As with any new emerging technology in web applications there will always be security issues and vulnerabilities which can be exploited with the right knowledge and tools. Security plays a major part in today’s technology as new ones are emerging at a pretty rapid pace security issues and vulnerabilities are bound to be an issue
Many users seem to think that when a site says that is it secure because it has a 128-Bit secure socket layer which is a technology that simply prevents unauthorized users from viewing any of your information.
They think there are ‘safe’ from attacks etc. But this isn’t true at all I will explain why.
Although SSL is a great technology which protects the confidentiality and integrity of data in transit between the user’s browser and web server. It will help to defend against eaves droppers, and it can also provide assurance to the user regarding the identity of the web server he or she is dealing with.
So why doesn’t SSL protect me from all types of attacks, below I will list attacks which can compromise your site.
- SQL injection – this vulnerability allows an attacker to submit crafted input to interfere with the application’s interaction with back-end databases
- Broken authentication– this category of vulnerability encompasses various defects within the application such as the login mechanism which could allow an attacker to guess weak passwords, or even to launch a brute force attack and bypass the login.
So an attacker would be able to retrieve and interfere with data from the application or even be able to execute commands on the database server itself.
Those are only a few of the problems associated with web application vulnerabilities.
NOTE* SSL DOES NOTHING TO STOP AN ATTACKER FROM SUBMITTING CRAFTED INPUT TO THE SERVER.
All it does it prevents other users on the network from viewing or modifying the attackers data in transit because the attackers control her end of the SSL tunnel in which she can send anything she likes to the server through this tunnel.
Thanks for reading my blog if there’s anything you want me to explain you can contact me on Twitter or Facebook.