If you want to keep your website safe, it is important to understand the terminology used to describe the causes and effects of hacks. Software vulnerabilities and access control issues are two of the main causes of website infections, and in this post we will define some of the terminology used to describe them. consequences.
Here’s a short list of the terms. Read the full post at the Sucuri Blog.
When a website is blacklisted, a red warning page stops visitors to your website, or your search results might show a text warning.
There are numerous ways hackers can use your website to distribute spam.
3. Malicious Redirects
When a website is hacked, the attacker can force all your visitors to go to another webpage.
Common hacks don’t usually target websites specifically, but the risk to your website involves the exploitation of your server resources or your visitors.
5. Data Exfiltration
Data exfiltration is the act of taking information out of your web application that is unauthorized.
Phishing is on the rise, it’s the process in which an attacker looks to confuse the enduser into sharing their sensitive information.
Causes: Terminology Associated With Website Attacks
The more you know about the ways that can let an attacker into your website, the better you will be able to arm yourself against the odds.
1. Vulnerability Exploitation
There are various attack vectors an attacker can try to exploit when trying to abuse your website.
a. Remote and Local File Inclusion
Remote File Inclusion vulnerabilities take advantage of abuse features within programming language that allow a developer to include code from other files, specifically known as the “dynamic file include” mechanism.
b. Privilege Escalation
This kind of software vulnerability allows an attacker to gain elevated access…
c. SQL Injection
Structured Query Language (SQL) Injection (SQLi) vulnerabilities are very common and dangerous software vulnerabilities.
d. Cross Site Scripting
Cross Site Scripting (XSS) software vulnerabilities are perhaps the more common vulnerabilities you find when working with web applications.
e. Remote Code Execution
Remote Code Execution (RCE) software vulnerabilities sit at the top of the hill when it comes to scary attack vectors.
2. Distributed Denial of Service
Distributed Denial of Service (DDOS) are attacks in which the malicious person is looking to disrupt the availability of your website.
3. Brute Force
Brute Force attacks focus on abusing your access control mechanisms (i.e., how you log into your web application).
I hope this list helps clear up some of the terminology we use in our disclosures and discussions about website security risks.
Read the full blog posts here – https://blog.sucuri.net/2015/07/common-website-security-terminology-defined.html By Alycia Mitchell – Author for Securi on July 7, 2015