Defend Your Website
Website Security protects your web investment, keeping you and your customers safe from hackers and other online threats.
ALL PLANS INCLUDE
Protection for unlimited pages within one site
Google, Norton and McAfee blacklist monitoring
24/7 customer care
Trusted Site Seal
Security analysts for advanced issues
Unlimited malware scans and removal
Brand reputation monitoring
Advanced security monitoring
30-day money back guarantee*
Top 10 Online Threats
The strategies hackers use to break into your site can be complicated but the results are usually pretty simple – lost revenue.
Here are the 10 most common threats identified by the Open Web Application Security Project:
It's not uncommon for web applications to have injection flaws, especially SQL injection flaws. A hacker who finds one will send malicious data as part of a command or query. The attacker's message tricks the app into changing data or executing a command it was not designed to obey.
Cross-site Scripting flaws occur whenever an application sends user-supplied data to a web browser without validating it first. Hackers use these flaws to hijack users away from the site or deface it, thereby costing the site owner in lost business.
Applications that lack checks to verify a user is authorized to view particular content can be manipulated to access private data.
When account credentials and session tokens aren't properly protected, hackers can assume users' identities online.
A CSRF attack tricks unknowing site visitors into submitting forged HTTP requests via image tags, XSS, or other techniques. If the user is logged in, the attack succeeds.
Security misconfiguration flaws give hackers unauthorized access to system data via default accounts, unused pages, unpatched flaws, unprotected files and directories.
Many web applications don't do enough to protect sensitive data such as credit card numbers, Social Security numbers and login credentials . Thieves may use this data for identity theft, credit card fraud or other crimes.
Often an app will protect sensitive interactions by not showing links or URLs to unauthorized users. Attackers use this weakness to access those URLs directly in order to carry out unauthorized actions.
Applications often fail to authenticate, encrypt and protect the confidentiality of network traffic. Some use weak algorithms, expired or invalid certificates or use them incorrectly. This allows hackers to “eavesdrop” on online exchanges. An SSL Certificate typically neutralizes this threat.
Web applications often redirect or forward legitimate users to other pages and websites, using insecure data to determine the destination. Attackers use this weakness to redirect victims to phishing or malware sites, or use forwards to open private pages.