Primer on website security

Smashing Magazine has put up a good article introducing some of the most common security vulnerabilities in websites. They are all things that site administrators should at least be aware of – including those who never actually touch code, but rely on something like WordPress to sort it out for them. Some of the attack types described include SQL injection, cross-site scripting (including the vulnerability of JavaScript), path traversal, cross-site request forgery, remote file inclusion, phishing, and clickjacking.

For those who run websites but know nothing about coding, there are three take-home messages:

  1. Update your software, to ensure that security holes get patched as they emerge. If you are still running WordPress 1.5, you have a big problem.
  2. Keep an eye out for weird behaviours. Are links appearing on your site that you didn’t put there? If so, there is a good chance it has been compromised.
  3. Remember: the internet is a dangerous place. Running a Mac doesn’t mean you’re safe from malware and other sorts of attacks. Neither does running a virus scanner or avoiding dodgy websites. If you have information you want to keep private, keep it encrypted. If you have data you don’t want to lose, back it up.

Sadly, the great majority of people are annoyingly indifferent about security these days. It seems like a couple of my friends always have their MSN or Facebook accounts taken over by spammers, and others are content to let their blogs fill up with spam comments. Such recklessness makes the internet a worse place, and it would be appreciated if people who choose to engage online do so with a bit more diligence and respect.

Author: Milan

In the spring of 2005, I graduated from the University of British Columbia with a degree in International Relations and a general focus in the area of environmental politics. In the fall of 2005, I began reading for an M.Phil in IR at Wadham College, Oxford. Outside school, I am very interested in photography, writing, and the outdoors. I am writing this blog to keep in touch with friends and family around the world, provide a more personal view of graduate student life in Oxford, and pass on some lessons I've learned here.

Leave a Reply

Your email address will not be published. Required fields are marked *