BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

These are the 5 ways your website could get hacked

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 30 Apr 2015 18:57:57 -0600
http://www.digitaljournal.com/internet/these-are-the-5-ways-your-website-could-get-hacked/article/432160

This rule not only applies to taking a shortcut on the way home only to
face worse traffic but also applies to website security.

Websites and web applications (such as B2B SaaS-based platforms) often
contain hidden vulnerabilities that can be exploited at any time. Most of
these vulnerabilities can be avoided, but unfortunately half of companies
don’t learn about a compromise until it’s too late, according to a survey
by StopBadware.

What follows are surefire steps to get your website or Web application
hacked… or you can look at them as things to look out for to protect
yourself against a compromise.

PCI Noncompliance

Any and all businesses who accept credit cards as a method of payment need
to be PCI compliant in order to protect customer and cardholder data from
cyber attacks and fraud. This includes B2B and SaaS-based businesses, who
rely on online payment for subscription or service renewals. Failure to
become PCI compliant can result in angry customers, lost trust, fines, and
at worst, lawsuits. These are all things that businesses can’t afford to
lose.

There are many easy-to-use tools to help you become PCI-DSS compliant, by
protecting online transactions and creating a safe payment environment for
your customers. They can help businesses comply with a simplified
questionnaire in minutes and avoid fees with easy reporting tools.

Installing Malicious Web Applications

Don’t you hate when you visit a website, and it’s suddenly plagued by
annoying pop-up ads? It’s even worse is when it’s your own website, since
it can be a headache trying to find out where they came from. With
prospective customers’ attention spans growing shorter and shorter, closing
pop ups is that last thing they want to do. So, how do you fix them?

Malicious ads are often caused by installing insecure web applications.
Application security testing tools can carefully examine every web
application installed on your website, identify critical vulnerabilities
such as SQL injection and potential backdoors for hackers, and fix these
weak spots for you.

Open Up Your Website to Every Visitor

One of the most popular metrics for measuring website analytics is traffic.
Unfortunately, not all website traffic is 100 percemt safe. Similar to
having a security guard to check on every visitor that enters your
business, you also need a guard to protect your website, because malicious
traffic like spam bots and hackers can attack your website and steal
sensitive customer data from you.

This is especially important for businesses who provide B2B services via
web applications, since a successful DDoS attack could overload your
server, and make it inaccessible to customers who rely on your service.

To help protect your data, installing a web application firewall (WAF) is a
good start. It provides high-quality services to efficiently block harmful
requests and help mitigate cyber attacks at the same time.

Failure to Monitor Your Website on a Daily Basis

When was the last time you updated your web applications, plugins and
installs? How long has it been since you scanned your website for
vulnerabilities? Failure to monitor your website on a regular basis can
make your website a prime cyber attack target.

A good way to help you avoid unpredictable and invisible attacks is by
installing a website scanner. Many of these run in the background, provide
continuous scanning 24/7, immediately identify vulnerabilities, as well as
automatically remove most malware.

Using Weak Passwords

“Your Spouse’s Name,” “12345,” “password,” “abcdefg”…
Have you used any of the above as passwords? If so, it’s time for you to
change your password. Don’t feel completely bad though, you’re not alone.

Enforcing strong, alphanumeric password policies for both your customers
and employees can help add an extra layer of security to your website. If
you want to take your login security even further, consider using
multi-factor authentication and CAPTCHAs.

There are of course many other ways that your website can be attacked. If
your company has been the victim of a cyber attack, feel free to share your
experience below in the comments and what you did to fix it.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: