A website can have a weakness in that hackers can exploit it in order to enter the system and cause havoc, theft, fraud, terrorism, identity theft and more. Information can be high jacked and held for hostage, personal information can be used for identity theft and/or fraud if the user retrieves a credit card number or the hacker can bring down an entire business network through a denial of service attack. Any type of security threat can cause a business network to lose its reputation, be sued in a lawsuit or to lose a lot of money if security prevention measures are not in place.
Sony endured the scrutiny of 77 million customer’s private information being leaked when the Sony network was hacked into. There was apparently a security hole in the Sony website system. Hackers gained personal information of the users such as their name, address, phone number, email address, credit card number and user passwords that were in the Sony network. The website security hole caused Sony the biggest cyber-attack in internet history.
The security hole allowed a hacker to implement cross-site scripting. The Information technology teams of Sony did not prevent cross site scripting. Cross site scripting will provide an attacker a weakness of the ability to embed a script into a web page application to bypass any security measure that will allow them access to the information residing behind the application walls. Therefore, prevent cross site scripting by filtering for input and output for special characters or suffer the same consequence as Sony.
The hole also allowed a hacker to implement SQL injections because there were not any website security prevention measures in place. The Information technology teams of Sony should have implemented the prevention measures against the embedding of an SQL injection. SQL injections made the Sony website games appear to have a fake virus scan on the user’s personal computer and ask the user to buy the antivirus software to scan and remove the virus. Therefore, prevent SQL injection by using parameterized queries and stored procedures.
Hearing about Sony and the cyber-attack that caused them to be involved in the biggest cyber-attack in internet history should encourage all website owners be a little wiser. Websites can have other security holes that open them up to dangerous attacks besides cross site scripting and SQL injections. For example: XC scripting attack, PHP/ASP Code Injection, Directory Traversal, file disclosure, and remote file inclusion to name a few. Therefore, website security is an important concern whether it is for business or personal use. Prevent cross site scripting, prevent SQL injection, and many more possible security threats.