Is it really easy for black hat hackers to inject codes into a website?

I use Netlify & AWS Free Tier for hosting.

How easy is it for black hat hackers to inject malicious codes into a website?

Coming to realize that I've been offering web design/development services to friends and online, I still don't have a clear picture of how to secure a website aside from the HTTPS and SSL Certificate.

Any advice for a beginner?

Thanks!

Comments

[Phil Ashby]

Standard answer of course: it depends.... :)

Pragmatic suggestions follow:

• Static sites are likely much less at risk => none of your code to attack on the server side, however any APIs in use need careful thought on selection & access control.
• Beware of supply chain attacks if your sites use client-side scripting, and especially if that script is loaded from a CMS or 3rd party: troyhunt.com/the-javascript-supply...
• Light reading: owasp.org/index.php/Security_by_De...
• If hosting in AWS, leverage their monitoring and alerting tools, especially modern anomaly detection systems, and have a plan on how you will react if something bad shows up: aws.amazon.com/security/

Hope this helps..

[Vicente G. Reyes]

Thanks! These would greatly help!

[Vince Ramces Oliveros]

I don't even have a clear image of what you are planning and what services are you gonna use. If your web involves APIs for the database. there can be an issue such as SQL Injection(I don't have any background on back-end, I just know SQL Injection from both the desktop and web realm).

Just learn these back-end programming languages(go,ruby,python,js,etc.) and ensure that your website is secured.

[Abdur-Rahmaan Janhangeer]

I'd suggest you learn back-end programming, that'll show you what to secure, thereby knowing naturally how do the bad guys work

[Vicente G. Reyes]

Do you have any links for me?

[Abdur-Rahmaan Janhangeer]

hacksplaining.com

[Vicente G. Reyes]

Thanks man!

[Abdur-Rahmaan Janhangeer]

anything, just ping!