This article gives you detailed information on how to keep yourself safe from phishing scams.
Websites that need to store sensitive information, such as usernames, passwords or other personal details, must use strong encryption to secure the data. Insecure cryptographic storage means sensitive data isn’t stored securely. If malicious users can access insecurely stored data, they can view it with little effort.
Strong, standard encryption algorithms, [...]
Injection vulnerabilities let visitor-provided input, such as text in a search or contact form, interact with important website files or databases. Injection flaws affect multiple languages or protocols, such as LDAP, SQL, and XML.
Malicious users can exploit injection flaws if a site isn’t configured to validate input. Attackers might [...]
Direct object references expose website or account-specific details, such as account numbers, file names, directories, or database keys, in the URL or other accessible sources. Displaying sensitive information in the URL might be a security vulnerability if your website is not configured to verify access for every account-specific page or [...]
Cross-site scripting (XSS) vulnerabilities let visitor-provided input, such as text in a search or form, influence how a website functions or displays for another visitor.
Sensitive data, such as credit card numbers or other personal information, must be secured with strong encryption during transit from a visitor’s browser to the Web server. If the data isn’t encrypted, a malicious user might intercept and view the information.
SSL certificates help prevent insufficient transport layer protection by encrypting [...]
Cross-site request forgery (CSRF) is an attack that takes advantage of a website’s predictable access-restricted actions, such as updating the email address or password for an account.
If malicious users can predict the details for a particular action, they can trick logged-in users into clicking a forged link, typically through a [...]
Authentication and session management are the parts of a website that handle a visitor’s interaction with a website, such as logging in, saving preferences, or timing out due to inactivity. If any authentication or session management functions have a flaw, individual accounts or possibly the entire user group could be [...]
Common website functions, such as search results or account logins, frequently use redirects or forwards to send visitors to another destination. The web address often references the destination, which is displayed after url=. For example:
If the website doesn’t verify the destination, redirects or forwards might be vulnerable to modification. An [...]
Restricting URL access helps prevent visitors who are not logged in from accessing administrative or other restricted pages in a website. If visitors attempt to view restricted pages, they should be prompted to log in.
If pages in a restricted area are not configured to only allow authorized users to view [...]