Web Application Vulnerabilities

Whenever you interact with a customer or contact through a website, you open your web server to potential exploits accessible through the user's input. Security standards suggest that all web input should be validated, before being passed to php or SQL routines. While a reverse Turing test, such as a "Captcha" function, can prevent robotic intrusion, a secure website must go further and prohibit certain forms of regular expression that would not be valid for the input field. Hacker tools such as Armitage's Metasploit implementation can be used preventatively in penetration testing, or may be encountered "in the wild," operated by malicious hackers. Programs of this nature will probe your site for SQL implementation problems, and attempt to exploit code vulnerabilities in the user interface. Input validation becomes your line of defense, and regex your key to excluding unwanted command input.