In a recent report, security consultants with Context Information Security revealed that two thirds of web apps are a security risk when it comes to cross site scripting and one in five risk being attack by SQL interjections. The report also suggests that the average number of vunerabilities is up per web app, offering cause for concern.

Should we, web app users, be concerned ourselves over the security concerns? Let’s investigate!

What Are The Risks?

What is cross-site scripting and what are SQL interjections? In order to understand the risks, we need to know what the terminology means.

Cross-site scripting, also referred to as XSS, allows a malicious party to execute client-side code through a web page that isn’t theirs. Because the injected code appears to come from the trusted website, it will be executed without issue, allowing malicious actions to be ran for the end user. Here’s an example courtesy of Wikipedia.

Mallory posts a message with malicious payload to a social network.
When Bob reads the message, Mallory’s XSS steals Bob’s cookie.
Mallory can now hijack Bob’s session and impersonate Bob.

An SQL interjection is somewhat similar to an XSS attack. Here, an SQL command is entered into a web application by a malicious party which is then passed on and executed as part of a script in the app.

“Exploits of a Mom”, shows an SQL interjection in use. In this case, by appending an SQL command onto the end of a regular piece of data being entered into a form field, the particular table in the database has been dropped.

Generally, we can expect native apps to be somewhat safer than web apps because they’re normally more closed off, and sometimes sandboxed to separate them from other running programs. However, the web is a much more open platform that can be more vulnerable to attacks and, unlike native apps on a specific platform, individually need to stay up to date with patching flaws.
Surely Not The Big Guys?

Most web users will use not only big or small applications, they’ll use a mixture. Even though the big guys, such as Google, probably have more money and resources to invest into security, they are still susceptible to attacks. In June last year, Gmail was hacked and account details were revealed, demonstrating how using most services encounters a level of risk.

If big services like Gmail with a lot of security resources can fall to attacks, then surely smaller apps can too? Sure. However, less popular apps are likely less popular targets for hackers, even though they might be easier victims.

Google pays out $500 every time a user finds a security vulnerability in one of participating services. (terms and conditions naturally apply)

Fortunately, Google, at least, is taking security seriously by crowd-sourcing it. In November 2010, Google launched a “vulnerability reward program” whereby they’d pay for security bugs in Google, YouTube, Blogger and Orkut to be discovered by users. A base reward of $500 is offered per qualifiying bug, with more severe ones being paid as much as $3,133.70. If anything, that’s certainly more tempting to do than using your knowledge of a vulnerability to leak data (money and Google cred!).
Should We Be Worried?

The real question for most of you isn’t how hackers do it, but rather, should I be worried?

The web is a fantastic platform and is far less constrained than native ones (both desktop ones like Windows and Mac OS X and mobiles ones like Android and iOS), but that also means the barriers to malicious parties are weaker. There’s always cause for concern on the web and I don’t think we can ever be really confident that our data is safe on this particular platform. As evidenced by data leaks from big companies, including Sony, Google and AT&T, even the services that we’d assume would have a lot of security in place can still let your data fall into the wrong hands.

Over 100 Integrated API’s…

We have integration with all the leading payment gateways, provisioning systems, domain registrars and other service providers to be able to fully integrate & automate with all the services you use from one central system with Built-in Support Tools controlled by templates

WHMCS is an all-in-one client management, billing & support solution for online businesses. Handling everything from signup to termination, WHMCS is a powerful business automation tool that puts you firmly in control

Integrated Support Tools

Built-in Support Tools including Announcements, Knowledgebase & a Fully Feature Support Ticket System make it easy to keep track of enquiries and keep customers updated.

Fully Customizable

Everything your clients see is controlled by templates, which make things very easy to customise. And for more advanced developers, there’s modular support, hooks & an API.

• Automated Invoicing will take care of billing your customers on a recurring basis and will group items due on the same day by the same customer together to reduce gateway charges
• Manual Invoicing allows you to generate one-off invoices for custom services or work carried out for users
• Quotes/Estimates can be created and sent to potential clients and then converted to invoices at the click of a button if accepted
• Automated Payment Processing is offered with all the supported gateways and you can extend it to others by building your own payment processing modules
• Tax Support allows for both inclusive and exclusive tax, tax exempt clients & products and support for up to 2 separate levels
• PDF Invoices can be downloaded for saving or printing
• Email/Print Invoices with the batch PDF generator functionality allowing you to print invoices for those users who prefer a paper copy
• Manual Payment Entry so you are not just limited to supported online payment gateways – you can also apply payments such as cheques, wire transfers, etc…
• Credits can be issued to a user by an admin or by the client choosing to prefund their account in advance. These are then applied to future invoices.
• Flexible Promotions which allow you to offer one time or recurring discounts for fixed amounts or percentages which various qualifying criteria
• Verified by Visa & MasterCard SecureCode is supported on certain gateways

Inbox Repair tool

If you can't open your Personal Folders file (.pst) or your Offline Folder file (.ost), or you suspect that your .pst or .ost data file is corrupted, you can use the Inbox Repair tool (Scanpst.exe) to diagnose and repair errors in the file. The Inbox Repair tool scans only the .pst or .ost file, not your mailbox on the server running Microsoft Exchange. The tool determines whether the file structure is intact. If it is not intact, the Inbox Repair tool resets your file structure and rebuilds the headers.

The Inbox Repair tool works on both the Microsoft Outlook 97-2002 Personal Folders File (.pst) and the Office Outlook Personal Folders File (.pst) data files in Microsoft Office Outlook 2003 and Microsoft Office Outlook 2007.

Scanpst.exe is installed when you install Outlook. It is located at:

drive:\Program Files\Microsoft Office\OFFICE12.

Repair errors by using Scanpst.exe

1. Exit Outlook if it is running.
2. Double-click Scanpst.exe, located at drive:\Program Files\Microsoft Office\OFFICE12.
3. In the Enter the name of the file you want to scan box, enter the name of the .pst or .ost file that you want to check, or click Browse to search for the file.
4. To specify the scan log options, click Options, and then click the option that you want.
5. Click Start.
6. If errors are found after the scan is complete, you will be prompted to start the repair process to fix the errors.

A backup file is created during the repair process. To change the default name or location of this backup file, in the Enter name of backup file box, enter a new name, or click Browse to look for the file that you want to use.

7. Click Repair.
8. Start Outlook by using the profile that contains the .pst file that you tried to repair.
9. On the Go menu, click Folder List.

In the Folder List, you may see a folder named Recovered Personal Folders that contains your default Outlook folders or a Lost and Found folder. The recovered folders are usually empty, because this is a rebuilt .pst file. The Lost and Found folder contains the folders and items recovered by the Inbox Repair tool. Items that are missing from the Lost and Found folder cannot be repaired.

10. If you see a Recovered Personal Folders folder, you can create a new .pst file, and drag the items in the Lost and Found folder into the new .pst file. When you have finished moving all the items, you can remove the Recovered Personal Folders (.pst) file, including the Lost and Found folder, from your profile.

 Notes 

• If you are able to open the original .pst file, you may be able to recover additional items from your damaged .pst file. By default, the Inbox Repair tool creates a file called file name.bak, which is a copy of the original .pst file with a different extension. The .bak file is located in the same folder as your original .pst file. You may be able to recover items from the .bak file that the Inbox Repair tool could not recover. Make a copy of the .bak file, and give the file a new name with a .pst extension, such as bak.pst. Import the bak.pst file, and then move any additional recovered items to the new .pst file that you created.
• A copy of the log file is written to the same location as the .pst file.

OST Integrity Check tool

From time to time, you may get error messages when synchronizing your Offline Folder file (.ost) in Microsoft Office Outlook with your mailbox on a server running Exchange. You may also notice that some items are missing from your .ost file or from your mailbox after you synchronize your .ost file and your mailbox. When this occurs, you should use the OST Integrity Check tool (Scanost.exe) to check your .ost file.

The OST Integrity Check tool runs only on .ost files and can be used to diagnose and repair synchronization issues. The tool scans both your .ost file and your mailbox on the server running Exchange, compares the items and folders in each, and attempts to reconcile synchronization differences between them. The OST Integrity Check tool does not change your mailbox on the server running Exchange. The tool records any differences in a scan log so that you can see the discrepancies that it found and resolved. The scan log also identifies any situations that the tool could not correct which you will need to fix manually. The scan log can be found in your Deleted Items folder.

To use the OST Integrity Check tool, you must connect to your Exchange account so that the tool can scan your mailbox folders and items. If you previously set up Outlook to start offline automatically, the OST Integrity Check tool will not be able to access your mailbox on the server running Exchange. Therefore, before you run the tool, you need to change your Outlook startup settings temporarily.

If you have problems opening your .ost file, you can use the Inbox Repair tool (Scanpst.exe) to diagnose and repair errors in your .ost file. The Inbox Repair tool (Scanpst.exe) can be used on your .ost file as well as Personal Folders file (.pst). The tool scans the .ost or .pst file, and makes sure that the file structure is intact. It does not interact with your Inbox on the server running Exchange server in any way.

The OST Integrity Check tool (Scanost.exe) is installed when you install Outlook. It is located at:

drive:\Program Files\Microsoft Office\OFFICE12.

Repair errors by using Scanost.exe

1. Exit Outlook if it is running.
2. Double-click Scanost.exe, located at drive:\Program Files\Microsoft Office\OFFICE12.
3. If you have set up Outlook to prompt for a profile, the tool will also prompt you for one. In the Profile Name list, click the profile that contains the .ost file that you want to check.

If you are prompted to Connect or Work Offline, click Connect.

4. Select the options that you want.

To have the tool automatically resolve discrepancies that it finds during the scan, select the Repair Errors check box. If this check box is cleared, the tool will log the problems but not make the necessary corrections.

5. Click Begin Scan.

 Note   To view the scan log, start Outlook, and then open the Deleted Items folder. The tool does not scan the Deleted Items folder. Any problems will be noted in a message with the Subject "OST Integrity Check."

Many web hosting companies do not tell you that with unlimited space and unlimited bandwidth, they will give limited CPU quota.

this results in a mandatory upgrade of your hosting account and is considered a scam.

Here is a task for you to check is your hosting plan really unlimited or not.

If you’re using Unlimited Shared Hosting plan, upload some big size files on your server.
Do it for 2-3 days regularly and in few days you will get an email from your hosting provider that due to increase in traffic your blog is crossing CPU usage, so please upgrade your account.

So, keep in mind one thing: "The word unlimited practically does not exists" as far as disc space and bandwidth is concerned.

Don't get cheated by web hosting scams.

Social Media Experts at iPwebGroup.com
The best way to define social media is to break it down. Media is an instrument on communication, like a newspaper or a radio, so social media would be a social instrument of communication.It is now imperative for any business to have prominent profiles on YouTube, Facebook, Twitter and LinkedIn.
iPwebGroup will build your profiles on these and all other relevant networks.

Combining Social Media, Pay per Click and organic SEO will increase your click rates by at least 60%

See the official What is Webbox page