At Sparkbox, we work every day to build a better web. This means designing, developing, and maintaining websites that are usable, accessible, performant, and secure. Building a more secure web means keeping our websites and web apps safe for our users. So how can we, as developers, designers, and project managers, contribute to a safer web?
For Safer Internet Day, our team has put together some information about a few common security issues found on the web. We hope these will help your team feel more confident when advocating for and building more secure web applications at your own company and with clients.
Man-in-the-Middle Attacks
In this video, Melissa explains man-in-the-middle attacks and suggests a solution through encryption, strong credentials, and forcing HTTPS.
YouTube embeds track user data for advertising purposes. You can watch the video on YouTube if you prefer not to grant consent for YouTube embeds.
Learn more about man-in-the-middle attacks and how to prevent them:
Rapid7 on man-in-the-middle attacks and best practices for prevention
Veracode’s explanation of man-in-the-middle attacks with diagrams of this kind of attack
OWASP’s man-in-the-middle attack definition with suggestions for prevention tools
SQL Injection
Has an attacker ever performed SQL injection on your website or application? In this video, Paul explains what SQL injection is and how you can combat it.
YouTube embeds track user data for advertising purposes. You can watch the video on YouTube if you prefer not to grant consent for YouTube embeds.
Learn more about SQL injection attacks and ways to protect yourself:
Cross-Site Scripting
In this video, Ricardo explains cross-site scripting and gives a solution through sanitizing and escaping data.
YouTube embeds track user data for advertising purposes. You can watch the video on YouTube if you prefer not to grant consent for YouTube embeds.
Learn more about cross-site scripting attacks:
Email Phishing Attacks
Have you ever received fraudulent communications? Erin explains phishing attacks and gives practical tips to avoid becoming a victim of these pervasive attacks.
YouTube embeds track user data for advertising purposes. You can watch the video on YouTube if you prefer not to grant consent for YouTube embeds.
Learn more about fraudulent communications and phishing scams: