The Hard Truth About Internet Security
It's summer, and it's hot. My top-floor apartment has no AC, and the sweltering heat finally pushed me off the couch and into the car. I started driving, ending up in the coldest place I could think of: the movie theatre. I don't keep up with the latest and greatest in the entertainment universe, so I didn't really know what was playing. I decided on the new Bourne film, mostly because it started in three minutes. And while the film was decent enough (no this isn't a movie review), it did serve as a stark reminder of a depressing truth: no one knows anything about web security.
Internet security is discussed all the time. You can't turn on the news nowadays without hearing about the latest data breach, and there are seemingly endless articles on how to secure your information from the web. Yet for all the talk and all the rhetoric, no one seems to know what cyber security actually is.
Part of the problem is that, as a society, we have trouble focusing on tasks for longer than around twenty seconds, and learning about web security just isn't that easy. The odds are that the "6 steps to securing your phone" won't even secure your attention span. And have you noticed that the listicle on the "9 most common hacks" never actually tells you how to stop them? The hard truth is that internet security isn't an easy subject, and it will take some time to really learn what makes you vulnerable online. With that said, let's take a look at a few different sources that provide reliable and useful information on the subject.
If you have no idea where to get started, then head over to OWASP. It's a consortium focused entirely on internet security, and has documents written for users of all technical backgrounds. If you're more interested in the methodology behind attacks and how to effectively test a website, you can read this article on penetration testing. It's written by the SANS Institute, which is another great source for general security information. Their reading room is full of white papers that (while sometimes a bit dry) will definitely teach you a thing or twelve about security.
Some of the most common internet exploits take advantage of website applications. Web apps are those portions of the internet that capture, transmit, and store user data. They include items such as shopping carts, login forms, or email submission fields. The purpose of these web applications is to improve the user experience, and let the user interact with the website in some fashion. However, a user with malicious intent can execute what's called an SQL injection attack. You can read an in-depth definition here, and find some quality technical examples from OWASP.
As a fellow user, there's unfortunately very little we can do about this phenomena. If you choose to enter sensitive information into a company's web form, then you are putting your trust in that service to protect your information. Most large organizations update on a frequent basis to protect against common automated attacks, but smaller self-hosted online stores are often easy to target. If you have any concerns about a shop before filling in sensitive information, ask. Email a business you're unsure about before risking private details and inquire as to their security policies. Most places are surprisingly understanding and will give you a courteous response.
Whether you're a weathered industry expert or a newcomer to the technology scene, buffing up on your security knowledge is always a good idea. The internet becomes increasingly prominent each day, with more users in 2015 than ever before, and 2016 projected to break this record yet again. It's not glamorous, and it will take time, but knowing the ins and outs of internet security will help keep you safer on the web.
