Your Web Site: Is it A Back Door for Mischief?

backdoor.jpgIf you have a web site that does not capture information and only displays information to people visiting it, you can breathe a small sigh of relieve that most likely your web site is pretty secure. However, if your web site captures information (as in ecommerce, forms, online database) you could have a back door for hackers to access your web site data and if your web site is connected to your network, to also gain access to your network.

ConnectITNews writes Jeremiah Grossman, WhiteHat founder and CTO noted that any site that takes user-supplied content usually has some kind of cross-site scripting vulnerability. He explained that cross-site scripting lets the bad guys leverage the trust of a public or well-known website to exploit users to do things like execute web worms or phishing super bait where a scammer might overlay a credit card stealing code over a real website rather than a fake one.
I’m not a security specialist and you’re not either.


There’s a few things you can do to better protect yourself:
1. When your web developer creates an application for you, ensure they have some background in security and can “program securely”.
2. Ask a third party to test your web site for vulnerabilities. Companies like ScanAlert provide services that continuously scan your web site and report to you on any problems you find.
3. As you do more and more business online you might want to consider hiring a full time security expert or at the very least have on on retainer who can work with you and knows how to properly implement tools and services to keep your web site secure.

The following two tabs change content below.
Ramon Ray, Editor & Technology Evangelist, Smallbiztechnology.com . Editor and Founder, Smart Hustle Magazine Full bio at http://www.ramonray.com . Check him out on Google Plus, Twitter or Facebook

One thought on “Your Web Site: Is it A Back Door for Mischief?

  1. gleddy13

    Another way to defend against XSS is disabling HTML code at the point where someone can enter text.
    If you need to allow someone to enter code along with their text you should create something similar to a BBcode, but you will need to check the outputs regularly to avoid being compromised. Time consuming for a large site.
    Ryan Pulaski Furniture

Comments are closed.