by Alan Wlasuk
According to recent research, 73% of organizations have been hacked at least once in the last 24 months through insecure web applications, including websites. And with the public breaches of Sony, RSA, and Citigroup most SMB owners often believe that hackers would never target their site. However, the truth is that small businesses are the more frequent, less publicized victim of hackers taking advantage of website vulnerabilities. While, there are numerous things you can do to increase your site’s security, here are some lesser-known tips to help you maintain a secure website and assure your business isn’t the next victim of these unfortunate (but not uncommon) incidents.
1. Think twice before implementing custom web applications – Custom web software is notorious for being insecure. Most development teams do not have security development skills, and only a very few have the capabilities for testing for web security. Many web design firms (specializing in design as opposed to technology) use their own, custom built CMS (Content Management System) that are almost always insecure.
2. PCI Compliance – Understand your need, or lack thereof, for PCI Compliance. If you are breached while in violation of PCI Compliance your financial penalties could be huge.
3. Review your access logs – A surprisingly large number of security breaches are discovered by accident or when the breach is reported to the attacked company. Hackers often revisit a company after a breach, expecting the company to be oblivious to previous hacks.
About the Author
Alan Wlasuk is a managing partner of 403 Web Security, a full service, secure web application development company. Alan’s a Bell Labs Fellow award-winner with 18+ years of experience building secure web applications. From web security evaluation to secure web development and remediation, 403’s seasoned developers have secured web-based applications against hackers andsecurity breaches. Drawing upon the company’s involvement with Software Quality Assurance (SQA), security is always at the forefront of any development efforts. To learn more about 403 Web Security or for a complementary vulnerability scan of your website, please visit: www.403.wddinc.com.