Security risks for E-commerce Comments Off on Security risks for E-commerce

Security risks for E-commerce

Posted by on Feb 21, 2014 in Training

According to a recent report published by the eCommerce B2c School of management of the Politecnico of Milano, the E-commerce Italian sector, despite an increase in turnover, has not yet reached its full potential. One of the factors that contribute to the stopping of the expansion is the distrust of the clients in regards to the security of transactions. Concerns in part based- since the sites of E-commerce, if not protected are vulnerable to risks that are very concrete. E-Commerce compromise = Users leaving, lost investments and unforeseen expenses. What happens if your site is a victim of a computer attack? The producers of browsers and the search engines have created certain alliances for identifying infected sites and protect the users: The search engines, like Google, can remove the infected sites – actual or suspected – from results from searching or downgrade it temporary. The site under attack can be blocked by the browser like Firefox or Chrome (The typical red boxes with the message under that something is not right) When you attempt to visualize a page that is infected the virus can bring up warning messages, with obvious consequences: Who buy on a site that triggers the antivirus? Another possibility is that phishing sites are created (Copies...

Learn More

OWASP 2004 Commentary

Posted by on Dec 11, 2013 in Training

See what Experts said in 2003, just before the first version of OWASP Top Ten was going to be released. Has something changed? Well.. Not really! That’s why EasyAudit WEB is a great solution to check the existence of web application vulnerabilities like Cross Site Scripting, SQL Injection and Command Execution. With new vulnerabilities announced almost weekly, many businesses may feel overwhelmed trying to keep current. But there is help in the form of consensus lists of vulnerabilities and defenses. The Open Web Application Security Project has produced a similar list of the 10 most critical Web application and databases security vulnerabilities and the most effective ways to address them. Application vulnerabilities are often neglected, but they are as important to deal with as network issues. If every company eliminated these common vulnerabilities, their work wouldn’t be done, but they, and the Internet, would be significantly safer. J. Howard Beales, III, Director of the Federal Trade Commission’s Bureau of Consumer Protection, before the Information Technology Association of America’s Internet Policy Committee, Friday, December 12, 2003 Misconfiguration, inattention, and flawed software can spell disaster on the Internet. One of the primary areas of vulnerability is through WWW connections. By design, WWW services are intended to be open and accepting, and...

Learn More
5 Myths of IT security Comments Off on 5 Myths of IT security

5 Myths of IT security

Posted by on Dec 11, 2013 in Training

In the world of Information Security myths exist that influence senior executives, business managers and sometimes the same industry professionals, causing misunderstandings and exaggerations about the threats to computer systems and technologies used to combat them. Many of these myths exist because people tend to overreact and emotional in unfamiliar situations, rather than make an objective analysis. The result is overstate the problem by relying on the first solution that is proposed or worse underestimate the risks, thinking thus to avoid additional charges. Myth #1 – It will not happen to me Believing that your company will never be subject to security problems. Many times this statement is said by someone who does not want to spend (or rather, invest), hoping that the risk does not materialize. Instead it is good that when a problem is recognized, or even suggested, there is a phase of risk analysis and, if appropriate are given the resources necessary to mitigate or resolve completely. Other times the opposite happens: you go too far in assessing the impact of the vulnerability. The best thing is to use a framework of metrics to give an objective value to the risk of vulnerability. Myth #2 – All risks can be quantified In companies there is the...

Learn More
Find the vulnerabilities before attackers exploit them Comments Off on Find the vulnerabilities before attackers exploit them

Find the vulnerabilities before attackers exploit them

Posted by on Dec 9, 2013 in Training

In today’s age of rapidly expanding internet technology, the opportunity to exploit new sources of revenue has increased manifold, but so has the risk of getting attacked by unwanted cyber elements. With more than 300 million computer systems connected world-wide, web site security has become quite a major concern for everyone. If the websecurity of a business is compromised, it can have some serious repercussions for the company’s credibility, reputation, survivability and competitiveness. Owing to several kinds of internal and external threats to the web site security of a business, it has become mandatory for companies to go for vulnerability scanning. This is a proactive approach which helps identify the weak or vulnerable links within a network so as to determine where and how a given system can be threatened. Malicious hackers are present all over the web, and waiting for a single opportunity to breach the web site security of a company. Vulnerability scanning has gained such utmost importance in recent times because most of the companies have gone paperless, and a major part of the information is stored and transferred through web servers. In case the web site security of a company is compromised, it not only stands to lose all its critical corporate data and trade...

Learn More

Take care of those vulnerabilities

Posted by on Dec 4, 2013 in Training

It is an inevitable fact about the internet: the more the network expands the more vicious and creative hackers become in their preying of vulnerable sites. One of the most effective ways of preventing hackers from exploiting a website’s vulnerabilities is to identify those vulnerabilities beforehand. Identifying and correcting these weaknesses as soon as possible is an important part of web site security. A vulnerability is a weakness in a computer program through which an attacker can reduce a system’s information assurance. Often when a vulnerability is first discovered, there is a certain amount of time before websecurity is able to correct it. This period is known as the window of vulnerability. Being certain about web site security is to is to reduce this window of vulnerability or to eliminate it altogether. This is where EasyAudit comes in. EasyAudit is the verification of IT security for companies. Our manual web application penetration test and automated vulnerability scanning will help your web site security identify weaknesses before they are exploited by attackers. EasyAudit’s verification of websecurity will authenticate your website’s security and will discourage would be attackers. E-commerce site owners can rest easy when they know that EasyAudit is taking care of the web site security of their site. EasyAudit...

Learn More
Website Security – Vital Thing for Online Businesses Comments Off on Website Security – Vital Thing for Online Businesses

Website Security – Vital Thing for Online Businesses

Posted by on Dec 4, 2013 in Training

If you want to have a popular website, it’s important that you take care of its security. If people feel unsafe visiting your website, they are not going to visit it more often and the traffic at your website is not going to increase. So, to make sure that your website becomes popular, you have to make it secure. If you don’t pay that much attention to the security of your website, it can harm the reputation of your business as well. Let’s suppose that you are running an online business of selling goods and to buy something from your website, the visitors need to submit their credit card details. Now, if your website gets hacked, those details would go to the hacker and he would make inappropriate use of that. And that would affect your name and business in a negative way. The second problem that the visitors face on a malware affected website or a hacked website for that matter is that they find it hard to handle. The pop-ups appear every second on such websites and the users get frustrated by that. They can’t just waste all their time getting rid of such pop-ups. They would like to visit some other similar kind of website instead....

Learn More