Website Security

As more and more business is done using the World Wide Web, web sites themselves have become increasingly attractive to cybercriminals. What makes a web site such an lucrative target for an attack is not only that there are so many sites to attack, but the fact that an overwhelming majority of all web sites can be easily exploited by some of the most common vulnerabilities.


Got questions about dotDefender? Please visit our knowledgebase for answers or contact Support at

Featured Blog Posts

The Anatomy of a SQL Injection Attack

SQL injections are one of the most dangerous attacks used against web applications. In 2010, ... read more ...

The Big Website Guide to a Hacking Attack

Working in IT, one of the most dreaded calls you can receive is the one ... read more ...

Top Jordan website back up after hacking

AMMAN — Jordan's most popular news website, Ammonnews, said it was shut down ... read more ...

According to a three year study by WhiteHat Security that assessed vulnerability data in 1031 different web sites, it was found that:

How are Web Sites Attacked?

In the early days of the World Wide Web, hackers would engage in hacking attacks to deface web sites as a sign of protest against a corporate or political ideology, or test their hacking skills using defacement as a way to gain notoriety amongst their peers. However as the Web has grown, and more business is reliant on web technologies to function, attacks against web sites have become more complex and sophisticated because of one reason - money. In light of this, Web application security has never been more critical to business.

Attackers, no longer driven by notoriety and ideology, have focused more on techniques that allow them to profit from their illegal activities. Exploited sites allow the theft of steal credit card data, financial information, identities, intellectual property, and anything else cyber criminals can get their hands on.

Funded by criminal organizations, attackers now rely on large botnets that can rent for as low as $150 for 2000 machines. In the hands of these cyber criminals, these zombie machines are able to seek out vulnerable web sites. Once these sites are identified, the attacker turns the focus of the botnet towards launching coordinated, distributed attacks against them exploiting web applications, web servers, FTP servers, and any other possible point of entry.

What are the Most Common Vulnerabilities?

There are many different ways in which attackers are able to compromise a web site. Some of the most common vulnerabilities that attackers use are:

With the proliferation of out of the box web applications, it has never been easier for web sites to be built rather quickly. Unfortunately, these quick solutions also make it easier for attackers. Without proper training and knowledge, many of these sites are left with multiple vulnerabilities.

The Need to Protect Web Sites

In addition to a compromised web site exposing sensitive data, there are other risks associated with web site security.

Denial of Service Attacks

Denial of Service attacks are intended to disrupt a web site’s ability to serve pages to its visitors. Usually, these attacks are carried out by overloading the server with requests. Businesses that rely on their web site for normal business operations can find a tremendous drop in revenue as a result.

Brand Damage

One of the most damaging things that can happen to a web site is to have it flagged as malicious. According to, not many sites even realize that they serve malicious pages. That is until it is too late. Sites that are flagged as malicious lose customers and visitors as a result.

Network Security Risks

Web sites that are compromised can provide the attacker access to a company’s internal network. Through attacks like Remote File Includes, an attacker is able to access protected files that may contain authentication information used on other network resources.

How Does dotDefender Helps to Protect Your Web Site?

dotDefender enables companies to address challenges facing their web site in a straightforward and cost-effective manner by utilizing a Security as a Service solution. dotDefender offers comprehensive protection against SQL injection, cross-site scripting and other threats that your web site faces every day.

The reasons dotDefender offers such a comprehensive solution to your web application security needs are:

Architected as plug & play software providing optimal out-of-the-box protection, dotDefender creates a security layer in front of the application to detect and protect against application-level attacks in incoming web traffic that could be used to compromise the web server, steal sensitive information, or disrupt web services.

Related Articles:

Prevent Denial of Service (DoS) Attacks
PCI DSS Compliance
Web Application Security

Please Wait...