The objective of cybercriminals is the distribution of viruses to steal money or information or to attack other computers and commit crimes, and through infected web pages the infection of computers is massive.
The user is aware of the risk of infection when accessing a web page of dubious reputation and avoids it, but does not imagine that accessing a legitimate web page could become infected. Cybercriminals take advantage of users’ trust in legitimate pages to distribute their viruses.
Cybercriminals’ infection attacks are not generally directed at a certain page, but through tools they launch the attack on all the pages and the most vulnerable ones are infected.
Web pages can be infected by exploiting vulnerabilities or misconfiguration of installed software. By infecting the web page, in addition to the distribution of viruses, it can be used to launch criminal activities such as hosting phishing sites or transferring illegal content, while abusing the bandwidth of the web page and making its owner responsible for these acts.
The usual thing is that a website has been created by a designer and not by a computer scientist and has not considered the security of the entire website in the choice of platform, programming language, etc., and therefore has not implemented any adequate security measure.
On the other hand, the Internet provider where the website is hosted is also significant since the security of the web application must be reviewed in addition to the security of the platform that supports it.
we are experts in computer security and, based on OWAP, we have a basic web application security audit methodology through a series of vulnerability tests that allows us to identify existing vulnerabilities in a web application, detect holes and weaknesses in security systems, our exceptional offer of these professional services being the following:
Basic security audit of a website
• Analyze accommodation content and check for inappropriate content
• Metadata, logical and antiviral analysis
• Identification of existing CMS vulnerabilities and plugins and recommendations to fix them
• Database analysis
• Detection of holes and weaknesses in security systems and security recommendations
By controlling and fixing the vulnerabilities found in the basic security audit, your company can significantly reduce its level of exposure to security threats on your website.
The main vulnerabilities of an application / website are:
Injection, a code infiltration method, which uses a vulnerability at the level of validation of the inputs. It is used to query and execute commands against databases, OS and LDAP.
XSS or Cross-Site Scripting XSS is a type of security hole typical of web applications, which allows a third party to inject JavaScript code into web pages viewed by the user, avoiding control measures. These errors can be found in any application whose ultimate goal is to present the information in a web browser.
Interruption of authentication and session management, an attacker can hijack the active session and assume the user's identity after taking any action that the user could do, such as changing the password, etc.
Insecure Direct Object References happen when a reference to the internal object application, such as a file, directory, or key database, is exposed. Without access control or other protection, attackers can manipulate those references to access unauthorized data.
Cross-Site Request Forgery (CSRF), against a vulnerable web application, allows the attacker to force the victim's browser to generate requests to the vulnerable application that it thinks are legitimate requests from the victim.
The wrong security configuration in the computer systems that host the web services, the databases, and the protection systems. In many cases, they are installed with default or wrong settings for the environment to be protected. All these settings must be defined, implemented, and kept all software up to date, including all libraries and so on.
Insecure Storage Encryption, on many occasions, sensitive data on websites (credit cards, Social Security number, authentication credentials, etc.) are not properly encrypted. In the face of an attack, weakly protected data can be stolen or modified that seeks to carry out identity theft, credit card fraud, or other crimes, such as purchasing corder from a customer with a different shipping address, etc. with Cyberg Reviews
Failure to restrict URL access, which in many cases can be accessed hidden pages without adequate control measures; thus you can skip pages in sequences (order, data, payment, confirmation), etc.
Insufficient protection of the transport layer. Perimeter and transport protection is just as important as web application security. Expired certificates, weak algorithms, lack of gateway antimalware are prevalent mistakes.
Unvalidated redirects would allow an attacker to use our web application to redirect our visitors to pages with malware or phishing.
Times change and some of the tasks we previously performed through desktop applications, we have gradually replaced some of them with web-based applications, accessible from any compatible browser. Without going any further, we have closer examples with Gmail, Google Docs, Meebo, or Newsgator. We all know the advantages of these applications over desktop programs.
Days ago, a new directory was born that may be of interest, taking advantage of the boom in popularity of these applications as services. there we find reviews of different web applications, so for this, they are available by categories, from Blogging to word processors.
To do this, search for a specific application, using the Google Custom Search engine, or access one of the categories, where we will find a list of applications with a brief description of them. You have to choose one of them and offer us more information in a clear and structured way, with your evaluations and screenshots. They offer us from its description, history, operation in terms of registration, look and feel, and other data. Please note that your information is in English.
