Comments on: Website Security Auditing http://www.ecommerce-blog.org/archives/website-security-auditing/ Ecommerce, Online Marketing, SEO, Web Design and Programming Wed, 04 Jan 2012 19:17:50 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: DR http://www.ecommerce-blog.org/archives/website-security-auditing/comment-page-1/#comment-20161 DR Sun, 14 Dec 2008 12:46:24 +0000 http://www.ecommerce-blog.org/archives/website-security-auditing/#comment-20161 Attackers are well-aware of the valuable information accessible through Web applications, and their attempts to get at it are often unwittingly assisted by several important factors. Conscientious organizations carefully protect their perimeters with intrusion detection systems and firewalls, but these firewalls must keep ports 80 and 443 (SSL) open to conduct online business. These ports represent open doors to attackers, who have figured out thousands of ways to penetrate Web applications. The standard security measures for protecting network traffic, network firewalls and Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS), do not offer a solution to application level threats. Network firewalls are designed to secure the internal network perimeter, leaving organizations vulnerable to various application attacks. Intrusion Prevention and Detection Systems (IDS/IPS) do not provide thorough analysis of packet contents. Applications without an added layer of protection increase the risk of harmful attacks and extreme vulnerabilities. Web Application Level Attacks is the Achilles heel. In the past, security breaches occurred at the network level of the corporate systems. Today, hackers are manipulating web applications inside the corporate firewall. This entry enables them to access sensitive corporate and customer data. An experienced hacker can break into most commercial websites with even the smallest hole in a company’s website application code. These sophisticated attacks have become increasingly threatening to organizations. I recommend a service call GamaSec ( www.gamasec.com) remote online web vulnerability-assessment service that tests web servers, web-interfaced systems and web-based applications against thousands of known vulnerabilities with dynamic testing, and by simulating web-application attacks during online scanning. The service identifies security vulnerabilities and produces recommended solutions that can fix, or provide a viable workaround to the identified vulnerabilities www.gamasec.com Attackers are well-aware of the valuable information accessible through Web applications, and
their attempts to get at it are often unwittingly assisted by several important factors.
Conscientious organizations carefully protect their perimeters with intrusion detection systems
and firewalls, but these firewalls must keep ports 80 and 443 (SSL) open to conduct online
business. These ports represent open doors to attackers, who have figured out thousands of
ways to penetrate Web applications.
The standard security measures for protecting network traffic, network firewalls and Intrusion
Prevention Systems (IPS) and Intrusion Detection Systems (IDS), do not offer a solution to
application level threats. Network firewalls are designed to secure the internal network
perimeter, leaving organizations vulnerable to various application attacks.
Intrusion Prevention and Detection Systems (IDS/IPS) do not provide thorough analysis of
packet contents. Applications without an added layer of protection increase the risk of harmful
attacks and extreme vulnerabilities.

Web Application Level Attacks is the Achilles heel. In the past, security breaches occurred at the
network level of the corporate systems. Today, hackers are manipulating web applications
inside the corporate firewall. This entry enables them to access sensitive corporate and
customer data. An experienced hacker can break into most commercial websites with even the
smallest hole in a company’s website application code. These sophisticated attacks have
become increasingly threatening to organizations.

I recommend a service call GamaSec ( http://www.gamasec.com) remote online web vulnerability-assessment service
that tests web servers, web-interfaced systems and web-based applications against thousands
of known vulnerabilities with dynamic testing, and by simulating web-application attacks during
online scanning. The service identifies security vulnerabilities and produces recommended
solutions that can fix, or provide a viable workaround to the identified vulnerabilities

http://www.gamasec.com

]]> By: SqlServerForum.org » Blog Archive » Website Security Auditing http://www.ecommerce-blog.org/archives/website-security-auditing/comment-page-1/#comment-318 SqlServerForum.org » Blog Archive » Website Security Auditing Thu, 08 Feb 2007 07:43:12 +0000 http://www.ecommerce-blog.org/archives/website-security-auditing/#comment-318 [...] Original post by The Ecommerce Blog and software by Elliott Back Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages. [...] [...] Original post by The Ecommerce Blog and software by Elliott Back Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages. [...]

]]> By: The Merchant Account Blog » How to accept credit cards on your website http://www.ecommerce-blog.org/archives/website-security-auditing/comment-page-1/#comment-317 The Merchant Account Blog » How to accept credit cards on your website Wed, 07 Feb 2007 17:48:09 +0000 http://www.ecommerce-blog.org/archives/website-security-auditing/#comment-317 [...] If you do use a payment gateway, make sure you are not storing credit card numbers or other sensitive information unless you know exactly what you are doing, how to properly encrypt the data that is being stored, your server is PCI compliant, and your website does not have security vulnerabilities. [...] [...] If you do use a payment gateway, make sure you are not storing credit card numbers or other sensitive information unless you know exactly what you are doing, how to properly encrypt the data that is being stored, your server is PCI compliant, and your website does not have security vulnerabilities. [...]

]]>