SQL injection occurs when an attacker uses SQL scripts to send information to the server by using the website forms and URL's. If, the website form data is not sanitized before been sent to the database it can lead to this attack. Without sanitization, an attacker can post any data they want directly to the database thus been able to access the information stored and alter the information if so desired. It is easy to make an SQL query, insert it into a form field with whichever parameters one desires and this would compromise the security of the website and its data. Using SQL injection, an attacker can capture sensitive information stored in the database like passwords or credit card details. To prevent this attack, the website developer will need to ensure that the website form fields do not accept any SQL statements. This will be through ensuring that all data received from website form fields is escaped correctly. Using error handlers the website developer can detect any SQL statements before they are submitted to the database, thus, ensuring that their servers will not be compromised in any way.
Cross-site scripting is a website vulnerability that uses the browser security flaws. Bypassing access controls, attackers are able to inject client-side scripts from malicious websites using trusted websites that have been authorized by the user. This flaw occurs unknowingly by the developers as they permit the connecting of different web technologies in their codes. Managing this risk is tricky as one may permit a genuine web application, but the application developers' server may be compromised. Ensuring that web applications linked from the website are safe is the sure way to mitigate against this threat. Web developers should also keep their website script updated to counter this form of attack.
PHP remote file attack occurs when the website developer does not validate the data they receive from their website forms. The attacker can output files from the server by using...
The file will contain the malicious code that would be used for the attack Cavusoglu, Mishra, & Raghunathan, 2004.
These attacks have been on the decline as more web developers are now validating any data they receive from their web forms. Using apache configurations, and network security a developer can ensure that this attack would not attack. Another method of managing this risk is ensuring the code used to develop the web application does not leave room for an attacker to attach any files.
Conclusion
Website vulnerabilities and client-side application flaws can be coupled together. This is because a majority of the attacks that affect client-side applications often emanate from websites, when a visitor downloads a document or a file from a website that contains malicious code. The other reason for coupling them together is because a majority of the website attacks are usually targeted at the site visitors, either one want to attack the visitors' computers, or they want to access their sensitive data that is stored in a website server. Therefore, it is essential that website developers ensure that their websites are safe and cannot be used for attacks.
References
Anandarajan, M. (2002). Profiling Web Usage in the Workplace: A Behavior-Based Artificial Intelligence Approach. Journal of Management Information Systems, 19(1), 243-266.
Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers. International Journal of Electronic Commerce, 9(1), 69-104.
Doerr, H.M., & Hecht, C.G. (1995). Navigating the Web. The Mathematics Teacher, 88(8), 716-719.
Hansen, L., & Nissenbaum, H. (2009). Digital Disaster, Cyber Security, and the Copenhagen School. International Studies Quarterly, 53(4), 1155-1175.
