Web Application Vulnerabilities and security
SQL Injection
SQL stands for the structured query language. The SQL injection is an injection attack which gives an attacker the feasibility to inject or we can say to execute SQL statements which can directly communicate with the database of the web application also known as a relational database management system.
SQL stands for the structured query language. The SQL injection is an injection attack which gives an attacker the feasibility to inject or we can say to execute SQL statements which can directly communicate with the database of the web application also known as a relational database management system.
Cross Site Scripting (XSS)
The most common vulnerability is XSS. It also allows an attacker to inject the code but that code is which means javascript code into the page. XSS is a client-side vulnerability which allows an attacker to execute malicious scripts.
The most common vulnerability is XSS. It also allows an attacker to inject the code but that code is which means javascript code into the page. XSS is a client-side vulnerability which allows an attacker to execute malicious scripts.
Same types are here:
Persistent or Stored XSS
In this type of XSS, the code gets stored in the database and is the most dangerous form of XSS.
DOM Based XSS
In this type of XSS, the code runs on the client machine without communicating with the web server.
In this type of XSS, the code gets stored in the database and is the most dangerous form of XSS.
DOM Based XSS
In this type of XSS, the code runs on the client machine without communicating with the web server.
Reflected XSS In this type of XSS, the code only gets executed when the user runs some specific URL.
RFI
RFI
RFI stands for Remote File Inclusion. It gives the attacker the ability to upload custom files on the server like viruses or payloads or shells. It can be used to easily deface a website.
LFI
LFI stands for Local File Inclusion. LFI allows an attacker to view the files stored on a server. It allows an attacker to do the directory traversal and visit the sensitive files which one must not visit.
LFI stands for Local File Inclusion. LFI allows an attacker to view the files stored on a server. It allows an attacker to do the directory traversal and visit the sensitive files which one must not visit.
Most common vulnerabilities found in Web Application.
Other vulnerabilities are:
Other vulnerabilities are:
Broken Authentication
DOS & DDos
Server Rooting
ClickJacking Attacks
Social Engineering
For Tempering
Remote Code Execution
DNS Cache Poisoning
HTML Injection
Security Misconfiguration
Secure WordPress Website
Keep Your Website and Plugin’s Update
The easy way is to keep your site secure update your WordPress Website Regularly base, So You will be website will be old vulnerability free .You can see on there is regularly bugs found in Plugins, themes, and WordPress, that’s why you need to update your plugins and themes to avoid the risk of security bug.
Set Secure Password To Avoid
Bruteforce Risk
Brute Force is a way to crack a password by guessing the password by script or tool, if you set easy password for example admin123 on admin@123 or 12345678, this password can be cracked in 1 minute using brute force software and other ways.
Chose a strong username and passwords for your admin penal, like this password: K@@shm!r++1 or 1@3$5%zZka or
lkfd@lkdj13...............
Choose a Good Hosting For Your Website
This is the best way to secure your website more secure by choosing a good hosting company who provides multiple layers of security.
Install a WordPress Security Plugin
There is a lot of Plugins Free and Paid You can choose any Security plugin for your WordPress website and keep your website secure, if you are running an e-commerce website then you need to use a paid plugin.
Disable File Editing
- Go on your dashboard then click on Appearance>Editor. Another way you can find the plugin editor is by going under Plugins>Editor.
Once your site is live we recommend that you disable this feature. If any hackers gain access to your WordPress admin panel,
To disable the ability to edit plugins and the theme file, simply paste the following code in your wp-config.php file.
Change your WP-login URL
Hide your WordPress admin URL to avoid the hacking risk of your website, the best way is to use admin hide plugin simple keep the secure and easy way to install the plugin and enter your new URL......
Limit Login Attempts
Click on Add plugin Search for login limit attempts and install it. After you’ve installed the plugin you can change the number of login attempts via Settings> Login Limit Attempts......
0 comments:
Post a Comment