Web Hosting Security

  Home arrow Web Hosting Security arrow Page 4 - Security Vulnerabilities of Web Applic...
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
WEB HOSTING SECURITY

Security Vulnerabilities of Web Applications
By: Barzan 'Tony' Antal
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 5
    2009-11-11

    Table of Contents:
  • Security Vulnerabilities of Web Applications
  • The Unfortunate Part
  • What Can We Do?
  • Dangers Lurking in Your Mailbox

  • Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     

    SEARCH WEB HOSTERS

    TOOLS YOU CAN USE

    advertisement

    Security Vulnerabilities of Web Applications - Dangers Lurking in Your Mailbox


    (Page 4 of 4 )

    Targeted fraud attempts are much more popular than one might guess. Companies are doing their best to inform and prepare their users to be aware of these attempts. Generally, these arrive in the shape of an e-mail trying to use social engineering to get the user to give out his or her sensitive data. Surely, this kind of attack does not yield the kind of return that can be had from breaking into an entire database, but with enough targets (like millions) the results can become significant.

    How do these work? The user receives a mail from a fake address- but the address looks legit; this is the general rule. There are well-documented techniques through which this is possible. The attacker composes a malicious email that also looks quite legit, trying to convince the user that due to some sort of security check or server maintenance or who knows what else, the user is required to re-enter his or her sensitive information.

    Now the attacker requests that this happen via the victim sending a reply mail to their email box, which is monitored by them, or via a much more advanced technique where the user is sent to a website that looks exactly identical to the official, legitimate one. The user may not verify the link on which s/he clicks. Basically the website of the legitimate company is mirrored on the attacker's web server. The user thus thinks it's safe to enter his data.

    These kinds of email scams are really popular in the case of PayPal. You may have already received emails that begin with "Dear PayPal User" or "Dear PayPal Member." Haha! Good joke. PayPal cannot stress enough that under no circumstance should you EVER give out any of your sensitive data without being 100% sure, and you can be sure only if you type in the website yourself, not by using redirection or by clicking on links from forums or emails.

    Before closing this article, we should also state that these malicious techniques are usually called "phishing" attempts. Their basic methodology is to convince the user to visit their own website, which looks authentic and legitimate, and then make them type in their information. This is just as dangerous as unknown people offering candy or ice cream to little kids on the streets, you know. So be careful. See you in the next part!

    In closing, I'd like to invite you to join our community of technology professionals experienced in all areas of IT&C starting from software and hardware up to consumer electronics at Dev Hardware Forums. Also, be sure to check out the community of our sister site at Dev Shed Forums. We are friendly and we'll do our best to help you.


    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

    WEB HOSTING SECURITY ARTICLES

    - For Online Security, Invest in People
    - World`s Third-Largest Botnet Bites the Dust
    - Yahoo Security Breach Highlights Poor Practi...
    - How to Prevent Mobile Malware
    - FBI Issues Internet Security for Travelers a...
    - More of the Top Internet Scams
    - How to Stop Phishing Scams
    - Social Networking Safety Tips
    - How to Avoid Financial Fraud Online
    - Android`s Most Notorious Trojans and Viruses
    - GFI Report Details Top 10 Threat Detections ...
    - Sophos Releases Security Threat Report 2012
    - Facebook Safety Tips for 2012
    - Email Scam Hits Apple Users
    - Tips for Mobile Security

    Developer Shed Affiliates

     




    © 2003-2017 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap