Web Hosting Security

  Home arrow Web Hosting Security arrow Page 2 - Security Vulnerabilities of Web Applic...
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
WEB HOSTING SECURITY

Security Vulnerabilities of Web Applications
By: Barzan 'Tony' Antal
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 5
    2009-11-11

    Table of Contents:
  • Security Vulnerabilities of Web Applications
  • The Unfortunate Part
  • What Can We Do?
  • Dangers Lurking in Your Mailbox

  • Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     

    SEARCH WEB HOSTERS

    TOOLS YOU CAN USE

    advertisement

    Security Vulnerabilities of Web Applications - The Unfortunate Part


    (Page 2 of 4 )

    On the previous page we presented tidbits of stories where the ethical hacker compromised the security of various top companies specializing in antivirus and other software solutions to offer the best security. Most people wouldn't even dare to imagine that those could ever be broken into, while for the hacker, they were pretty easy targets. 

    The moral of the story is quite simple. It may even shock some of you, but this is the unfortunate reality once we get into the virtual world of the Internet. While you may do your best to secure your network and have become even a little paranoid about security, it may happen that a company you trusted has been compromised, and their entire database is stolen, including your sensitive information. Now what happens?

    Let me quote something from the Casino Royale, James Bond 007 movie.

    "Mr. White: Money isn't as valuable to our organization as knowing who to trust."

    It is critically important to know who to trust with your sensitive information. Sure, we can't predict which websites are safe; the only thing we can do is hope that these top-level professional companies are doing their best to keep our sensitive data safe. Excluding these top companies, the others tend to be "easy targets," so we should always think of the possible consequences when filling out those registration pages.

    Now that we've made you aware of the possible consequences, let's talk a little bit about how these vulnerabilities are exploited and how the attacker can gain access to your sensitive data and tens of thousands of other people's. In order to fully understand this, we need to introduce the concept of RDBMS.

    Relational Database Management Systems (RDBMS) are software solutions that offer database management capabilities. They are used practically everywhere on the Internet where a specific kind of information must be stored that is categorized. Basically, every forum, blog, online shop, and so forth is based on a database.

    These are almost always on the back-end, meaning you aren't working with them directly on the visible part of a web site. They are used mostly for storage purposes. They work like this: data gets stored in these databases, which later can be retrieved by querying the database. This is the basic methodology. It's that simple. 

    The size of these databases varies from really tiny up to literally so huge that you could not even comprehend it. Popular websites with millions of registered users (think about social sites like MySpace, Hi5, Orkut, or online shopping like Amazon or eBay) all store the information their supply them with. In the case of online shopping you can easily guess that this also includes credit/debit card information.

    It is quite understandable that the web pages can address queries to the database server(s) to retrieve information; for example, John Smith logs into Amazon. His information is retrieved and can be accessed within the My Account panel. A potential attacker, if he or she is able to compromise the database of an online shopping site, has access to the financial information of every past and present customer of the shop.

    All right, so now you can realize how serious the situation can become. One might question who the heck is responsible for those hazards or possible dangers. Tackling these subjects is beyond our article's purpose. The bottom line is that via specific techniques, which are gaining exposure as of late within communities practicing these kinds of sports, if the database is vulnerable, it can be broken into.

    More Web Hosting Security Articles
    More By Barzan 'Tony' Antal

    WEB HOSTING SECURITY ARTICLES

    - For Online Security, Invest in People
    - World`s Third-Largest Botnet Bites the Dust
    - Yahoo Security Breach Highlights Poor Practi...
    - How to Prevent Mobile Malware
    - FBI Issues Internet Security for Travelers a...
    - More of the Top Internet Scams
    - How to Stop Phishing Scams
    - Social Networking Safety Tips
    - How to Avoid Financial Fraud Online
    - Android`s Most Notorious Trojans and Viruses
    - GFI Report Details Top 10 Threat Detections ...
    - Sophos Releases Security Threat Report 2012
    - Facebook Safety Tips for 2012
    - Email Scam Hits Apple Users
    - Tips for Mobile Security

    Developer Shed Affiliates

     




    © 2003-2017 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap