Website Security Analysis
Software that is intended to use internet protocols should be developed from the perspective of internet security. When this does not happen, the application can either expose data that is meant to be private to the server, or can be vulnerable to attack which may result in data loss.
A website security assessment offers a preliminary review of the vulnerability of a website or web application. This assessment analyzes the effort that an attacker must make to gain entry and compromise either the functionality or the data associated with a web application. These assessments can be useful if the website is accepting input from the client. Observations are made of how the application handles various forms of input to determine what kind of attack is possible.
Websites and Web applications that accept user input may be vulnerable to certain kinds of attack. Such exploits include but are not limited to:
- SQL Injection - A process of data entry that renders a database incapable of properly validating guest entry.
- Information leakage - When the web server reveals information about itself through error messages. These messages contain information that an attacker can use to gain further entry
- Cross site scripting - An exploit using Javascript that may result in the remote execution of hostile code or the hijacking of session data.
- XML Injection - An exploit aimed at websites and web applications that use XML for their data storage and/or transport.
It is important to note that this assessment is meant to be a preliminary assessment, aimed at smaller websites where data entry opportunities are kept to a minimum. This assessment may not be appropriate for all web applications. For large web applications, or for clients who are interested in large scale security analysis, a professional web application penetration tester should be consulted.