Lesson 3: What do security threats look like?
There are multiple types of security threats. Being aware of some common threats can help you have a plan in place to address these issues. Threats can look like software vulnerabilities, password attacks, or even disaster events.
Attacks on software code vulnerabilities
Attacks on software code vulnerabilities are when attackers find weaknesses in the code of your website and exploit them. There are three main types of software vulnerabilities.
- SQL (Structured Query Language) Injection: An attacker tricks your website’s SQL database (the place where your customer data is stored) into revealing sensitive information or modifying itself.
- XSS (Cross-Site Scripting): An attacker tricks your website into loading malicious JavaScript on a visitor’s browser.
- RCE (Remote Code Execution): An attacker tricks a website file into running malicious code that the attacker provides to it.
Takeaway: Monitor your site and put other measures in place to make sure a hacker isn’t trying to sneak into your code. (We’ll talk about ways to do this in the next lesson.)
Password attacks
Password attacks target users who have weak passwords. Two common attacks are bruteforce attacks and credential stuffing attacks.
- Bruteforce: Picture someone in front of a locked door with a keyring that has a million keys, but they don’t know which one opens the lock, so they just insert each key and keep trying until they find the one that opens the lock. This is a bruteforce attack. An attacker tries a huge predefined list of common passwords (millions of passwords) until one works, they get blocked, or give up. This is why using a unique password will best protect your accounts!
- Credential stuffing: An attacker gets username/password data from known data breaches, and then tries to log in with the same username or password at other websites. This is why reusing passwords is so dangerous. For example, if you use the same username and password on many websites, attackers would be able to log into all your other accounts if even just one of them is breached.
Takeaway: Have a strong password and don’t reuse it across accounts! The video shows you how to keep your passwords secure.
Disaster events at your hosting datacenter
Disaster events at the host’s datacenter can also pose a threat. This includes fires, flooding, or even network hardware failures. These events can cause your website to go offline and possibly even lose its data if you don’t have a backup system in place.
Takeaway: You can’t prevent a disaster event like a flood, but you can back up your site so you don’t need to rebuild it from scratch.
Introducing GoDaddy’s automatic, set-and-forget Website Backup
Website threats can cause your site to go offline. To avoid losing all the data from your carefully built website, make sure you have a backup! GoDaddy has some automatic set-it-and-forget-it website backup tools to make this easy for you.
Starting to feel overwhelmed? Don’t worry! There’s hope
SQL, XSS, RCE–oh my! All of this can sound a bit complicated. Don’t worry, we’re going to tell you practical things you can do to keep your website secure in the next lesson. If you’d like a little more information before proceeding, check out some of the extra resources below.
Additional website security resources
- SQL injection protection
Learn about defending your site from SQL injection. - Cross-site scripting (XSS) attacks
Find out more about XSS prevention. - What is a brute force attack & how to prevent them
Take a look at this article to learn about brute force attacks.