“Many website owners only think about security after their site gets hacked, but knowledge is power: If you know what the threats are you can arm yourself appropriately and get one step ahead of the hackers,” said Myron Salant, web services product manager at Webafrica.
Here are his top 10 threats for websites:
1. Injection
2. Cross-site scripting
3. Insecure direct object references
4. Cross-site request forgery
5. Insecure cryptographic storage
6. Failure to restrict URL access
7. Invalidated re-directs and forwards
8. Broken authentication and session management
9. Security misconfiguration
10. Insufficient transport layer protection
No comments:
Post a Comment