Digital Blind Spots: A Field Study of Common Website Insecurities in Small Businesses

Small business websites often contain critical security flaws that put both customer data and business operations at risk. This paper, based on a real-world project by authors, employed a structured risk assessment procedure to identify and address common vulnerabilities such as improper authorization via URL manipulation, SQL injection, exposing plaintext passwords, and insecure file upload mechanisms that allowed server access through PHP shells.

Using tools such as Burp Suite, we conducted authorized assessments and documented our findings, providing practical recommendations for improvement. Many of these small businesses were unaware of the risks they faced, and our work revealed how basic security practices, when overlooked, could lead to total compromise of the sites. Our findings showed that the security quality of small business websites can be improved by detecting common flaws and implementing preventive measures.

This paper will help our audience to understand the common security vulnerabilities on small business websites, the methodology to help them to identify the problems and the solutions to help them to remediate the problems.

Paper | Presentation

Lucas Zhang

Lucas is a member of the youthcyberdefender.org.