Securing your website: A tough job, but someone’s got to do it

http://arstechnica.com/security/2013/02/securing-your-website-a-tough-job-but-someones-got-to-do-it/     / Website breaches devastating business prevent online security virus Trojan worm basics malware secret safe Web safety members notorious crime gang cased online storefronts 7-Eleven Hannaford Brothers retailers payment card fraud ring gather data mother lode Russian hackers hack hacking hacked federal investigators Hacker 1 Hacker 2 Netherlands California flaw website of Heartland Payment Systems payment card processor handled 100 million transactions month 250,000 merchants exploit exploiting SQL injection vulnerability processor's network breach that cost Heartland $12.6 million convicted Albert Gonzalez damage vulnerabilities riddle computer serves up a webpage Web application security experts long cautioned such bugs can cost businesses dearly cross-site scripting flaws, and a series of other vulnerabilities attack infect watering hole attacks professional security team audit your website vulnerabilities injection sensitive data denial of access attackse underlying Web server vulnerabilities API application program programme interface interpreter parameterized interface cross-site cross site scripting XSS Web apps user supplied user-supplied data to a browser validating JavaScript fragments steal browser cookies authenticate e-mail account restricted service broken authentication and session management insecure direct object references Web apps URL cross site ross-site request forgery CSRF fake websites generate forged HTTP requests pitfalls precautions security misconfiguration bugs give attackers unauthorized access powerful system functionality sensitive data custom code insecure cryptographic storage Kim Dotcom's Mega cloud storage service encrypt credit card data sensitive information implementations algorithm employed password storage Bcrypt, PBKDF2, SHA512crypt SHA1 SHA3 MD5 key defense securely discarding credit card data and sensitive information mission critical failure to restrict URL access errors application doesn't protect page requests properly allow unauthorized users to access restricted pages by manipulating the URL insufficient transport layer protection secure sockets layer sister protocol transport layer security encryption authenticate websites Microsoft's Hotmail service allowed users to SSL protect their entire Web mail sessions man-in-the-middle man in the middle attacks login screen end-to-end SSL or TLS protection browser cookies authentication sensitive purposes secure flag certificates unvalidated redirects and forwards hardened criminals script kiddies HBGary Federal Anonymous hacking collective /