re: Is it really easy for black hat hackers to inject codes into a website? VIEW POST

FULL DISCUSSION
 

Standard answer of course: it depends.... :)

Pragmatic suggestions follow:

  • Static sites are likely much less at risk => none of your code to attack on the server side, however any APIs in use need careful thought on selection & access control.
  • Beware of supply chain attacks if your sites use client-side scripting, and especially if that script is loaded from a CMS or 3rd party: troyhunt.com/the-javascript-supply...
  • Light reading: owasp.org/index.php/Security_by_De...
  • If hosting in AWS, leverage their monitoring and alerting tools, especially modern anomaly detection systems, and have a plan on how you will react if something bad shows up: aws.amazon.com/security/

Hope this helps..

 
code of conduct - report abuse