SECURING WEB

INTRODUCTION
Web Security is very important nowadays.
Websites are always prone to security
threats/risks. Web Security deals with the
security of data over the internet/network or
web or while it is being transferred to the
internet. For e.g. when you are transferring
data between client and server and you have to
protect that data that security of data is your
web security.
 WEB SAFETY

Keep Software And Plugins Up-To-Date:

• Every day, there are countless websites compromised due to outdated
software. Potential hackers and bots are scanning sites to attack
• Updates often contain security enhancements and vulnerability repairs.
• Some platforms allow automatic updates, which is another option to ensure
website security.
Add HTTPS and an SSL Certificate:

To keep your website safe, you need a secure

URL. If your site visitors offer to send their
private information, you need HTTPS, not
HTTP, to deliver it.
HTTPS:
• HTTPS (Hypertext Transfer Protocol Secure) is a protocol used to provide
security over the Internet. HTTPS prevents interceptions and interruptions
from occurring while the content is in transit.
• For you to create a secure online connection, your website also needs an SSL
Certificate. If your website asks visitors to register, sign-up, or make a
transaction of any kind, you need to encrypt your connection
SSL
• SSL (Secure Sockets Layer) is another necessary site protocol. This transfers
visitor’s personal information between the website and your database. SSL
encrypts information to prevent it from others reading it while in transit
• It denies those without proper authority the ability to access the data, as well.
GlobalSign is an example of an SSL certificate that works with most
websites
WEB SECURITY THREATS
• Cross-site scripting (XSS)
• SQL Injection
• Phishing
• Ransomware
• Code Injection
• Viruses and worms
• Spyware
• Denial of Service
Beware of SQL Injection:
• SQL Injection is an attempt to manipulate your data or your database by
inserting a rough code into your query. For e.g. somebody can send a query
to your website and this query can be a rough code while it gets executed it
can be used to manipulate your database such as change tables, modify or
delete data or it can retrieve important information also so, one should be
aware of the SQL injection attack.
Apply for a Web Application Firewall
• Make sure you apply for a web application firewall (WAF). It sets between
your website server and the data connection. The purpose is to read
every bit of data that passes through it to protect your site.
• Today, most WAFs are cloud-based and are a plug-and-play service. The
cloud service is a gateway to all incoming traffic that blocks all hacking
attempts. It also filters out other types of unwanted traffic, like
spammers and malicious bots.
Choose a Smart Password
• Create a unique password for every new log in request. Come up
with complicated, random, and difficult to guess passwords. Then,
store them outside the website directory.
• For example, you might use a 14-digit mixture of letters and
numbers as a password. You could then store the password(s) in
an offline file, a smartphone, or a different computer.