Your Website
Online Threats

The news has been filled this last year with reports of data breaches and exposed vulnerabilities.  Research conducted by Identity Theft Resource Center has found that an average of two data breaches have been reported every day this year.  Data breaches can be costly and embarrassing.  So how are attackers getting in and what can you do to protect your business?  Here is a list of the Top 10 Online threats as found by the Open Web Application Security Project.

  1. Injection

    How It Affects Your Business:  An attacker injects unwanted data into a command or query which allows the attacker to have access or perform commands that are unwanted.  An attacker could take over your host and steal, modify, or delete your data.

  2. Broken Authentication and Session Management

    How It Affects Your Business:  Attackers use stolen passwords, keys, or session tokens to assume the identity of an employee.  This gives the attacker the ability to do anything to the system that the victim could do.

  3. Cross-Site Scripting (XSS)

    How It Affects Your Business:  The attacker uses malware to redirect or hijack user sessions or deface your website.

  4. Insecure Direct Object References

    How It Affects Your Business:  Links that are not properly protected can allow users to bypass authentication, thus allowing attackers in to information that you thought was protected.

  5. Security Misconfiguration

    How It Affects Your Business:  Leaving your software unpatched or leaving settings to their default leaves holes that allow attackers to find ways into your systems that you may not have even known existed.  An attacker could either steal or modify your essential business data.

  6. Sensitive Data Exposure

    How It Affects Your Business:  Failure to encrypt sensitive data (credit card numbers, tax ids, etc.) while in motion can be easily stolen by attackers which leaves your customers vulnerable and your business legally liable.

  7. Missing Function Level Access Control

    How It Affects Your Business:  An attacker gains access to privileged information by altering the URL or parameters.  This allows the attacker to access your data that you thought was secure.

  8. Cross-Site Request Forgery (CSRF)

    How It Affects Your Business:  An attacker forces the browser to send a forged HTTP request which tricks your customer into providing data or performing actions that he/she did not intend.  Some examples could be updating account information, making purchases, or logging in or out.

  9. Using Components With Known Vulnerabilities

    How It Affects Your Business:  When a security patch or update is released it is because a vulnerability has been discovered that would allow an attacker to compromise your system.  Failure to implement these updates leaves your data unprotected and allows possible takeover.

  10. Unvalidated Redirects and Forwards

    How It Affects Your Business:  An attacker redirects your customer to a malicious website.  There malware may be installed on the victim's computer or the user could be tricked into disclosing secure information.

Keep Reading to learn how to protect your business from cyber attacks.

Suggest a Topic

Gravityscan Badge