The statutory obligation to protect data is growing steadily and now also includes privacy and anonymity in addition to the protection of data loss. Websites (CMS) are no exception, they are an important interface and often handle sensitive data.
Why is web form security important?
Once you add web forms to your website, attackers and spammers now have multiple ways to send data directly to your server or infrastructure in an attempt to use it for criminal activities;
- XSS – Cross site scripting (code injection) attacks occur when a hacker causes a malicious script to run in a user’s browser.
- CSRF – Cross-site request forgery attacks allow a hacker to send requests as another authenticated user or trick the authenticated user into unknowingly sending a request.
- SQLi – SQL injection attacks focus on executing malicious SQL database queries.
- Form action hijacking – Form action hijacking occurs when attackers trick a web form into performing an unintended action.
- Spam – even if attackers aren’t fooling your forms, email spammers can be a real problem.
- DoS – Denial-of-service attacks are a type of attack that involves flooding a form with requests so that it cannot respond to legitimate requests.
- Lack of compliance – e.g. breach of GDPR and corresponding legislation which may result in fines and/or damages.
If you’re using a free web form, be aware that the free options leave a lot to be desired when it comes to web form security. In practice, it is often missing altogether.
Protect your Drupal web forms with ANON::form
ANON::form offers a very secure service for you who use web forms where form data is sent by email:
- The form’s data is washed from malicious code and encrypted already in the user’s browser, transported via secure channels to finally be decrypted (unpacked) in the recipient’s email client.
- Everything from forms to e-mail transport is handled in purpose-built secure approved servers that do not record the traffic and thus offer complete anonymity. The data that is stored is saved encrypted, only the recipient can decrypt the content.
By having ANON::forms servers handle the forms, you also reduce the risk of, for example, DoS attacks against your own website. - Everything that the forms use (CSS, JavaScript, spam protection) is stored and managed in ANON::forms servers. Nothing is downloaded from 3rd parties such as Google where information about the traffic is collected.
- All forms are responsive and work on all types of screen sizes and can be styled to blend in with existing website layout.
- Ready-made templates are already available for contact forms and whistle-blowing/tips that are easy to adapt and/or expand with more/other fields for different purposes of use such as notification of sick leave etc.
It is very easy to add forms from ANON::form to your website. Use a link to a standalone form that opens in a new tab. Or embed the form in the website using our JavaScript library.
Use our whistleblower form in your Drupal CMS
More and more people are realizing that you don’t need an expensive case management system to create a whistleblower solution. ANON::form offers a very cost-effective solution to create an approved reporting channel for whistleblowers. Read more in our article “Create whistleblower channel with WordPress, Joomla or Drupal for €5 per month“.
