At Sparkbox, we work every day to build a better web. This means designing, developing, and maintaining websites that are usable, accessible, performant, and secure. Building a more secure web means keeping our websites and web apps safe for our users. So how can we, as developers, designers, and project managers, contribute to a safer web?
For Safer Internet Day, our team has put together some information about a few common security issues found on the web. We hope these will help your team feel more confident when advocating for and building more secure web applications at your own company and with clients.
Man-in-the-Middle Attacks
In this video, Melissa explains man-in-the-middle attacks and suggests a solution through encryption, strong credentials, and forcing HTTPS.
Learn more about man-in-the-middle attacks and how to prevent them:
- Rapid7 on man-in-the-middle attacks and best practices for prevention
- Veracode’s explanation of man-in-the-middle attacks with diagrams of this kind of attack
- OWASP’s man-in-the-middle attack definition with suggestions for prevention tools
SQL Injection
Has an attacker ever performed SQL injection on your website or application? In this video, Paul explains what SQL injection is and how you can combat it.
Learn more about SQL injection attacks and ways to protect yourself:
- W3Schools on SQL injection and parameters for protection
- PortSwigger on various types of SQL injection
Cross-Site Scripting
In this video, Ricardo explains cross-site scripting and gives a solution through sanitizing and escaping data.
Learn more about cross-site scripting attacks:
- OWASP on cross-site-scripting attacks
- OWASP on vulnerability scanning tools
- MDN Web Docs on content-security-policy
Email Phishing Attacks
Have you ever received fraudulent communications? Erin explains phishing attacks and gives practical tips to avoid becoming a victim of these pervasive attacks.
Learn more about fraudulent communications and phishing scams:
- The Street on different types of phishing scams
- Federal Trade Commission on how to recognize and avoid phishing scams
- How to Geek on what you should do if you get a phishing email