Join Focus

Share what you know with millions of people

Focus is the best place to turn what you know into remarkable content
×
0

In today’s Web 2.0 world, how do I ensure prevention of new user-hijacking methods such as clickjacking, cross site scripting and cross site request forgery that could attack critical applications within my infrastructure?

Attachments

Topics
Information Technology
Security
Jacob, Thomas
Answer This Question
Thomas Jacob
asked on Aug. 20, 2009
  • Recommended by:
0
Justin Bellinger
Posted on Aug. 22, 2009
  • Recommended by:

Common sense is the first starting point, making sure that you check what is being sent, and validate what is sent to any scripts you run.

The specific methods for prevention are rather dependent on the technology you are implementing (Java, php, other) on the server side.

Testing is also very important -- feed your scripts incorrect data to determine if you are capturing all exceptions etc.

If you are working in the ecommerce domain, frankly, hire in a security expert - if you can't afford one, you should be off-loading your ecommerce to a company that can do it properly -- Digital River, for instance.

A lot of self-help info is available if you google the terms you outline. That should probably be your starting point.

Best,

Justin.

0
Jamie Spartz
Jamie Spartz
Virtual Construction Manager/ IT Manager
Posted on Aug. 24, 2009
  • Recommended by:

Like Justin said the attacks are different depending on the technology used. Test it by sending malformed data to make sure you are "blocking" incorrect data. Personally I suggest if you are interesting in preventing any attack, you should learn how the attack is executed so that you can prevent it.

Someone needs to plant the attacks you are inquiring about by gaining access to the server they're hosted on first. So, the real concern for those attacks are the server's security, so that a person can't get in to plant the attacks that would affect the end users.

When it comes to user hijacking here is some incite:
"Many security pros, such as ESET Director of Technical Education Randy Abrams, think the problem is at the server level because a Web server or page must be compromised to allow for clickjacking. "The solution is to either ban Iframes on the Internet or attempt to deal with the problem at the browser level," Abrams said.

Answer This Question

Events

Related Activity

Syed Sabih Uddin Ahmed
Syed Sabih Uddin Ahmed answered
Is Cloud Computing a technology driven wave or a business lead wave of change?
9 hours 32 minutes ago
anderi Iosua
anderi Iosua answered
What is "the consumerization trend" and why is it a problem?
12 hours 53 minutes ago
Andrew Baker
Andrew Baker answered
Considering both Apple and Microsoft OS which has the best security?
14 hours 30 minutes ago
Andrew Baker
Andrew Baker asked
Are there hidden security costs for outsourcing?
14 hours 40 minutes ago
Rapidsoft Technologies
Rapidsoft Technologies answered
How can companies use mobility to extend the use of their ERP systems?
15 hours 14 minutes ago
Nora Stewart
Nora Stewart answered
What are some good practices to prevent spammers from filling out a form on my website?
yesterday
José Ricardo Santos
José Ricardo Santos asked
How can I transform members into buyers?
yesterday
Lucian Cazac
Lucian Cazac answered
What would you do if a direct competitor requests to add you to their Linked In network?
yesterday
rabbi rabb
rabbi rabb commented on
50 Places Linux is Running That You Might Not Expect
May 26, 2012
Andrew Baker
Andrew Baker answered
Will custom-built application delivery controllers in massive data centers replace off-the-shelf hardware?
May 25, 2012