I’m sure you’ve heard the disquieting stories of security breaches of some of the largest institutions including:

• 2009 Citibank breach
• Atlanta VA Hospital
• Even the IRS
• And more

These institutions loose credibility and customers during and after these breaches. Maybe Citibank can afford to loose millions, but you probably don’t want to loose even a few hundred from an embarrassing security breach of your website. Hackers and those with skills and nothing better to do pose a risk to your business. Fortunately there is plenty that you can do to mitigate this risk and rest easy. We help ecommerce and blog owners protect their reputation and customers.

Contact us to find out how we can quickly and easily provide you industry standard security on your website for very reasonable prices.

Next let’s look at a few of the most common website attack techniques. This may get a little techy.

1. SQL Injection – Using this technique a malicious user can enter database code into your entry fields and either gain access to sensitive user account information or cripple your application by deleting database storage. An example would be entering the following into the username login field of your application

   ; DROP wp_users;

2. Cross Site Scripting (XSS) – Using this technique hackers take advantage of JavaScript by appending code into the browser address bar to achieve specific ends such as retrieving user account details or posting unapproved embarrassing content to your site. Here’s an example that creates a fake login form that can be used to solicit your customers’ login credentials.

   http://testasp.acunetix.com/Search.asp?tfSearch=%3Cbr%3E%3Cbr%3EPlease+login+with+the+form+below+before+proceeding%3A%3Cform+action%3D%22test.asp%22%3E%3Ctable%3E%3Ctr%3E%3Ctd%3ELogin%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput+type%3Dtext+length%3D20+name%3Dlogin%3E%3C%2Ftd%3E%3C%2Ftr%3E%3Ctr%3E%3Ctd%3EPassword%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput+type%3Dtext+length%3D20+name%3Dpassword%3E%3C%2Ftd%3E%3C%2Ftr%3E%3C%2Ftable%3E%3Cinput+type%3Dsubmit+value%3DLOGIN%3E%3C%2Fform%3E

3. Denial of Service (DoS) – Using this technique hackers automate a piece of code to repeatedly visit your website. This attack creates a flood of visits that eventually grinds your website to a halt. When real visitors come to your site, they will get an error message that says your website is unavailable.

These are 3 of the more well known attacks that often happen on ecommerce, blog and custom websites. To fix these attacks, our procedure is to apply and certify your site with an industry standard Visa PCI compliance test. Visa has created a test that if passed, certifies that a website has the highest security in order to safety gather financial data from its customers. Even if you do not process credit cards on your website, passing a Visa PCI Compliance test assures that you will not have any embarrassing or credibility damaging attacks on your site.

We work with the security standard bearer McAfee to run a Compliance test on your website. The result of this test will be a series of identified vulnerabilities. We address each of these vulnerabilities until your website passes this test. We recommend for many sites to then purchase the McAfee Hacker tested subscription that allows you to display their logo on your website. We will be notified if any new vulnerabilities open up in your site and will address these as they come up to ensure your site is secure and safe for you and your customers.

Contact us to find out how we can quickly and easily provide you industry standard security on your website for very reasonable prices.

Related Posts

• April 27, 2010 -- What anti-virus should I use?
• August 12, 2010 -- Protect yourself from Spyware – Part 2
• July 8, 2010 -- Protect your computer from unauthorized communication of personal data
• June 8, 2010 -- Email settings a security vulnerability on your blog?
• May 13, 2010 -- Protect your computer during your public demos

Filed under:
general by Chris