The top 10 reasons why websites get hacked


Just found the following list on the internet:


1. Cross site scripting (XSS)
2. Injection flaws
3. Malicious file execution
4. Insecure direct object reference
5. Cross site request forgery
6. Information leakage and improper error handling
7. Broken authentication and session management
8. Insecure cryptographic storage
9. Insecure communications
10. Failure to restrict URL access


And that brings me back to the previous post and how important (and sometimes easy) it is to check the own websites for thise kind of vulnerabilities.


Urs


http://blogs.technet.com/ms_schweiz_security_blog/archive/2007/10/24/xssdetect-code-analysis-tool.aspx


 


Comments (0)