MyPage is a personalized page based on your interests.The page is customized to help you to find content that matters you the most.

I'm not curious

3 most popular ways of hacking you should protect your application from

Published on 07 May 15
3 most popular ways of hacking you should protect your application from - Image 1
There is no guarantee that your computers are entirely safe from hacking. There are many nasty individuals out there who are trying to gain unauthorized access into your accounts to obtain sensitive information from you such as your own private photos, credit card account numbers and your personal particulars.

As of late, hacks are pretty common for big time enterprises such as banks, retail outlets and even tech firms. Showing no one is 100% safe even with all the security systems in place. In 2014 itself, there were reports of data stolen from esteemed organizations such as JP Morgan and Sony Pictures. Such sensitive information was then leaked out without any remorse from these highly skilled hackers.

But for the common people out there, have no fear! We should not be worried too much on any high level hacking on our own accounts since the value of information that we possess shouldn’t warrant a sophisticated and highly invested quality of hacking.

However, we should take note of these 3 common forms of hacking methods which are identified to be Brute Force, SQL Injection and Cross-Site Scripting (XSS).

Brute Force

A very long, trial and error process that is used through application programs to retrieve data such as passwords or Data Encryption Standard (DES) keys by systematically entering possible forms of passwords without decrypting any information.

An uncomplicated form of brute force may use a long catalogue of words or commonly used passwords to gain access into the account. A more difficult form of brute force requires every key combination to acquire the correct password that will derive the password. Due to the massive amalgamation of alphabets, digits, and symbols that are keyed to hack, a brute force attack is a very long process to complete (can be up to years!). Furthermore, the higher the type of encryption used such as a 256-bit encryption, the longer it will take for hackers to acquire your passwords.

To start things first, a Structured Query Language (SQL) is the standard language for database management systems such as websites that store important information for users.

A SQL injection hack is defined as an injection of codes onto data-based management systems where malignant SQL statements are entered into an executed web forms. Such web forms could be login fields or a browser address field that require you to input a Username and a Password. The input you made will be entered into a SQL command. To further elaborate based on this program line:
String query = SELECT * FROM accounts WHERE custID=' + request.getParameter(id) +‘;. The hacker would then inject codes by altering the ‘id’ parameter in their browser to send: ‘or ‘1’=’1.
If the account’s SQL database or SQL system has faults, hackers could easily used this common technique to revamp the meaning of the query into the SQL command. This would result to the recall of all the records from the system’s database to the hacker, instead of only the intended user. As such, users who open such tempered files will obliviously grant hackers access to their account information

A cross-site scripting (XSS) hack is when an application acquires suspicious data input and sends it to a user’s web browser without any careful certification of the input as well as an escape function for the user output. The hacker can then execute scripts such as JavaScript, VBScript, ActiveX or HTML into the victim’s browser which can seize a user’s data when the users access his data page. Executed scripts can also redirect users to the hacker’s site which allow the hacker to take control of the user’s account.

Bear in mind, if the hacker knows some basic HTML and JavaScipt, they can recreate a bogus URL that can’t be spotted as malicious. The hacker will then easily form a XSS URL by just surfing a browser to test a vulnerable user’s account response.

At the moment, many websites require complicated web applications to provide different output content to a large pool of users who have their own unique set of preferences. Unfortunately, such comprehensive websites may increase their risk of being susceptible to cross-site scripting hacks.

Protect yourself

Now that you are aware of such hacks in place or if you have already known about these forms of hacks, we shall focus on some ways in which you can protect yourself.

To avert brute-force attacks, most systems only allow users to type in mistaken passwords for up to 3-4 times, which is a fortunate thing. For users, they should apply a very complicated password that would be extremely difficult for brute-force hacks to occur. For such a password, it should be at least 8 characters long and have a combination of uppercase letters, lowercase letters and numbers. You may even add symbols into your password combination mix. Also, be sure to update your passwords regularly (such as every 3-6 months).

For preventing SQL injection attacks, users can apply parameterized queries or prepared statements which are easily implemented. The parameterized queries can be simply coded and it allows developers or programmers to define the SQL code, and then insert each parameter into the query. The database site will be able to detect and recognize any code or data. Hence, even if the hacker inserts his own SQL commands, the parameterized query will not be susceptible to such hacking as they will look for a username and password that matches the hacker’s SQL commands.

Lastly, to defend yourself against XSS hacks, the rule of thumb is to encode every single data (such as <, >, ‘ and ) that is given by a user. Such data that are commonly required for programmers to encode would be the URL address, the HTTP referrer objects and most importantly any HTML.
You may also try encoding the htmlspecialchars() function in PHP. It encodes all HTML tags and special characters.
This blog is listed under Data & Information Management and IT Security & Architecture Community

Post a Comment

Please notify me the replies via email.

  • We hope the conversations that take place on will be constructive and thought-provoking.
  • To ensure the quality of the discussion, our moderators may review/edit the comments for clarity and relevance.
  • Comments that are promotional, mean-spirited, or off-topic may be deleted per the moderators' judgment.
You may also be interested in
Awards & Accolades for MyTechLogy
Winner of
Top 100 Asia
Finalist at SiTF Awards 2014 under the category Best Social & Community Product
Finalist at HR Vendor of the Year 2015 Awards under the category Best Learning Management System
Finalist at HR Vendor of the Year 2015 Awards under the category Best Talent Management Software
Hidden Image Url