Cyber Security Guide

Given the vast scope of cybersecurity, I’ve written this guide to help address and simplify some of its key topics.

If you need any help with your web application you can contact me.

What is cyber security

Cybersecurity covers a wide range of areas, but four main subjects stand out: Cloud Security, Application Security, Network Security, and Endpoint Security. Each of these focuses on protecting different aspects of digital infrastructure, from data storage to communication channels. Together, they form a comprehensive defense against a variety of cyber threats.

  • * Endpoint Security – Desktop computers, laptops, mobile phones, tablets, and IoT devices.
  • * Network Security - Desktop computers, laptops, mobile phones, tablets, and IoT devices.
  • * Application Security - Web applications, mobile apps, software programs, and cloud-based platforms.
  • * Cloud Security - Cloud servers, storage platforms, virtual machines, and cloud-based services (e.g., AWS, Google Cloud, Microsoft Azure).

Application security

The main goal of this website is to provide web application security services. Applications can be broadly categorized into two types: software applications and web applications/websites. Not all web applications are equally vulnerable to attacks. For instance, static websites generally have a very small attack surface besides compromising your hosting account, there's not much attackers can do to them.

On the other hand, dynamic websites, which rely on databases and accept user inputs such as comments or search parameters. and probably have a login system have a larger attack surface. These types of web applications are more susceptible to security threats compared to static websites.

As a beginner, I’m offering free help for websites, focusing on the main security areas I’m familiar with:

  • * SQL Injection - This involves injecting malicious parameters into a database query, allowing attackers to retrieve, modify, or delete sensitive data. It's one of the most common and dangerous web application vulnerabilities.
  • * Cross-Site Scripting (XSS) - This occurs when an attacker injects malicious JavaScript into a website, which is then executed by other users' browsers. This can lead to unauthorized actions such as data theft, session hijacking, or spreading malware
  • * Broken Access Controls - This vulnerability arises when files or directories are not properly secured, allowing unauthorized users to access sensitive resources. It’s critical to enforce strict access control policies to ensure that only authorized users can access certain files or perform specific actions.
  • * Authentication Issues - These occur when user authentication logic is flawed, such as weak password policies, lack of multi-factor authentication (MFA), or insufficient protection against brute-force attacks. Securing the authentication process is vital to prevent unauthorized access to user accounts and sensitive data.
  • * Click jacking - Clickjacking is a web attack where a user is tricked into clicking something different from what they perceive. An attacker typically loads a legitimate site in a transparent frame over a deceptive page, making the user unknowingly interact with hidden elements. This can lead to unauthorized actions like changing settings or confirming transactions.
  • * Path Traversal - Path traversal is a security vulnerability that allows attackers to access files and directories outside the intended folder. By manipulating file paths (e.g., using ../), an attacker can read sensitive files like configuration files, passwords, or system data if proper validation is not enforced.
  • * CSRF - Cross-Site Request Forgery is an attack that tricks a user into performing actions on a web application where they are already authenticated. By submitting unwanted requests on the user's behalf, such as changing account details or making a purchase, an attacker exploits the trust the site has in the user's browser. Proper token validation helps prevent it.
  • * CORS - Cross-Origin Resource Sharing is a browser security feature that controls how web pages can request resources from different domains. Misconfigured CORS can allow unauthorized websites to access sensitive APIs or user data, leading to security risks.
  • * Information Disclosure - is a vulnerability where a system unintentionally reveals sensitive data, such as internal errors, server details, or user information. This can help attackers understand the system and plan further attacks.