Security Warning

Recently we have seen many problems from large websites about security flaws at the user level. It is this kind of security loophole that can allow people to access or hijack information that they should not be able to reach. Fortunately the larger organisations have the ability to sort these problems in a short period of time but these could be prevented earlier on in the development process.

At a much more basic level, cross-site-scripting (XSS) attacks can cause havoc to website and server administrators. The primary function of this kind of attack is to “inject” malicious code into your application. The result of this could be some injected javascript to create a popup window (nothing too problematic), to SQL injection that, in the worst case scenario, could delete all of your databases on your server. It is therefore imperative that steps are taken to “sanitise” user input to prevent these problems and, fortunately, the Zend-Framework that I use has many functions to ensure this. Also it should be noted that file uploads should also be validated because, if these are made public, these can carry viruses and infect your website audience’s computers; all in all, none of this is good for your viewer popularity.

We are all guilty of missing a step in application security and, once again, the big names come into the spotlight. Most recently has been YouTube and the use of javascript code injection for advertising purposes. I think we all need to shake up on security, plan ahead, and make sure that these security loop-holes are sealed before they can open.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>