Iframe security how to#
The above picture shows how to display another website within a website. The simple attribute to use iframe is as follows: Security risk in iframe is an important topic to discuss because the usage of iframe is very common- even the most famous social networking websites are using iframe. The simple way to explain iframe is that “iframe is the technique to display the information from another web page within the same (current) page”. In this article, we will discuss the attack at HTML level or attack at HTML codes, iframe is the part of HTML or a technique used in HTML to embed some file (document, video and others) in the same HTML page. This can break the trust of the visitor on your website. SQL-injection is dangerous because an attacker may get access into a database and steal the information of the user and the administrator of the website, but what if an attacker simply hijacks the user or simply redirects your visitor to a malicious website. There are so many automatic tools and manual techniques available to test a website for the most common vulnerabilities, like SQL injection, cross site scripting, security misconfiguration and others, but we should take care about the variant of these vulnerabilities.
Hackers are always trying to discover new ways to trick a user so from a penetration tester’s point of view a website administrator should take care of each and every vulnerability and the weaknesses that an attacker may exploit to hack into a website.
OWASP has created an outline to secure a web application from the most dangerous vulnerabilities in web application, but it is always good to be actively learning about the new weaknesses and the new ways that an attacker might use to hack into a web application. Hackers use websites to spread their malwares and worms, and they use the compromised websites for spamming and other purposes. Web application security is always an important topic to discuss because websites seem to be the first target of malicious hackers.
0 kommentar(er)
