This session focused on security issues that most sites are prone to and what can web developers and web masters do to protect their site against these security vulnerabilities.
Here are some of the highlights from the session:
- Hackers can have various motivations to find security loopholes on your site. Some of the major reasons why they hack your web site are to:
- Drop links or cookies
- Steal logins, blackmail people
- Build botnets
- Redirect users to 3-rd party sites selling advertisement
- Crush competition
- Steal credit cards
- Abuse your server (email, attacks, etc)
- Hackers use multiple tools to accomplish their goals. In general, basic hacking has become easier since most of the information is available online to general public. Not only that, portscanners, evil software – SARA Brutus, etc – can be used by hackers to find potential holes on your site.
- The 1st entry point of attack is SQL injection, i.e. “input SQL statements in a web form to get a badly designed website to dump the database content to the attacker.” SQL injection happens because of incorrect type handling, incorrect pagination, username and password fields.
- To ensure that your site is hardened against these attacks, you can take the following steps:
-
- Check your access logs
- Check file modification time
- Revert to backup
- Change passwords
- Patch the hole
- Audit your site regularly
- Use the same tools hackers employ to find loopholes on your site. But be careful: if the tools are not used properly, you can compromise the security of your own site
- Identify access patterns of automated tools. Sqlmap is a great free tool that you can use to find access patterns used by hackers
- Blacklist hosts that initiate attacks
- Never connect to the database as a super admin user or the database owner
- Check expected data type
- Escape user supplied values
- Do not print out any database specific information, especially about the schema
- Do not show raw errors to the display
- Some of the tools you can use to protect yourself
-
- Iptables – for linux server
- Squit, Snort, Guardian – these tools help filter for SQL injection, disables remote IP attack, and speeds up your site
- Logwatch – basic monitoring of your log files
- Honeypots