Chapter 8: Web Security

Common website security threats

Websites can be attacked in more than one way. Before proceeding, we
need to understand some common threats to website security. These are
what we shall be looking to avoid and be prepared for during the planning
of security measures. Some of these include Spam, Viruses and malware,
WHOIS domain registration, and DDoS attacks, among many others

How to safeguard your website

After getting to know common security threats, let us now focus on how
we can prevent them. The assumption that your website is secure is not
correct. As long as you have not instituted any safeguard mechanisms,
there is a high chance that it can be attacked. Here are a few steps you are
required to effect to better the security of your website:

Restrict file uploads

It is risky to let visitors on your website upload files. The uploads may
contain a script meant to exploit vulnerabilities present on your website.
All uploads need to be treated as a threat to the security of the website.

Use HTTPS protocol

This tells the visitors of a given website that essentially, they are dealing
with a proper server. This translates to “no one can intercept the
interactions they are having or the content they are viewing.

Secure your personal computer

Security starts with you! It is important that you take care of the security
of your devices. Hackers can use your PC as a gateway to your website.
Ensure that you have antivirus software that is updated with the latest
definitions. This will protect you from many malicious attacks including
from file downloads. It is also possible to inject malware to the websites
through stolen FTP login credentials. It is important that you frequently
scan your devices for malware and viruses regularly.

Change your default CMS settings

We have seen that numerous attacks are normally automated these days.
Malicious users do program bots to help them locate sites still using their
default settings. Make it hard for them. Upon installation of a CMS you
own, modify the settings which are still on default mode:
✓ Settings required for comments
✓ Controls that users require
✓ Information visibility
✓ Permissions for files
Above are settings you can change right away

Software updates

All the software must stay up to date. This includes the CMS, plugins,
Word Press software, among many others. The updates bring improved
functionality, security patches to cover vulnerabilities, fixes for bugs and
software glitches, and so on.

Select a web hosting plan that is safe

Web hosting plans that are shared have higher chances of getting
compromised. In as much as they are appealing to users due to the
potential cost savings, the levels of protection are reduced. As such, they
are not a secure option. Remember, cheap is expensive!

Limit access to users

Errors caused by human beings account for a majority of cybersecurity
attacks. Reducing or limiting humans can contribute greatly to error
reduction. It is not necessary for every employee to access your website.
Guests, web designers and consultants likewise, do not deserve automatic
access. The least privilege principle needs to be implemented to secure
your website.

Do a password change

Password changing is a significant shot in the arm for web security. So,
change your password. Changing the password alone is even not enough;
make it a habit to change it often.

Monitor your security

You can get utilities that can help you monitor your websites’ security
online. Such utilities can help you with conducting security audits, which
can help to expose potential vulnerabilities. In so doing, you can launch
countermeasures before an attack happens.

Make a backup for your website

It is said that when you have been forewarned, you should forearm
yourself. It is good to always be prepared for the worse. In this case, the
worst that can happen is your website getting compromised. A backup
ensures you are at peace since there will be no data that is lost in the event
of a compromise

Conclusion

May I take this opportunity to thank you for being able to make it to the
end of this informative book, Kali Linux. I want to believe that it has been
edifying, and through it, you are now able to hit the ground running in
matters revolving around hacking. Also, I hope that you have gained the
relevant expertise to enable you to begin your hacking career or better
your skills if you are already one. I sincerely hope that you have enjoyed
turning pages right from the first topic which was Introduction to Kali
Linux, all through The Basics of Kali Linux, The Hacking Process,
Wireless Network Hacking, Uses and Applications of Kali Linux,
Introduction to Cybersecurity, Network Scanning and Management and
Web Security. I trust that by studying this book, you have gotten to learn
plenty of practical concepts that you need to become a hacking expert.
By now, you must have been able to get access to a vast body of theoretical
knowledge regarding the various types of attacks that can be launched on
your systems, the reason for launching them and how you are able to
safeguard your infrastructure against such attacks. These are your first
steps towards becoming a professional hacker. The book covers topical
issues like wireless network attacks, cyber-attacks and penetration testing,
among others. It, therefore, means that you are now in a good position to
discern network attack mechanisms that occur in the real world and
prescribe appropriate remedies.
I have also given you a few security measures you can implement to keep
your networks safe. The formatting is such that the language is a userfriendly language that you can understand the importance of securing your
networks. Going forward, the next step is to put the concepts you have
acquired from this book into practice. They say practice makes perfect and
it is by practicing that one can become an expert in the field of hacking,
more so using Kali Linux. Let the knowledge you have acquired from the
book work for you.
Finally, if you found this book useful in any way, a review on Amazon is
always welcome