findigl property platform logo
  • Company
  • Services
  • Products
  • Articles
  • Beta
  • Contact
Data Solutions

Security and Data Droppable Websites

Security and Data Droppable Websites

One of the more challenging elements of websites is the never ending amount of ways that websites are open to attack. We advise reading the Open Web Access Security Projects (OWASP) - an eye-opener into the many ways websites can be attacked.

We consider security risks in Data Droppable Websites and treat them as vulnerabilities. The aim is to think in terms of how the website can be vulnerable to unauthorised access.

Quick recap - what is a data droppable website?

A data droppable website allows content and data to be dropped into targets which are monitored by the website. This information is then consumed by the website and incorporated into it's published content through pages.

The key aim is to remove a lot of the manual process in transferring content to the content management system. This is a gamechanger - freeing staff from the heavy process of maintaining configuration. Websites can be opened up to content and data, continually with less interruption.

The main ways Data Droppable Websites vulnerabilities could be compromised

Note - these are no different to the ways in which all websites can be attacked, but to give some ideas as to where we see the biggest threats lie.

Too much content

If too much content is pushed to a data droppable website, we will see the following risks;

  • Memory issues.
  • Performance issues.
  • Slower website content delivery time.

To mitigate this, we recommend;

  • Restricting the size of content being consumed by the website.
  • Restricting the number of content items the website consumes.
  • Monitoring who supplies rogue content.
  • Publishing content to a test/validation server first.
  • Managing access as to who supplies content.

Injectable content Cross Origin Resource Sharing (CORS) and Cross Site Scripting (XSS) attacks

If your website is allowing web content to be supplied to it, then there is a risk rogue content could be injected into your website, thereby exploiting this vulnerability.

You can read more about this here

CORS and XSS

To mitigate this, we recommend;

  • Having some validation to detect potential rogue content within the website code.
  • Restricting access as to who can publish to the web data platform/website.
  • Publishing new content to a test server first.

Thank you for reading about security and data droppable websites

Written with StackEdit.

Get in touch

Make sure you keep aware of additions to our property platform or ask us questions.

Email us

Need assistance?

Existing customer or need to understand more about anything on our website? Get in touch.

Support and help

Quick Links

  •  Contact us
  •  Articles
  •  Our Videos
  •  Become a Partner
  •  .Net Development

Key Info

  •  FAQ
  •  Suppliers information
  •  Software and Licensing
  •  One Pager - IRL
  •  Privacy Policy
  •  Terms and Conditions

Follow us

  •  LinkedIn
  •  Twitter
  •  github
  •  YouTube

© Copyright 2020 - Info Rhino Limited. All rights reserved. Company Number - 07299641