One of the more challenging elements of websites is the never ending amount of ways that websites are open to attack. We advise reading the Open Web Access Security Projects (OWASP) - an eye-opener into the many ways websites can be attacked.
We consider security risks in Data Droppable Websites and treat them as vulnerabilities. The aim is to think in terms of how the website can be vulnerable to unauthorised access.
A data droppable website allows content and data to be dropped into targets which are monitored by the website. This information is then consumed by the website and incorporated into it's published content through pages.
The key aim is to remove a lot of the manual process in transferring content to the content management system. This is a gamechanger - freeing staff from the heavy process of maintaining configuration. Websites can be opened up to content and data, continually with less interruption.
Note - these are no different to the ways in which all websites can be attacked, but to give some ideas as to where we see the biggest threats lie.
If too much content is pushed to a data droppable website, we will see the following risks;
To mitigate this, we recommend;
If your website is allowing web content to be supplied to it, then there is a risk rogue content could be injected into your website, thereby exploiting this vulnerability.
You can read more about this here
To mitigate this, we recommend;
Written with StackEdit.