Posted on

Web Security Terms and Jargon

Have you ever attempted to understand all that technical jargon that goes along with web security? Some of these websites, while extremely important, can be difficult for people to understand. What most novice webmasters do is to click away in confusion and figure out that you will deal with any security issues as they happen. Naturally this is not the right approach at all. This article will help simplify some of these terms so that you can look into this topic more deeply and with more understanding.

The Most Fundamental Part of the Internet

URI

Uniform Resource Identifier is the address of your website, or the part that shows up in the browser bar. When someone enters the first part of the address the search engines start their search. This address is then appended with more information to deepen the search into any website.

It is the code at the end of the URI that is important when it comes to web security. For example:

https://www.ezcomputers.co.uk

will take you to our homepage.

https://www.ezcomputers.co.uk/articles/web-security-terms-jargon

takes you straight to this article.

You can add all kinds of elements to the main address, including links to images, articles and files. If a hacker can override these and add things to your HTML code, you have no idea where your site might point to. Or more importantly what it might show to a visitor; be they parts of your website or files that you do not want exposed.

Specific Types of Internet Security Issues

Next we will look at the types of attacks your website might experience:

SQL Injection

This is when a URI or form field sends your server an SQL command . SQL is the language understood by most database systems to store and retrieve information.

Cross Site Scripting or XSS

This is one of the most common forms of attacks. The hacker uses a JavaScript code and embeds it into a document. Attackers do this by adding a new field to the end of your URI.

Path Traversal

This is a function that you definitely do not want to allow on your server. It would allow people to find all your folders on your server. You can imagine what they would do if they had this type of access.

Cross Site Request Forgery

The best way to describe this is by allowing users to send information to into your database. The most common method is by forms. Potentially it can allow any form of attacker to get access to private information such as payment and banking details.

Remote File Inclusion or RFI

This happens when a flaw in your website allows a hacker to add a code from another server to run on your server.

Phishing

This is a method that fools people into entering personal information into a website designed to look like another. The most common are banking websites, PayPal, etc.

Clickjacking

This uses CSS and inline frames and gets people to click something without them realizing what or where they are clicking too.

A hacker may trick people into entering or revealing information they may not otherwise. By changing the URI and taking advantage of the flaws listed above, you may not realise what is happening.

Wrapup

This short article at least gives you a better understanding of some of those terms that you may have seen when reading about web security.

Leave a Reply

Your email address will not be published. Required fields are marked *

WordPress Anti-Spam by WP-SpamShield