A disaster recovery plan has several components, but backups are one of the most critical for business continuity. A good backup plan ensures that all data is secured in case of a compromise, physical theft or a natural disaster. When designing a new plan, it's important to have several key elements and understand how it ties into disaster recovery. | Read More →

OAuth is a standard for allowing users to authorize a third-party application to access their data. It's a cybersecurity standard for authentication and authorization using credentials stored on an API. For instance, when you log into a site using your Google credentials, you use OAuth to let Google know that you give permissions to a third-party to access components of your Google account. If you plan to create your own internal API for developers, you will need to know OAuth standards to create an authorization and permission workflow. | Read More →

Development of a large application can take months, but OAuth is a feature that can be used to create an authorization and authentication component without much code. At some point, a web application will need to implement an authentication feature if you ever work with accounts and private data, and web development time can be greatly reduced when working with OAuth and third-party APIs. OAuth also helps with cybersecurity and removes responsibility from the application owner so that credential storage and password protection is no longer needed. | Read More →

Persistent XSS is a form of cross-site scripting that stores malicious content in a database and returns it to a browser page when it's retrieved. This hack can lead to phished credentials, stolen data or an intercepted session key. If the attacker is able to gain access to a session key, the attacker can impersonate a targeted user and perform actions with any privileges given to this user. Developers can avoid XSS by coding with cybersecurity in mind, but they must know how it works to protect from it. | Read More →

Having several fraudulent accounts on a reputable site might seem like a harmless issue, but a Sybil attack can ruin a site's reputation, especially e-commerce, where users rely on legitimate ratings and reviews of products. An attacker uses a Sybil attack to skew reviews to trick users into buying a product or trusting fraudulent ratings from fake accounts. An attacker can potentially create hundreds of fake accounts, but site owners can protect from Sybil attacks and deal with brand reputation management. | Read More →

Every public-facing web application is at risk of performance degradation and crashing from a denial-of-service (DoS) attack. A public API has its own unique risks from too many requests per second sent to the server or data set retrievals that strain resources. When designing and programming an API, the developer should implement throttling and rate limiting to ensure that a DoS does not affect its performance. | Read More →