Website Hacking

Posted on by

Hacking is hackneyed for the hacker, but is a serious issue for companies whose websites happen to be the face to the external world. Corporate websites are also the point of sale for ecommerce applications.

.us.gov websites are the most highly targeted web sites when it comes to hacking, but others are not an exception. A lot of security centric product companies invest resources towards ethical hacking to understand a hackers mind and counter measures thereon.

Consider a situation wherein your house was burgled and you lost something which is very priceless such as an old photo album. You were procrastinating to get a security system installed .The analogy can be applied to a corporate website which if gets hacked could lose price less information as well as information having monetary value. On the priceless front, it could be a prospective partner trying to access your site for potential tie up and on the monetary front, expensive source code or any other internal assets. Denial of Service is one side of the story followed by revenue impact in the form of missing customers or angry users.

Certain fundamental steps shall insure and safe guard your internet site from a potential hacker. These are in addition to what you could insure after using a threat modelling tool coupled with SQL Injection, Cross Site Scripting verification amongst other things.

1) Have a strong password policy. This should not be limited to special characters, combination of upper and lower case. It is more of a pass phrase. Avoid predictable names such as companyName123, companyName123$, companyName~1. These are easy to crack

2) Disable all unwanted ports such as FTP, Telnet as these could make your site vulnerable for data siphoning

3) Have captcha mechanism where user is expected to fill in information to circumvent automated spam programs

4) Have logic built into your code to identify suspicious IP Addresses OR fire wall mechanism by the service provider

5) Make sure, there are no executable links available from the view source option. Media Files that could make a call to the server

6) Optimize the code to insure media files are not calling the server for content

7) If using a Linux environment, make sure to have the upper limit of numprocesses, numfiles set to a higher and a realistic value

8) Peer review of the code OR use a code analysis tool like CAST Software

These simple steps might let you avoid an external hack!

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>