Validation of input and output data must be safe while using web browsers, email systems, and other software. Input handling is defined as how the server or application handles input from the user, or network, while output handling is how the server or application handles the output from the user such as using the printer. To be considered as "safe", data type, length, and syntax must be validated.
Phishing usually consists of scanning emails and websites, along with stealing identities and data. It is important to beware of the fraudulent emails containing spam, viruses and malware. Phishing can be reduced by paying close attention when opening unrecognizable emails, and websites.
Malicious file execution is an issue that many encounter. Uploading and downloading certain files can sometimes contain malicious viruses, trojans, and spyware. Malicious file execution will allow attackers to execute remote root kit installations, remote code executions, and even a complete system compromise! It is important to have a software that will scan all files before uploading and downloading.
Once you have a compromised browser, that is the beginning of an attack. This type of attack includes: automatic installation of spyware, mouse control, automatic computer shut off, changing of time stamps, and so much more. To prevent a browser from possibly being compromised, keeping browsers and plug-ins updated will help.
Failure to update third party add ons is another common issue, especially for household computers. Keeping plug-ins and anti-virus software updated at all times will prevent security issues. Frequently, after a bug is located within the system, developers will fix the issue, and release a newer version of the software. It is vital to make sure all softwares are 100%.
Data poisoning, also known as Cookie Poisoning, modifies content that is stored in a user’s computer. This attack gives hackers the chance to gather information about the user and use it for personal gain. Data poisoning also includes fake links and disguised malware. Attackers may also pose as a malware protection service to convince users to make a purchase, but the “protection” is usually a scam. To reduce data/cookie poisoning, ensure that firewalls are enabled on all computers.
These security issues listed only represent a portion of the total amount of web application security issues that exist. To learn more about web application security issues, visit The Open Web Application Security Project (OWASP) to learn more. Remember, it is important to stay updated and educated on ways to stay safe while using computers and web applications.
References:
https://www.watsonhall.com/resources/downloads/top10-website-security-issues.pdf
http://www.gfi.com/blog/top-5-web-security-issues/ http://en.wikipedia.org/wiki/Web_application_security
https://www.owasp.org/index.php/Top_10_2007-Malicious_File_Execution
