Website security is something that is often missed out on basic information websites as there is generally no gain for a hacker other than a sick satisfaction of breaking your site. However, when your website has any kind of special or protected functions such as Members Only areas, Admin areas, etc then these need to be given special consideration.

A lot of these areas are protected by a simple username and password area which may seem secure to untrained eyes but there are several ways a hacker can manipulate this or in some cases break the function. These are some typical examples of hacking methods/website vulnerabilities:

• Cross Site Scripting - This is where a hacker manually types JavaScript code into the URL Address bar of their browser which effectively runs code on YOUR page. For example if you had a locked or hidden value on your page that was necessary they could use this method to change that value.
  
  
• Viewing Source Code - Unfortunately you cannot completely switch off anybody being able to view your source code and alot of hackers will view your page code to see if they can find any vulnerabilites.
  
  
• SQL Injections - If you imagine you have your username and password fields on the page, a hacker can type into this field itself with SQL commands to try and bypass a successful login.
  
  
• Page Guessing - Let's say that once a user successfully passed the login they are taken to a page called 'menu.asp'. Hackers often guess typical page names used in secure areas to try and bypass the login completely or find vulnerabilities.
  
  
• Buffer Overruns - This method is used to purely break a site by putting the server the website is hosted on under serious strain or even crashing it. This is normally done by entering a huge amount of characters into a field and submitting the form it resides on, in most cases the server struggles to handle the huge amount of data being passed through.
  
  
• Dictionary Attacks - A common method where a piece of software is used to continuosly guess possible passwords for a secure user.

Due to this, any secure areas we build for our clients are given the same security protocols to defend against these methods. For our own and our client's security, we do not list these protocols on our site as hackers would know what they are up against.