Table of Contents
- Summary
- Introduction
- Securing user accounts
- Session IDs and URLs
- SQL injection and cross-site scripting
- Malicious use
- Spammers
- Denial of service
- Final thoughts
- About Richard Stiennon
- About GigaOm
- Copyright
1. Summary
Rapid growth phases at startups are invariably accompanied by an escalating number of attacks and the need to respond to those, as we’ve seen with sites like Facebook, Twitter and many other web-based companies. This research note discusses the many forms in which security attacks can arrive, from insecure user accounts to malware and spammers. It also provides advice and tips on how companies and developers can deal with and prevent these attacks in the future, to ensure the best safety for their businesses and Web offerings.
The key to presenting effective security controls that won’t scare away new users is to time their introduction and accompanying expenses. The different sections of this report include information on the security controls that, while not always built in from the company’s inception, are something every successful Web startup will need to eventually implement.