DEV Community

Vicente G. Reyes
Vicente G. Reyes

Posted on

Is it really easy for black hat hackers to inject codes into a website?

I use Netlify & AWS Free Tier for hosting.

How easy is it for black hat hackers to inject malicious codes into a website?

Coming to realize that I've been offering web design/development services to friends and online, I still don't have a clear picture of how to secure a website aside from the HTTPS and SSL Certificate.

Any advice for a beginner?

Thanks!

Latest comments (8)

Collapse
 
vinceramces profile image
Vince Ramces Oliveros

I don't even have a clear image of what you are planning and what services are you gonna use. If your web involves APIs for the database. there can be an issue such as SQL Injection(I don't have any background on back-end, I just know SQL Injection from both the desktop and web realm).

Just learn these back-end programming languages(go,ruby,python,js,etc.) and ensure that your website is secured.

Collapse
 
abdurrahmaanj profile image
Abdur-Rahmaan Janhangeer

I'd suggest you learn back-end programming, that'll show you what to secure, thereby knowing naturally how do the bad guys work

Collapse
 
highcenburg profile image
Vicente G. Reyes

Do you have any links for me?

Collapse
 
abdurrahmaanj profile image
Abdur-Rahmaan Janhangeer
Thread Thread
 
highcenburg profile image
Vicente G. Reyes

Thanks man!

Thread Thread
 
abdurrahmaanj profile image
Abdur-Rahmaan Janhangeer

anything, just ping!

Collapse
 
phlash profile image
Phil Ashby

Standard answer of course: it depends.... :)

Pragmatic suggestions follow:

  • Static sites are likely much less at risk => none of your code to attack on the server side, however any APIs in use need careful thought on selection & access control.
  • Beware of supply chain attacks if your sites use client-side scripting, and especially if that script is loaded from a CMS or 3rd party: troyhunt.com/the-javascript-supply...
  • Light reading: owasp.org/index.php/Security_by_De...
  • If hosting in AWS, leverage their monitoring and alerting tools, especially modern anomaly detection systems, and have a plan on how you will react if something bad shows up: aws.amazon.com/security/

Hope this helps..

Collapse
 
highcenburg profile image
Vicente G. Reyes

Thanks! These would greatly help!