Is it really easy for black hat hackers to inject codes into a website?

・1 min read

I use Netlify & AWS Free Tier for hosting.

How easy is it for black hat hackers to inject malicious codes into a website?

Coming to realize that I've been offering web design/development services to friends and online, I still don't have a clear picture of how to secure a website aside from the HTTPS and SSL Certificate.

Any advice for a beginner?

Thanks!

DISCUSSION (8)
 

Standard answer of course: it depends.... :)

Pragmatic suggestions follow:

  • Static sites are likely much less at risk => none of your code to attack on the server side, however any APIs in use need careful thought on selection & access control.
  • Beware of supply chain attacks if your sites use client-side scripting, and especially if that script is loaded from a CMS or 3rd party: troyhunt.com/the-javascript-supply...
  • Light reading: owasp.org/index.php/Security_by_De...
  • If hosting in AWS, leverage their monitoring and alerting tools, especially modern anomaly detection systems, and have a plan on how you will react if something bad shows up: aws.amazon.com/security/

Hope this helps..

 
 
 

I don't even have a clear image of what you are planning and what services are you gonna use. If your web involves APIs for the database. there can be an issue such as SQL Injection(I don't have any background on back-end, I just know SQL Injection from both the desktop and web realm).

Just learn these back-end programming languages(go,ruby,python,js,etc.) and ensure that your website is secured.

Classic DEV Post from Jan 2

If you've recently switched code editors— How's it going so far?

...

is a Musician and always reminds himself that he is a day away from being a Full-Stack Developer