|
|
Even backups need to be encrypted to protect them safely. Do not accept anything from a connection that is not HTTPS. Use HTTPS and PFS Missing function level access control (missing function level access control) This is an error that occurs due to the issue of decentralization . rely on the fact that the server creates the user interface (UI) and users cannot access functions if they are not authorized from the server. On the other hand, hackers can still make “hidden” functional requests and are not hindered by the user interface. Missing function level access control - one of the website's security holes. Missing function level access control - one of the website's security holes . How to prevent On the server side, always implement decentralization thoroughly, that alone is enough. Cross Site Request Forgery (CSRF).
This is a vulnerability that occurs because a third party impersonates a user and sends Email Data requests to the target website using a browser with the user's session or cookies. This will make the target website still think this is its user. This spoofing attack causes serious consequences for users. This vulnerability will lead to data theft, password changes, etc. Cross Site Request Forgery is one of the most common website security vulnerabilities. Cross Site Request Forgery is one of the most common website security vulnerabilities . How to prevent The way to prevent this vulnerability is to have a separate and secret token in a hidden HTML form field to prove that the request comes from the user's website. Using components with known vulnerabilities Most software today uses external components or libraries because they provide a lot of support to programmers.
Vulnerabilities from components such as libraries, plugins and other components are called component vulnerabilities. Using components with known vulnerabilities is a vulnerability that occurs when the software uses libraries that already have vulnerabilities. How to prevent You need to pay careful attention when using external components, and carefully check the code to see if there are any vulnerabilities. Because when there is a vulnerability, hackers can read your data, passwords, etc. You need to update everything. Make sure you're using the latest version of everything and update regularly. Unvalidated redirects and forwards (Do not check URL redirects and forwards) This vulnerability is caused by an input filtering issue .
|
|
發表於 2024-3-10 11:30:47