Do you know that your digital resources, assets and services are at risk all the time when you use public channel to reach your audience. You must be aware that security of your website, content, and applications are vulnerable unless you take measures to improve on your website security. You must recognize the fact that public medium is free for all kind of users including disruptors, hackers and technology demonstrators.
Websites operate over an insecure public channel to deliver content and services. You will always find hackers who try to steal data, traffic, money and critical information from a website. Some of them do it for fun as well.
If your website becomes popular, you pose risk to competing businesses and hence you are prone to serious web security threats. Your competitors will do anything to bring you down be it content wise, reputation wise or directly exploiting holes in your web security. This brings out an eminent need to revisit and fortify your website security.
Repel brute force attack
Attackers try to take your website down by trying to guess your credentials; and to do that they use programmed dictionary attack or something similar to figure out your credentials. You use captcha to validate such users so that programmatic attacks can be avoided. Remember to use server side captcha routine only.
Protect from denial of service attack
This type of attack in intended to deny access of your web application to your viewers. They attack your web application by repetitive requests to your server using fake identities and from different IP addresses. This slows the server down which ultimately become non-responsive and the relevant users are denied of your services.
Write routines to identify the visitorâ€™s IP address and access frequencies and block those IP addresses which are exhibiting this behaviour.
Implement anti phishing mechanism: By not allowing Return-URL method
To get your customerâ€™s information, some malware infected websites tries to make your customers believe that they are the ones who is genuine and asks information from them. If a customer is not vigilant enough, he may end up sending information in the wrong hands. The customer will still believe that he is being cheated by you.
This happens because you have not blocked the road of redirect attack which causes this. Any URL on a website if appended with ReturnUrl (in case of ASP.NET) will redirect the user to the ReturnUrl address and server assumes it a valid way of redirecting from one area of the site/domain to other. This feature is misused by the hackers to pull the genuine customers of infected website toward them and get the important credentials and then sometime that information is sold out.
Whenever possible, try to stop this on any target server. I have given you one example with ASP.NET technology, but it is valid on any web server technology.
Use MVC pattern to make security upgrade easier on your application
Using MVC pattern for your development helps you in implementing security at one point and hence will be easier to upgrade whenever new types of threat are discovered.