CSP is a header your server can return which tells the browser to limit how and what Java Script is executed in the page, for example to disallow running of any scripts not hosted on your domain, disallow inline Java Script, or disable eval().Mozilla have an excellent guide with some example configurations.When you use standard Transact SQL it is easy to unknowingly insert rogue code into your query that could be used to change tables, get information and delete data.
Other very common ways to abuse compromised machines include using your servers as part of a botnet, or to mine for Bitcoins. Hacking is regularly performed by automated scripts written to scour the Internet in an attempt to exploit known website security issues in software.
Here are our top 10 tips to help keep you and your site safe online.
It may seem obvious, but ensuring you keep all software up to date is vital in keeping your site secure.
This applies to both the server operating system and any software you may be running on your website such as a CMS or forum.
Consider this query: Since '1' is equal to '1' this will allow the attacker to add an additional query to the end of the SQL statement which will also be executed.
You could fix this query by explicitly parameterising it.This is similar to defending against SQL injection.When dynamically generating HTML, use functions which explicitly make the changes you're looking for (e.g.These can however be bypassed, and you should make sure you check for these validation and deeper validation server side as failing to do so could lead to malicious code or scripting code being inserted into the database or could cause undesirable results in your website.Everyone knows they should use complex passwords, but that doesn’t mean they always do.Word Press, Umbraco and many other CMSes notify you of available system updates when you log in.