Security risks for E-commerce Comments Off on Security risks for E-commerce

Security risks for E-commerce

Posted by on Feb 21, 2014 in Training

According to a recent report published by the eCommerce B2c School of management of the Politecnico of Milano, the E-commerce Italian sector, despite an increase in turnover, has not yet reached its full potential. One of the factors that contribute to the stopping of the expansion is the distrust of the clients in regards to the security of transactions. Concerns in part based- since the sites of E-commerce, if not protected are vulnerable to risks that are very concrete. E-Commerce compromise = Users leaving, lost investments and unforeseen expenses. What happens if your site is a victim of a computer attack? The producers of browsers and the search engines have created certain alliances for identifying infected sites and protect the users: The search engines, like Google, can remove the infected sites – actual or suspected – from results from searching or downgrade it temporary. The site under attack can be blocked by the browser like Firefox or Chrome (The typical red boxes with the message under that something is not right) When you attempt to visualize a page that is infected the virus can bring up warning messages, with obvious consequences: Who buy on a site that triggers the antivirus? Another possibility is that phishing sites are created (Copies...

Learn More

OWASP 2004 Commentary

Posted by on Dec 11, 2013 in Training

See what Experts said in 2003, just before the first version of OWASP Top Ten was going to be released. Has something changed? Well.. Not really! That’s why EasyAudit WEB is a great solution to check the existence of web application vulnerabilities like Cross Site Scripting, SQL Injection and Command Execution. With new vulnerabilities announced almost weekly, many businesses may feel overwhelmed trying to keep current. But there is help in the form of consensus lists of vulnerabilities and defenses. The Open Web Application Security Project has produced a similar list of the 10 most critical Web application and databases security vulnerabilities and the most effective ways to address them. Application vulnerabilities are often neglected, but they are as important to deal with as network issues. If every company eliminated these common vulnerabilities, their work wouldn’t be done, but they, and the Internet, would be significantly safer. J. Howard Beales, III, Director of the Federal Trade Commission’s Bureau of Consumer Protection, before the Information Technology Association of America’s Internet Policy Committee, Friday, December 12, 2003 Misconfiguration, inattention, and flawed software can spell disaster on the Internet. One of the primary areas of vulnerability is through WWW connections. By design, WWW services are intended to be open and accepting, and...

Learn More
5 Myths of IT security Comments Off on 5 Myths of IT security

5 Myths of IT security

Posted by on Dec 11, 2013 in Training

In the world of Information Security myths exist that influence senior executives, business managers and sometimes the same industry professionals, causing misunderstandings and exaggerations about the threats to computer systems and technologies used to combat them. Many of these myths exist because people tend to overreact and emotional in unfamiliar situations, rather than make an objective analysis. The result is overstate the problem by relying on the first solution that is proposed or worse underestimate the risks, thinking thus to avoid additional charges. Myth #1 – It will not happen to me Believing that your company will never be subject to security problems. Many times this statement is said by someone who does not want to spend (or rather, invest), hoping that the risk does not materialize. Instead it is good that when a problem is recognized, or even suggested, there is a phase of risk analysis and, if appropriate are given the resources necessary to mitigate or resolve completely. Other times the opposite happens: you go too far in assessing the impact of the vulnerability. The best thing is to use a framework of metrics to give an objective value to the risk of vulnerability. Myth #2 – All risks can be quantified In companies there is the...

Learn More
Find the vulnerabilities before attackers exploit them Comments Off on Find the vulnerabilities before attackers exploit them

Find the vulnerabilities before attackers exploit them

Posted by on Dec 9, 2013 in Training

In today’s age of rapidly expanding internet technology, the opportunity to exploit new sources of revenue has increased manifold, but so has the risk of getting attacked by unwanted cyber elements. With more than 300 million computer systems connected world-wide, web site security has become quite a major concern for everyone. If the websecurity of a business is compromised, it can have some serious repercussions for the company’s credibility, reputation, survivability and competitiveness. Owing to several kinds of internal and external threats to the web site security of a business, it has become mandatory for companies to go for vulnerability scanning. This is a proactive approach which helps identify the weak or vulnerable links within a network so as to determine where and how a given system can be threatened. Malicious hackers are present all over the web, and waiting for a single opportunity to breach the web site security of a company. Vulnerability scanning has gained such utmost importance in recent times because most of the companies have gone paperless, and a major part of the information is stored and transferred through web servers. In case the web site security of a company is compromised, it not only stands to lose all its critical corporate data and trade...

Learn More