A user visits a site's homepage.
A site prompts the user for their user name and password.
A site produces an error message for an invalid user name.
A user clicks on a hyperlink to visit another page in the same site.
A user clicks on a hyperlink to visit another page in a different site.
Educate your users to recognize safe vs. unsafe web pages.
Escape user's input is valid as soon as possible.
Use an interpreted programming language such as Java or C#.
Make sure your database is configured for strong security.
Are partially corrected by adding and validating on submission a hidden field with a secure random number as its value.
Only affect pages with forms that do not include the user name in the data sent back to the server.
Prevented by using newer web frameworks such as Ruby on Rails
Displaying the logon page's form.
Credit card numbers are being transmitted to the site.
Credit card numbers are being transmitted between two machines within the DMZ itself.
Credit card numbers are being transmitted between two machines within the secure network behind the DMZ.
Never. Encryption is always required.
Cross-site scripting (XSS) Vulnerabilities
SQL Injection Flaws
Buffer Overflow Vulnerabilities
Insecure Cryptographic Storage Vulnerabilities
Information Leakage Vulnerabilities
A message that states that the system is down for maintenance and tells what time it is expected to be back up. E.g.: Our site is down. We're sorry for the inconvenience. We are doing maintenance on our servers. The site should be up by 11:00 PM PST.
A message that says the user typed an incorrect password but does not display the username. E.g.: You entered an invalid password for the specified user.
A message that says that there was an error logging in mentioning the username. E.g.: User "JoeUser" could not be logged in with the information you provided.
An error message that says there was an internal error but does not provide any details to assist in debugging or reporting of the error. E.g.: There was an internal error. Please report this to the sysadmin.
An error message that says there was an internal error message and displays the call stack to assist in debugging and reporting of the error. There was an internal error. Please send a copy-and-paste of this page to the sysadmin.
Cross-Site Request Forgery (CSRF)
Cross-Site Scripting (XSS)
Buffer Overflow (AKA: Malicious File Execution)
Carefully validating user input and rejecting invalid input before executing any SQL requests.
Ensuring that you use only database software that has been widely tested and is generally considered secure.
Code all of your database access functions in a strongly-typed language to ensure that you do not have an type mismatches.
Always run the database on a remote machine and use SSL whenever you communicate with it.
Using prepared statements at runtime instead of dynamically evaluating SQL.
The account number should be treated as confidential data but is displayed in the user's browser's location bar potentially allowing passers' by to steal it.
The only likely reason for passing the account number within the URL is that it will be used by the system. This allows a user to alter the URL to reference other account numbers and potentially steal other users' confidential data.
The combination of both upper and lower case in the URL, when accessed by a browser that is running on system that is case insensitive (e.g.: MS Windows), can lead to an incorrect page being served and potentially displaying confidential information.
By using HTTP instead of HTTPS, the user's data can be stolen during transmission across the internet. One way this might happen is if one of the routers along the route has had malicious code installed on it.
By using HTTP instead of HTTPS, the user cannot be assured that there has not been DNS poisoning leading to them passing confidential information to a server other than their bank's server.