Web Server Scripting Security Issues

Coding Vulnerabilities

Coding vulnerabilities refer to scripts that can come across many problems from coding vulnerabilities that could possibly affect the security of the server which holds all the user’s details and information. This could consist of SQL injection and XSS attacks. XSS is basically when script is entered into the websites database and this can be presented to other users when attempting to gain access to their profile. This is usually a part of java script which is a way to redirect a person to another website such as a phishing website. SQL injection refers to hackers make an attempt to alter the SQL statements that are used to gain access to databases through the use of HTML forms within websites. In example, when a SQL code is added to the email input field then an additional admin account will be created and added. Developers should make an effort to take serious actions to prevent SQL injection from happening because the consequences of hackers compromising the database could lethal and bad for the database altogether.

Bad scripting & Backdoors

Scripting languages can end up in to backdoors being created within the system either accidently because of low quality coding or it is done with intentions by the programmer in the future. This is a huge security hazard to the server because the backdoor that are created can be used by hackers for example to insert malicious code that will affect the websites user’s computers or even create more problems with the company’s database. The code that is being written should be double checked and read over to make sure it does not consist or have any backdoors or backdoors for testing or as a backup option should not be left in the code by developers.

SSL

SSL was deliberately created to develop server-side scripting by the process of encrypting information and details such as credit card details and passwords. Yet, this will generate a false sense of security as SSL can be forged due to the high number of certificate issuing companies worldwide. Therefore, an issuing company could issue a certificate for one website and another issuing company could give a certificate to a fraudulent website. Because of this it will mean customers may end up visiting the website that may have intentions of phishing for customers data which is a security problem with web server scripting as it cannot be used to stop these fraudulent actions from occurring.

Scanning PCs Without Consent

PHP Scripting is used by programmers to gather a load of information from users without them even knowing that it is even occurring. The information collected will vary from the users IP address (which is used to get a location), the page they came from and the browser that they are using. Therefore, this is seen as unethical as the company is collecting information/data about their users and customers without their consent. This information can then be used for further targeted advertising which increases the profit the company takes in.

Faking Statistics To Obtain Advertising Deals Based on Visitor Numbers

Scripting languages main use is to see the number of many visitors that have reached the page. The number of visitors can then be used to display and carry out deals to do with advertising with former companies. In example every 100 visitors that come across a banner advertisement, the company will pay £5 for the banner being shown/accessed. However, the downside to this is that the figures that are produced by the statistic software could be forged without the other company knowing. An example of figures being altered would be for each visitor to the website, 2 visitors ate counted instead of 1 which will defiantly increase the advertising income from the website.