flying toasters ⚡

Hackers Gonna Hack!

Hackers are a real threat to your website and your business. They can cost you valuable time and money. You work so hard to build your website and your brand, and it can all be taken away in a moment. The best way to keep your website and your customers secure is to build it right in the first place! We can help you do that.

To Have Success, Avoid XSS!

XSS stands for cross site scripting, and hackers can use this type of vulnerability to attack visitors to your website. If your code uses vulnerable javascript methods, or if the settings on your server allow for URL’s to resolve script tags on the page, you might be vulnerable. Attackers can even use this type of attack to steal session data in order to pretend to be a legitimate user. The best way to avoid this is to not use methods within your website’s code that allow for code injection.

That’s so 2008!

As you probably know, technology changes very quickly. The underlying code that all websites run on changes all the time, whether its a pure JS framework like VUE, or PHP like Laravel, or a hybrid stack. There are constantly new versions being released, core functions being added or deprecated, and vulnerabilities being patched or introduced. It can be hard to stay on top of everything, but I can guarantee that if you don’t, some hacker somewhere in the world will. Exploiting flaws in old code is kinda like hacker 101. One of the biggest issues, especially in server-side frameworks, is an attack called SQL injection. This is where the hacker can use something like a search field or other type of form to submit code to your server that tricks the server into returning sensitive information, such as usernames and passwords. The best way to avoid this kind of thing is to make sure that frameworks, scripting languages, plugins, databases, basically anything running on the server is up to date.
Another thing to consider is that when you find something that is out of date, updating it might not be as straightforward as you would think. If it’s a major update for a scripting language, your site may longer function as expected after the update, and there may need to be additional coding changes behind the scenes. This process can be delicate and needs to be handled by someone with the experience to do it correctly without destroying your site or losing your data. We can help you with that!

Be Good at Hiding

Sometimes, it’s easy to include sensitive data in things like URL’s because companies like Google tell you to add things like API keys to URL’s. It’s always best to hide that stuff. But how? Well, you can add your variables in a place that is inaccessible to public traffic, like an .env file. This should be common sense, but not everyone knows that this is even possible! Another thing to make sure of is that all of your sensitive data is encrypted. You can use a cryptographic hash and key to encrypt data and make it very difficult for someone to steal it.

The best defense for hackers is a good offense. Be smart about the way you build and code your website – better yet, hire someone who knows how to do it right!

Want to learn more or chat about your options? Grab some time on my calendar: https://www.etxws.com/consulting/