So Hello Everyone,
Do web developers need to study about cyber security ??
Now for understanding this lets take an example : let there be a web developer A who does not know about cyber security and all that stuff and on other hand there is another developer B who know about basic bugs ( OWASP top 10) . They get same project of making a E-commerce website so lets discuss mistake that A will do while making website :
- Input sensitization → There is no input sensitization in any input field so what is bug here ? Now the user community of website is not limited to normal user some hacker can give malicious input which may leads to mass account takeover of normal users or may leads to SQL injection which leads to database takeover of website .
- Business logic Bugs → Now in every E-commerce website you can buy items so lets understand steps comes between when you click “Buy Now” button and website moves to payment page
Step 1. You click on payment page . A POST request generate which contains details like Price , quantity , currency , and other product related detail.
Step 2. A response from server is generated which is either 302 redirect response or 200 Ok which either means it redirect to payment page or product added to cart.
Now what if an hacker buys a product what if he changes the request/response and change price from price of product lets suppose 10$ to 0$ this is called price manipulation which is very common bug in new sites .
what if he changes currency from dollar to rupee or what if he just changes quantity of item he can able to purchase a large quantity of that product and pay only for one.
3. Bugs related version of server or any library used by developers while making the site for example if the backend server is of lower version that contain its own bug which are now patched in newer version of that server it can leads to DOS , DDOS , XSS and many other severe bugs.
4. Bugs related to information disclosure → some developers save there credentials of admin panel or C panel or API keys in github or in website only what if an hacker do some github dorking or google dorking and get those credentials or API keys he can able to takeover the whole website in efforts of only two minutes
There are many more bug that may arises due to silly mistake of the developers.
Now lets talk about Developer B who knows about all this stuff he can able to make this site more secure than before .
From the perspective of owner of the site who’ll be paid more A or B ?? obviously B , as owner don’t want an hacker blackmailing him for any stupid bug caused by silly mistakes of developer .
also for any company and its reputation they want a developer that know all the aspects of website from frontend to backend also they want a secure site with least bugs as possible.
So before ending my writeup I hope you all get answers of question that I only asked to you all . and if you like this give me a clap 👏👏 .
😌 😌 😌