5 Security Risks to Your Website

June 28th, 2014 by Aravind Ajith

When you have a website for your business or for your personal life, one thing that you have to be careful about is website security.  This is important not only for your business or your own information, but for your visitors and your customers.  Without having the proper protection, such as something like the free antivirus software listed here, you are in danger of the risks that are listed below.


CSRF stands for Cross Site Request Forgery.  This kind of attack forces the browser of a logged-on victim to send out forged HTTP requests, which includes the session cookie of the victim and any other information that has been automatically included to a web application that’s vulnerable.  This will allow the hacker to force the victim’s browser to generate requests that your application thinks are legitimate.

2. Security misconfiguration

This will often happen beyond just your own website application.  When you have good security, it requires having the security well defined and deployed for your application server, application, frameworks, database server, web server, and platform. These settings have to be defined as well as implemented and maintained since a lot of them aren’t shipped with defaults that are secure. This will include keeping all of the software up-to-date, which includes all of the code libraries the application is using.  A lot of these types of misconfigurations aren’t even in your control directly. Sometimes they will arise from the configuration of your website host.

3. Cryptographic Storage that’s Insecure

OWASP warns that a lot of web applications aren’t properly protecting sensitive data, like SSNs, authentication credentials, and credit cards, using appropriate hashing or encryption. Attackers often modify or steal data that’s not protected properly to do crimes such as credit card fraud and identity theft.

4. Not Restricting URL Access

This is a very insidious security risk to websites that often isn’t noticed. A lot of applications check the access rights prior to rendering protected buttons and links. But applications have to do similar checks every time access is requested to the pages or the attackers can forge the URLs in order to access the hidden pages.

5. Invalidated Page Forwards and Redirects

The web applications will frequently forward and redirect the users to other websites and pages, and use the untrusted data in order to figure out these destination pages. If there isn’t proper validation, the attackers are able to redirect the victims to malware or phishing sites, or they will use the forwards to gain access to unauthorized web pages.

When you have a website, particularly one for your business, you want to make sure that everything is secure to protect your visitors and customers. Protect yourself and your visitors and customers by protecting their privacy and their information. It will help your customers and your business, while gaining reputation as a trusted site.