At LeadGenerators, we specialise in content-led Online Marketing Strategies for our clients in the t...more
TIM FAY

I am not a writer nor am I trying to become a writer. I am an average person with average intelligen...more
DAMIAN POWELL

Demonstrated exceptional leadership in the government and private sector at an executive level. Skil...more
XTAGE XIXTEEN

My name is Kingsley Chihozie. Am from the western part of Africa, Nigerian. Am a graduate of Abia St...more
CHRIS BURTON

I am an International Corporate Consultant specialising in the bespoke formation of offshore compani...more
SUSAN FRIESEN

Susan Friesen, founder of the award-winning web development and digital marketing firm eVision Media...more

HomeLinksAbout UsContact UsTerms of UsePrivacy PolicyFAQResources
Copyright © 2020, All rights reserved.
Some pages may contain portions of text relating to certain topics obtained from wikipedia.org under the GNU FDL license