Test your Web Server & Mail

Not disabling the Directory Listing in your Web Server poses significant security risks as it allows anyone to view the contents of directories in the server, therefore exposing sensitive information such as file names, source code of scripts, documents and much more.

Banner grabbing is a technique in which attackers gather information about specific versions and configurations of the software running on your server, thus identifying known vulnerabilities for which may exist exploits, as well as tailoring their attacks to specific target weaknesses.

POP-UP blockers ensure that the users experience in the website is not disrupted from the constant ads showing up and prevent malicious pop-up ads which can contain phishing attempts or malware, ensuring that the credibility of the website is not diminished.

Implementing a time-out to destroy the session it is expired ensures that security risk such as session hijacking, potential resource wastage and potential compliance issues are prevented and mitigated.

Failing to limit the length of user input increases the risk of SQL injection attacks, as without proper input validation attackers can exploit vulnerable points to inject malicious SQL code. This leads to unauthorized access, data manipulation and data breaches.

No programming language can guarantee absolute immunity to SQL injection on its own. However, common programming languages and frameworks that encourage secure coding practices and offer features to mitigate SQL injection include:Python with Django or SQLAlchemy, Java with Hibernate or JPA, C# with Entity Framework, Node.js with Sequelize or TypeORM, Ruby on Rails, PHP with PDO or Laravel Eloquent.

Default error messages may inadvertently reveal system details or internal paths, therefore not customizing customize error messages can lead to accidental disclosure of sensitive information which can be exploited by attackers. Customizing error messages is a fundamental practice in preventing exposure of sensitive information.

Not preventing the transport of session IDs in the query string poses security risks, as transmitting session IDs via URLs exposes them to potential interception. Attackers can exploit this vulnerability for fixation attacks or session hijacking.
To implement the needed and accurate cyber security measures from the server side, it is also recommended to:

• Use HTTP cookies for session management: Store session IDs in secure, HTTP-only cookies.
• Configure your server to send the appropriate 'Set-Cookie' headers with the 'HttpOnly' flag to prevent JavaScript access and the 'Secure' flag for 'HTTPS-only' transmission.

Not utilizing Fuzzy Testing technique to identify coding errors and discover vulnerabilities can lead to Buffer Overflow, Denial-of-Service (DoS) attacks, Cross-Site scripting (XSS) and SQL injections remaining undetected. This technique is an extremely valuable approach in uncovering these vulnerabilities and increasing the overall security of web applications.

Disabling commands such as xp-cmdshell ensures that security risks such as unauthorized users executing OS commands is prevented, since such vulnerability can lead to data breaches and/or other malicious activities.