IT Security Today

Posted in Website Security on Nov 03, 2017

Prior to the wannacry attack in May 2017, many companies in Singapore thought that their sites does not have anything worth being hacked for and as such, neglected in up keeping their IT Security. However, as bad as it may sound. majority of the sites/server compromised are not to steal or deface your site. but instead, using your server as a source for spams mail or storing of software to serve for illegal purposes.

Though commonly, compromised server are often used as botnet or to mine bitcoin.

As such, today blog post will serve as a few common exploit as well as tips to safeguard your websites from black hat hackers.


SQL injection is basically an attack where hackers use web form like login to insert specific codes to gain access or manipulate your database. when standard transact SQL is being used, one can just used ‘ OR ‘1’=’1′ — to gain access to one database. To fix this, one should always explicitly parameterising it.

2. XSS

Also known as Cross Site Scripting works by injecting malicious JavaScript into your pages which will in turn be run by your users. XSS is scary as it steals all your user cookie login, allowing all the users who viewed the comment to be attacked. XSS is getting worrying as nowadays sites are built mainly for user content.
One should always consider using tool such as XSS defender which is a content security policy which is a header that when inserted, will tell browers to limit how and what javascript can be executed in the page e.g disallow running of javascript that is not hosted on your domain.

3. Error Message

Information in error page may give you away in your error messages. Provide only minimal errors to your users, to ensure they don’t leak secrets present on your server (e.g. API keys or database passwords). Don’t provide full exception details either, as these can make complex attacks like SQL injection far easier. Keep detailed errors in your server logs, and show users only the information they need.

So there you go, this 3 IT Security tips should ensure your site be protected from entry level hackers or better known as script kiddies. in the next security blog we will talk more on comprehensive attacks that mid-high level hackers will use on sites.

For more concerned individual 8 GB Technologies is providing a free website audit to better help you understand what are the vulnerability found in your website. 

Let’s us all keep the internet safe for our users.
8 GB Technologies