Uploaded byRIPPER95
PPTX, PDF300 views

Website security

Website security is important to prevent unauthorized access, use, modification or disruption of websites. Threats can come from software flaws, insecure configurations, or misuse of features. Confidentiality, integrity and availability of information must be ensured. Common attacks include eavesdropping, tampering and impersonation of network traffic. Security controls like access management, operational procedures and technical measures help mitigate vulnerabilities and threats. Regular software updates, layered protections, HTTPS usage, and strong unique passwords are advised.

Embed presentation

Download to read offline
Website Security Name ID
Introduction  Ensuring that your website or open web application is secure is critical. Even simple bugs in your code can result in private information being leaked, and bad people are out there trying to find ways to steal data. This introductory article won't make you a website security guru, but it will help you understand where threats come from, and what you can do to harden your web application against the most common attacks
What is Website security?  The Internet is a dangerous place! With great regularity we hear about websites becoming unavailable due to denial of service attacks, or displaying modified information on their home pages. And other high-profile cases millions of passwords, email addresses and credit card details have been leaked into the public domain, exposing website users to both personal embarrassment and financial risk
What is Website security?  The purpose of website security is to prevent any sorts of attacks. More formally, website security is the act/practice of protecting websites from unauthorized access, use, modification, destruction or disruption
Information Security Basics  A basic understanding of information security can help you avoid unnecessarily leaving your software and sites insecure and vulnerable to weaknesses that can be exploited for financial gain or other malicious reasons. These articles can help you learn what you need to know. With this information, you can be aware of the role and importance of security throughout the web development cycle and beyond into deployment of your content  Confidentiality, Integrity, and Availability  Vulnerabilities  Threats  Security Controls
Confidentiality, Integrity, and Availability  Confidentiality:  It refers to protecting information from being accessed by unauthorized parties. In other words, only the people who are authorized to do so can gain access to sensitive data.  Integrity:  It refers to ensuring the authenticity of information—that information is not altered, and that the source of the information is genuine.  you try to connect to a website and a malicious attacker between you and the website redirects your traffic to a different website. In this case, the site you are directed to is not genuine  Availability:  It means that information is accessible by authorized users.
Vulnerabilities  There are many ways in which vulnerabilities can be categorized. But I will use three high-level vulnerability categories: software flaws, security configuration issues, and software feature misuse.  A software flaw vulnerability:  A software flaw vulnerability is caused by an unintended error in the design or coding of software. An example is an input validation error, such as user-provided input not being properly evaluated for malicious character strings and overly long values associated with known attacks  A security configuration:  A security configuration setting is an element of a software’s security that can be altered through the software itself  A security configuration issue vulnerability involves the use of security configuration settings that negatively affect the security of the software.  A software feature misuse:  A software feature misuse vulnerability is a vulnerability in which the feature also provides an avenue to compromise the security of a system. These vulnerabilities are caused by the software designer making trust assumptions that permit the software to provide beneficial features, while also introducing the possibility of someone violating the trust assumptions to compromise security
Threats A threat is any circumstance or event with the potential to adversely impact data or systems via unauthorized access, disclosure, or modification of information, and denial of service. Threats may involve intentional actors or unintentional actors. Threats can be local, such as a disgruntled employee, or remote, such as an attacker in another geographical area. A threat source is the cause of a threat, such as a hostile cyber or physical attack, a human error of omission or commission, a failure of organization-controlled hardware or software, or other failure beyond the control of the organization. A threat event is an event or situation initiated or caused by a threat source that has the potential for causing adverse impact. Network traffic typically passes through intermediate computers, such as routers, or is carried over unsecured networks, such as wireless hotspots. Because of this, it can be intercepted by a third party. Threats against network traffic include the following:
Threats against network traffic Eavesdropping: • Information remains intact, but its is compromised. For example, someone could learn your credit card number, record a sensitive conversation, or intercept classified information. 1 Tampering: • Information in transit is changed or replaced and then sent on to the recipient. For example, someone could alter an order for goods or change a person's resume 2 Impersonation: • Information passes to a person who poses as the intended recipient. 3
Security Control  Sensitive data should be protected based on the potential impact of a loss of confidentiality, integrity, or availability. Protection measures tend to fall into two categories.  First, security weaknesses in the system need to be resolved  Second, the system should offer only the required functionality to each authorized user, so that no one can use functions that are not necessary  There are three types of security controls  Management controls: The security controls that focus on the management of risk and the management of information system security  Operational controls: The security controls that are primarily implemented and executed by people  Technical controls: The security controls that are primarily implemented and executed by the system through the system's hardware, software, or firmware
Few Tips to Consider  Keep all software updated  Build layer of security around your site  Switch to HTTPS  Use strong passwords, change regularly  Make Admin directories tough to spot  Conclusion:
Few Tips to Consider  Most of us go through life with the philosophy ‘It won’t happen to me’. However, that philosophy has been proven not t be true in the world of online security. A successful attack on your site not only leads to compromising of users’ data and your own information, it can also lead to a blacklisting of your site by Google and other search providers as your infected site risks spreading malicious content throughout the web
Website security

More Related Content

PPTX
Ethical hacking - Footprinting.pptx
byNargis Parveen
 
PDF
Ch 10: Hacking Web Servers
bySam Bowne
 
PPTX
Spoofing
byDalia Karina Reyes Vargas
 
PPT
Phishing
byanjalika sinha
 
PPTX
Introduction to shodan
byn|u - The Open Security Community
 
PPTX
Get method and post method
bybaabtra.com - No. 1 supplier of quality freshers
 
PDF
cyber-security course outline
byShoaibBhattiM
 
PPTX
Footprinting and reconnaissance
byNishaYadav177
 
Ethical hacking - Footprinting.pptx
byNargis Parveen
 
Ch 10: Hacking Web Servers
bySam Bowne
 
Spoofing
byDalia Karina Reyes Vargas
 
Phishing
byanjalika sinha
 
Introduction to shodan
byn|u - The Open Security Community
 
Get method and post method
bybaabtra.com - No. 1 supplier of quality freshers
 
cyber-security course outline
byShoaibBhattiM
 
Footprinting and reconnaissance
byNishaYadav177
 

What's hot

PPTX
Cyber Security
byHome
 
PPTX
Different types of attacks in internet
byRohan Bharadwaj
 
PPTX
Attacking thru HTTP Host header
bySergey Belov
 
PPTX
Virus and Worms
byDINESH KAMBLE
 
PPTX
Phishing Attacks - Are You Ready to Respond?
bySplunk
 
PPTX
Virus and worms
byVikas Sharma
 
PPTX
Phishing techniques
bySushil Kumar
 
PDF
Introduction to Web Application Security - Blackhoodie US 2018
byNiranjanaa Ragupathy
 
PPTX
Cyber Security Training Module 2025.pptx
bysurnil7785
 
PPTX
Demo of security tool nessus - Network vulnerablity scanner
byAjit Dadresa
 
PPTX
Phishing Attacks
byJagan Mohan
 
PPT
Lesson 3- Remote Access
byMLG College of Learning, Inc
 
PPTX
Introduction to Social engineering | Techniques of Social engineering
byPrem Lamsal
 
PPTX
Introduction to Cryptography
byMd. Afif Al Mamun
 
PPTX
Android Device Hardening
byanupriti
 
PPTX
Phishing
bySouganthikaSankaresw
 
PDF
Neat tricks to bypass CSRF-protection
byMikhail Egorov
 
PDF
Cloud-forensics
byanupriti
 
PPTX
Spoofing Techniques
byRaza_Abidi
 
PPTX
Digital Evidence by Raghu Khimani
byDr Raghu Khimani
 
Cyber Security
byHome
 
Different types of attacks in internet
byRohan Bharadwaj
 
Attacking thru HTTP Host header
bySergey Belov
 
Virus and Worms
byDINESH KAMBLE
 
Phishing Attacks - Are You Ready to Respond?
bySplunk
 
Virus and worms
byVikas Sharma
 
Phishing techniques
bySushil Kumar
 
Introduction to Web Application Security - Blackhoodie US 2018
byNiranjanaa Ragupathy
 
Cyber Security Training Module 2025.pptx
bysurnil7785
 
Demo of security tool nessus - Network vulnerablity scanner
byAjit Dadresa
 
Phishing Attacks
byJagan Mohan
 
Lesson 3- Remote Access
byMLG College of Learning, Inc
 
Introduction to Social engineering | Techniques of Social engineering
byPrem Lamsal
 
Introduction to Cryptography
byMd. Afif Al Mamun
 
Android Device Hardening
byanupriti
 
Phishing
bySouganthikaSankaresw
 
Neat tricks to bypass CSRF-protection
byMikhail Egorov
 
Cloud-forensics
byanupriti
 
Spoofing Techniques
byRaza_Abidi
 
Digital Evidence by Raghu Khimani
byDr Raghu Khimani
 

Similar to Website security

PPTX
Information security ist lecture
byZara Nawaz
 
PPTX
information security (network security methods)
byZara Nawaz
 
PPT
InfoSecConcepts.ppt
byMobileAntitheft
 
PPT
Rainer+3e Student Pp Ts Ch03
bykbzdox ivanovich
 
PDF
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
byJenna Murray
 
PPTX
Week-09-10-11-12 Fundamentals of Cybersecurity.pptx
byyasirkhokhar7
 
PPT
Chapter 1 overview
bydr_edw777
 
PPTX
Unit 1.pptx
byMsVaishaliKumar
 
PPT
Security information for internet and security
bySomesh Kumar
 
PPTX
Foundation of the information securiety
byALIZAIB KHAN
 
PDF
foundation of security: computer program and security
byShifadShaji
 
PPTX
Lecture 6 Cybersecurity-Basics and .pptx
byakatsesena2003
 
PPT
IT-Security-20210426203847.ppt
byssuser6c59cb
 
PPT
IT-Security Assessment for IT assets.ppt
bysantoshsahu190428
 
PPT
IT-Security-20210426203847.ppt
byIan Dave Balatbat
 
PPT
IT-Security-20210426203847.ppt
byRamaNingaiah
 
PPTX
BUILDING AWARENESS AND AWARENESS PROGRAM - Vasil Tsvimitidze
byDataExchangeAgency
 
PPT
Chapter1 intro network_security_sunorganised
byBule Hora University
 
PPTX
sec.This includes policy settings that prevent unauthorized people
byJuliusECatipon
 
PPTX
Chapter-2 (1).pptx
byPaulaRodalynMateo1
 
Information security ist lecture
byZara Nawaz
 
information security (network security methods)
byZara Nawaz
 
InfoSecConcepts.ppt
byMobileAntitheft
 
Rainer+3e Student Pp Ts Ch03
bykbzdox ivanovich
 
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
byJenna Murray
 
Week-09-10-11-12 Fundamentals of Cybersecurity.pptx
byyasirkhokhar7
 
Chapter 1 overview
bydr_edw777
 
Unit 1.pptx
byMsVaishaliKumar
 
Security information for internet and security
bySomesh Kumar
 
Foundation of the information securiety
byALIZAIB KHAN
 
foundation of security: computer program and security
byShifadShaji
 
Lecture 6 Cybersecurity-Basics and .pptx
byakatsesena2003
 
IT-Security-20210426203847.ppt
byssuser6c59cb
 
IT-Security Assessment for IT assets.ppt
bysantoshsahu190428
 
IT-Security-20210426203847.ppt
byIan Dave Balatbat
 
IT-Security-20210426203847.ppt
byRamaNingaiah
 
BUILDING AWARENESS AND AWARENESS PROGRAM - Vasil Tsvimitidze
byDataExchangeAgency
 
Chapter1 intro network_security_sunorganised
byBule Hora University
 
sec.This includes policy settings that prevent unauthorized people
byJuliusECatipon
 
Chapter-2 (1).pptx
byPaulaRodalynMateo1
 

More from RIPPER95

PPTX
Spain
byRIPPER95
 
PPTX
Italy politics and social lives
byRIPPER95
 
PPT
Fire project
byRIPPER95
 
PPTX
Android and IOS
byRIPPER95
 
PPTX
Drug policy in mexico
byRIPPER95
 
PPTX
Cyber security
byRIPPER95
 
Spain
byRIPPER95
 
Italy politics and social lives
byRIPPER95
 
Fire project
byRIPPER95
 
Android and IOS
byRIPPER95
 
Drug policy in mexico
byRIPPER95
 
Cyber security
byRIPPER95
 

Recently uploaded

PPTX
CaseStudy-CloudMigration -For USE CASE -Customer Success Info -6-Aug-25.pptx
bywinlentech
 
PDF
tokiohotellistening.pdf for tokiohotelfans
byrafaelgombos1234
 
PPT
Memory Organization In Assembly Language
byumairmuhammad0409
 
PDF
WShell Gameplay and Games of Games of Games
byzramirezmtz9
 
PDF
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 
PPTX
SriLank SLT LTE Network Sharing V2.pptx
bynthuang
 
PPTX
COĞRAFYA ödevi 70 sayfa güzeldir hayırlı olsun
bydtilter
 
PPTX
PRITHVI theater, A true artist. Newzfeaturez.pptx
bysc05digital
 
PPTX
Computer Networks 01[1 using all terms].pptx
bywaqasahmedbhatti633
 
PDF
Design For Test - Getting Test Automation value from Design Expressions.
byDavid Harrison
 
PDF
Key Duties and Roles of an Ecommerce Developer Singapore
byHachi Web Solution
 
PDF
Here are the winners of KALIDASA SAMMAN.
byglcppro
 
PDF
Top 5 Snapchat Tracker Apps for Safe and Responsible Monitoring
byMichael Carter
 
PDF
Beacon Kit slides tech framework for world game (s) pdf
bySteven McGee
 
PPTX
mc l2 Overview of Computer and Web-Technology.pptx
byavanikharde
 
PPTX
Artificial Intelligence (AI) Technology Project Proposal _ by Slidesgo.pptx
byadhyaadi804
 
PPT
html-forms in web development-courseICT.
bymadz33
 
PPTX
Ideathon template.pptx it is a ideathon template
bykonav71133
 
PPTX
Types of Cryptograph Symmetric Ceaser cipher and also about Assymetric
byhamzaabdulqadeer11
 
PDF
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 
CaseStudy-CloudMigration -For USE CASE -Customer Success Info -6-Aug-25.pptx
bywinlentech
 
tokiohotellistening.pdf for tokiohotelfans
byrafaelgombos1234
 
Memory Organization In Assembly Language
byumairmuhammad0409
 
WShell Gameplay and Games of Games of Games
byzramirezmtz9
 
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 
SriLank SLT LTE Network Sharing V2.pptx
bynthuang
 
COĞRAFYA ödevi 70 sayfa güzeldir hayırlı olsun
bydtilter
 
PRITHVI theater, A true artist. Newzfeaturez.pptx
bysc05digital
 
Computer Networks 01[1 using all terms].pptx
bywaqasahmedbhatti633
 
Design For Test - Getting Test Automation value from Design Expressions.
byDavid Harrison
 
Key Duties and Roles of an Ecommerce Developer Singapore
byHachi Web Solution
 
Here are the winners of KALIDASA SAMMAN.
byglcppro
 
Top 5 Snapchat Tracker Apps for Safe and Responsible Monitoring
byMichael Carter
 
Beacon Kit slides tech framework for world game (s) pdf
bySteven McGee
 
mc l2 Overview of Computer and Web-Technology.pptx
byavanikharde
 
Artificial Intelligence (AI) Technology Project Proposal _ by Slidesgo.pptx
byadhyaadi804
 
html-forms in web development-courseICT.
bymadz33
 
Ideathon template.pptx it is a ideathon template
bykonav71133
 
Types of Cryptograph Symmetric Ceaser cipher and also about Assymetric
byhamzaabdulqadeer11
 
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 

Website security

  • 1.
  • 2.
    Introduction  Ensuring thatyour website or open web application is secure is critical. Even simple bugs in your code can result in private information being leaked, and bad people are out there trying to find ways to steal data. This introductory article won't make you a website security guru, but it will help you understand where threats come from, and what you can do to harden your web application against the most common attacks
  • 3.
    What is Website security? The Internet is a dangerous place! With great regularity we hear about websites becoming unavailable due to denial of service attacks, or displaying modified information on their home pages. And other high-profile cases millions of passwords, email addresses and credit card details have been leaked into the public domain, exposing website users to both personal embarrassment and financial risk
  • 4.
    What is Website security? The purpose of website security is to prevent any sorts of attacks. More formally, website security is the act/practice of protecting websites from unauthorized access, use, modification, destruction or disruption
  • 5.
    Information Security Basics A basic understanding of information security can help you avoid unnecessarily leaving your software and sites insecure and vulnerable to weaknesses that can be exploited for financial gain or other malicious reasons. These articles can help you learn what you need to know. With this information, you can be aware of the role and importance of security throughout the web development cycle and beyond into deployment of your content  Confidentiality, Integrity, and Availability  Vulnerabilities  Threats  Security Controls
  • 6.
    Confidentiality, Integrity, andAvailability  Confidentiality:  It refers to protecting information from being accessed by unauthorized parties. In other words, only the people who are authorized to do so can gain access to sensitive data.  Integrity:  It refers to ensuring the authenticity of information—that information is not altered, and that the source of the information is genuine.  you try to connect to a website and a malicious attacker between you and the website redirects your traffic to a different website. In this case, the site you are directed to is not genuine  Availability:  It means that information is accessible by authorized users.
  • 7.
    Vulnerabilities  There aremany ways in which vulnerabilities can be categorized. But I will use three high-level vulnerability categories: software flaws, security configuration issues, and software feature misuse.  A software flaw vulnerability:  A software flaw vulnerability is caused by an unintended error in the design or coding of software. An example is an input validation error, such as user-provided input not being properly evaluated for malicious character strings and overly long values associated with known attacks  A security configuration:  A security configuration setting is an element of a software’s security that can be altered through the software itself  A security configuration issue vulnerability involves the use of security configuration settings that negatively affect the security of the software.  A software feature misuse:  A software feature misuse vulnerability is a vulnerability in which the feature also provides an avenue to compromise the security of a system. These vulnerabilities are caused by the software designer making trust assumptions that permit the software to provide beneficial features, while also introducing the possibility of someone violating the trust assumptions to compromise security
  • 8.
    Threats A threat isany circumstance or event with the potential to adversely impact data or systems via unauthorized access, disclosure, or modification of information, and denial of service. Threats may involve intentional actors or unintentional actors. Threats can be local, such as a disgruntled employee, or remote, such as an attacker in another geographical area. A threat source is the cause of a threat, such as a hostile cyber or physical attack, a human error of omission or commission, a failure of organization-controlled hardware or software, or other failure beyond the control of the organization. A threat event is an event or situation initiated or caused by a threat source that has the potential for causing adverse impact. Network traffic typically passes through intermediate computers, such as routers, or is carried over unsecured networks, such as wireless hotspots. Because of this, it can be intercepted by a third party. Threats against network traffic include the following:
  • 9.
    Threats against networktraffic Eavesdropping: • Information remains intact, but its is compromised. For example, someone could learn your credit card number, record a sensitive conversation, or intercept classified information. 1 Tampering: • Information in transit is changed or replaced and then sent on to the recipient. For example, someone could alter an order for goods or change a person's resume 2 Impersonation: • Information passes to a person who poses as the intended recipient. 3
  • 10.
    Security Control  Sensitivedata should be protected based on the potential impact of a loss of confidentiality, integrity, or availability. Protection measures tend to fall into two categories.  First, security weaknesses in the system need to be resolved  Second, the system should offer only the required functionality to each authorized user, so that no one can use functions that are not necessary  There are three types of security controls  Management controls: The security controls that focus on the management of risk and the management of information system security  Operational controls: The security controls that are primarily implemented and executed by people  Technical controls: The security controls that are primarily implemented and executed by the system through the system's hardware, software, or firmware
  • 11.
    Few Tips toConsider  Keep all software updated  Build layer of security around your site  Switch to HTTPS  Use strong passwords, change regularly  Make Admin directories tough to spot  Conclusion:
  • 12.
    Few Tips toConsider  Most of us go through life with the philosophy ‘It won’t happen to me’. However, that philosophy has been proven not t be true in the world of online security. A successful attack on your site not only leads to compromising of users’ data and your own information, it can also lead to a blacklisting of your site by Google and other search providers as your infected site risks spreading malicious content throughout the web