Websites always were prone to security risks and so are any networks to which web servers are connected. Setting aside risks created by employee use or misuse of network resources, your web server and web site it hosts present your most serious sources of security risks.
By design web servers are like open window between your network and the world. The care taken with server maintenance, web application updates and your web site coding will define the size of that window, limit the kind of information that can pass through it and thus establish the degree of web security level you will have.
The well known fact that badly written software always creates security issues and holes and the number of bugs that could create web security issues is directly proportional to the complexity and size of your web applications and web server. Basically, all complex programs either have bugs or at the very, least weaknesses. On top of that of course, web servers are inherently complex programs. Web sites are themselves complex and intentionally invite ever greater interaction with the public. And so the opportunities for security holes are many and growing.
Many of you should know 10 most popular types of web sites vulnerabilities:
- Broken Authentication
- Cross-site scripting
- Insecure Direct Object References
- Security Misconfiguration
- Sensitive Data Exposure
- Missing Function Level Access Control
- Cross-Site Request Forgery
- Using Components with Known Vulnerabilities
- Unvalidated Redirects and Forwards
As most of you know there are a lot of people out there so called “hackers”. As a matter of fact, the vast majority of them are simply script kiddies. They read about a already known technique that was devised by someone else and they use it to break into a web site that is interesting to them, often just to see if they can hack it. Once they have done that they will take advantage of the site weakness to do malicious harm, plant something or steal something.
So be aware of those types of vulnerabilities, always try to use latest version of software, apply security updates and check logs.