Are Your Sites Safe? Malicious Websites On the Rise

June 26th, 2012 by Duane A. Mac

Imagine your spouse, friend, or kid performing an innocent web search for, oh let’s say, ice cream flavors and they discover a link for a site describing every flavor imaginable in great detail.  They click on it and instead of ANYTHING dealing with cold, delicious ice cream,  they encounter a screen full of some of the worst (depending on your tastes) pornographic material imaginable.  Not a cool sight for your kids or internet savvy grandmother.  My wife visited a supposed C# group that was anything but sharp.  The site stated it was geared towards the popular programming language and provided a forum for its visitors and members.  Unfortunately, the site was a mega porn site geared towards “other than programming” appetites.  Some of these sites can track your activities or insert malicious logic on your systems if the right, or wrong, information is input while attempting to leave their sites.  Of course, these sites don’t have to be as ominous and obvious looking as a porn site.  According to the Google security team, some of them can be  innocent sites compromised by malware authors or built specifically for malware distribution and phishing.

According to Google, they block approximately 9,500 new malicious websites daily as part of its anti-phishing and anti-malware capabilities.  Users are usually greeted with a warning that the site may be a prime suspect for malware or phishing.  Google search engine results contain a warning if a site is detected by Google as being potentially malicious in nature and between 12 to 14 million Google search queries a day display website warnings.  So how safe are the sites we create?  Most sites contain at least one or several web applications which means they are highly vulnerable to attack.  Custom Web apps can contain multiple coding errors which leaves them open to all types of attack.

According to the HP 2011 Cyber Security Risks Report, static analysis, testing without executing the program, performed on custom Web applications found approximately half were vulnerable to reflected cross-site scripting, and almost all were vulnerable to injection flaws. Custom apps were also susceptible to insecure direct object reference vulnerabilities and almost were vulnerable to information leakage and improper error handling. Dynamic analysis found more than half were vulnerable to communication vulnerabilities.  The responsibility lies heavily on the developer/designer to ensure their product is secure, and if necessary, solicit the expertise of security experts to secure their apps/sites.  Like precious artwork, it is fun and exciting to create cyber masterpieces.  But also, similar to these works of art, your work must be safeguarded against threats to your site and customers.  Visit our affiliate at Kobo books for not only a variety of information on Web and information security, but virtually any subject with which you are interested.

Page 1 of 2 | Next page

Related posts:

  1. “Bizarre” Web Sites
  2. Why Small Business Websites Should Go For CMS Solutions?
  3. Want To Beat Hackers At Their Own Game?
  4. Mobile Apps Reverse Engineering Tools
  5. When Good Designs Go Bad

Posted in Web design/development | 2 comments

Previous post:
Next post: