Web Application Vulnerabilities and Security

Web Application Vulnerabilities and security

SQL Injection
SQL stands for the structured query language. The SQL injection is an injection attack which gives an attacker the feasibility to inject or we can say to execute SQL statements which can directly communicate with the database of the web application also known as a relational database management system.

Cross Site Scripting (XSS)
The most common vulnerability is XSS. It also allows an attacker to inject the code but that code is which means javascript code into the page. XSS is a client-side vulnerability which allows an attacker to execute malicious scripts.

Same types are here: 

Persistent or Stored XSS
    In this type of XSS, the code gets stored in the database and is the most dangerous form of  XSS.
DOM Based XSS
    In this type of XSS, the code runs on the client machine without communicating with the web server.

Reflected XSS   In this type of XSS, the code only gets executed when the user runs some specific URL.
RFI

   RFI stands for Remote File Inclusion. It gives the attacker the ability to upload custom files on the server like viruses or payloads or shells. It can be used to easily deface a website.

LFI
   LFI stands for Local File Inclusion. LFI allows an attacker to view the files stored on a server. It allows an attacker to do the directory traversal and visit the sensitive files which one must not visit.

Most common vulnerabilities found in Web Application.
Other vulnerabilities are:

 Broken Authentication

DOS & DDos

Server Rooting

ClickJacking Attacks

Social Engineering

For Tempering

Remote Code Execution

DNS Cache Poisoning

HTML Injection

Security Misconfiguration

Secure WordPress Website

Keep Your Website and Plugin’s Update

The easy way is to keep your site secure update your WordPress Website Regularly base, So You will be website will be old vulnerability free .You can see on there is regularly bugs found in Plugins, themes, and WordPress, that’s why you need to update your plugins and themes to avoid the risk of security bug. 

Set Secure Password To Avoid 

Bruteforce Risk

Brute Force is a way to crack a password by guessing the password by script or tool, if you set easy password for example admin123 on admin@123 or 12345678, this password can be cracked in 1 minute using brute force software and other ways.

Chose a strong username and passwords for your admin penal, like this password: K@@shm!r++1 or 1@3$5%zZka or

lkfd@lkdj13...............

Choose a Good Hosting For Your Website

This is the best way to secure your website more secure by choosing a good hosting company who provides multiple layers of security.

Install a WordPress Security Plugin

There is a lot of Plugins Free and Paid You can choose any Security plugin for your WordPress website and keep your website secure, if you are running an e-commerce website then you need to use a paid plugin.

Disable File Editing

1. Go on your dashboard then click on Appearance>Editor. Another way you can find the plugin editor is by going under Plugins>Editor.

Once your site is live we recommend that you disable this feature. If any hackers gain access to your WordPress admin panel,

To disable the ability to edit plugins and the theme file, simply paste the following code in your wp-config.php file.

Change your WP-login URL

Hide your WordPress admin URL to avoid the hacking risk of your website, the best way is to use admin hide plugin simple keep the secure and easy way to install the plugin and enter your new URL......

Limit Login Attempts

Click on Add plugin Search for login limit attempts and install it. After you’ve installed the plugin you can change the number of login attempts via Settings> Login Limit Attempts......