3 Common Cyber Security Issues & Fixes
During any kind of test we run an initial vulnerability assessment to find the low hanging fruit. There are many common vulnerabilities that are overlooked but can be fixed quickly and easily. This post will look at 3 common issues and how they can be easily fixed so you are not an easy target.
SQL Injection
SQL injection is where an SQL query can be inputted into forms (and other input fields) to attempt to manipulate the database. For any business this can be very dangerous.
The dangers:
- Data being changed
- Data being deleted
- Data being ransomed
To find out how to fix SQL injections on your website visit
https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html
Related Services: Penetration Testing
Patch Management
Most websites use plugins and add-ons of some sort to support the functionality of the website. Although plugins do make life easier, they also open up a world of vulnerabilities if not managed properly. Most of these issues come from when the plugins and add-ons are not updated regularly. Most patches are a result of a security issue identified, if you do not update your plugins the issue will be there for hackers to exploit. The best way to avoid any issues is to have some sort of patch management schedule in place where you update regularly.
Related Services: Penetration Testing, Cyber Essentials
User Permissions
Although this may sound like an obvious one it is one that we come across very often. When setting up new users it is key that they only have access to what they need to have access to. All users should not have local administrator privileges as default as if one system gets compromised its always a local admin. To avoid issues like this you can employ Active Directory that will set up default required access for certain job roles.
Related Services: Penetration Testing, Cyber Essentials