0

I am developing a website using this book. From my knowledge and from the book, the major issues that I would have to look out for are XSS, CRSF and SQL injection attacks. I have found that there is ample resources, plugins and solutions that can prevent these attacks. Are there any other attacks/other hazards that could harm my website?

I am using IIS 10 to run a ASP.NET Core MVC 1.0 website.

Boolean
  • 193
  • 2
  • 9
  • 4
    Given that there are many more risks than you've mentioned a question of asking for all of these risks and how to prevent these is too broad. I recommend to start reading with the [OWASP top 10 risks](https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf) which provides both information about the risks and how to address these. – Steffen Ullrich Dec 18 '17 at 20:04
  • Don't forget about the server side as well. SSL/TLS, IIS, apache, .net/aspx, php, all these have security vulnerabilities from time to time. Always best to check against a scanner. Qualys' SSL test is a good one, but there are others out there. Also make sure your box and all software stays up to date. – K.B. Dec 18 '17 at 22:06

1 Answers1

0

Without seeing an actual version of the site our answers are going to be pretty low quality.

However, a suggestion would be for you to run a vulnerability scanner on the site and provide some feedback we could work with/talk you through?

Suggested scanners to try would be OWASP ZAPP or Nessus.

Good luck!

rebuscodes
  • 16
  • 1