Security Vulnerabilities of Web Applications - What Can We Do?
(Page 3 of 4 )
Breaking into a database server can create confusion because the entire process happens in a discreet fashion. In general, most databases are compromised via so-called "injection" techniques. These come in various forms and shapes; the next article will cover the most popular ones and describe how and why they work, without giving out exact details, of course.
Database injection techniques should be understood as commands that are forced upon the database server to be executed. Just like the web page queries the database server for your member information when you visit your Account section, the potential attacker queries for information to which he does not have access, such as the sensitive data of registered members. These queries are possible due to security vulnerabilities.
These vulnerabilities are database-specific, meaning there are general guidelines as to which database is probably vulnerable to which exploits, but usually each scenario is different and unique. Patching these security holes requires not only a specific set of skills but also patience-lots of it. That's why it's not uncommon at all to find that some of the most popular websites are somewhat vulnerable to exploits.
If there's one thing you should learn from this article, it's to be careful of who you trust. This rule applies in the virtual world more than it does in the real world. Unfortunately, the WWW is becoming more of a Wild Wild Web than its original meaning. And we need to adapt. We are becoming lazier and tend to give out our sensitive data to anyone.
It has become the norm to order everything online; you generally not only save money, but also time and energy. It is comfortable. You just click and add things into your shopping cart, approach the checkout, and finally pay via your bank account/card, giving out not only your numbers but also expiration date and verification code. These are often, as promised, transferred in a secure form.
However, the problem does not come from the way the data is carried (though that's also possible and can be compromised). Most of the time these are stored and retrieved by the attacker at a later date when no one expects it to happen. These bad guys also cover their tracks. What you need to learn is that high-profile companies (in the online world, too) are much more trusted and secure.
This means that you should not sign up and give out your financial information to any unpopular "no-name" websites that ask you for it. Always be careful of where you are ordering from. Not only are popular websites more secure, but they also have thousands of users, so even if their database is broken into, chances are slim that your debit/credit card numbers will be used. Nah - this one was a joke - but it's true.
Now let's continue and find out some of the dangers that can lurk in your mailbox...
More Web Hosting Security Articles
More By Barzan 'Tony' Antal