Why Ugandan websites are vulnerable to hacks

Why Ugandan websites are vulnerable to hacks

Geek week 2015 posts
[blockquote right=”pull-left”]
[/blockquote]

Web development is not a new thing in Uganda as many Undergrads have taken it up as passion as it does not come with many difficulties in mastering compared to other development technologies which require an extra effort. In fact it should be noted that today you will not proclaim yourself a developer if you cannot put up a basic HTML page on the internet as you will not have fulfilled the “bro code” among the guys.

 

If you are web developer based in Uganda developing web 2.0 apps the feeling you should be having as you read this article is directly compared to a kid who refused to wash utensils and he has just got the news that the parents are back from work.

By now you should have logged in your C-Panel and put your house in order because according to our findings at Techjaja developers are ignoring the basics of security designs and their websites have become a playground for hackers, script kiddies around the world.

This effect has mainly been attributed to ignorance as the basics of information security are news to Ugandan developers that’s why below we discuss a few flaws that developers are ignoring and are making their websites vulnerable to hacks.

 

  1. Sql Injection

Sql injection is a type of attack were an attacker manipulates the forms or URL to manipulate your website and get access to your database. This is commonly done by inserting rogue codes in your query that could be used to alter the data in the database thus making it available to the attacker.

The use of parameterized queries can help you prevent this type of attacks.

 

  1. XSS (CROSS SITE SCRIPTING)

This type of attack hackers are using a scripting language called JavaScript into web forms in an attempt to run malicious codes in your site. The best way to prevent this type of attack is to strip out HTML as you submit data in your code.

 

  1. Un Updated Software

Most Ugandan hosting service providers are either slow in updating or they do not update software on their servers?

Yeah hosting providers you heard mi” most websites down time is due to vulnerabilities in the servers that are never updated or upgraded so regular server updates and upgrades are really important to keep hackers away.


  1. Source Code Revelation

Now this is an interesting one I mean almost all websites in Uganda are open source hehehehhe funny but true is that your source code is readily available for public consumption. Let’s compare it to the private pictures rich in eye nutrition once in the public they are no longer private pictures but readily available for our consumption same applies to source code.

 

  1. Error messages

Ugandan Websites have juicy-juicy error messages. The error messages reveal so much of how the website might be operating for example “Sorry we could not add your account to the database”

Use something like “Invalid Login details please try again” something that could not give the hacker something else to think about.

 

  1. Easy Passwords

Most C-Panel have very easy login details. Developers are having login details closely associated with their personal lives which has given hackers an edge in making Ugandan websites their compound play grounds. Some Ugandan have even passwords related to their domain name. So very complicated password as we have written over and over at Techjaja are the way to go.

 

  1. File uploads

File Uploads are a very big security risk even if you are allowing a user to upload his /her avatar this is the same as welcoming a night dancer into your home.

Hackers have found a way of uploading malicious scripts, files into your site and these can be of great damage to the website as databases can be exposed basing on how the hacker designed his kind of attack.

Therefore developers should design uploads in such a way that there is strict processing of files.

 

  1. Site Encryption

Above all safety fast as the saying goes our advice to the developers out there is that they should embrace SSL (Secure Socket Layer) encryption as a way of encrypting everything that happens on your website.

It’s a good practice to encrypt everything going through a website especially if it involves personal information.

 

Image Credit: BBC

[trending included_tags=”2811″ title=”GEEK WEEK 2015″ disabled_filters=”reviewed,rated,commented” postsperpage=”19″ timeperiod=”all”]

SHARE
11
Total