1. I have found that there are several website owners and
hosting companies that are either misinformed or a little
confused about the differences between PCI Scanning,
Vulnerability Scanning, and a Penetration Test. Because
PCI scanning is required for websites to be compliant with
the Payment Card Industry (PCI), it's important that those
responsible for PCI compliance understand the
differences. Acunetix Vulnerability Scanners will help.
2. It all sounds apocalyptic, doesn't it? Well, rather than
being an angel of doom, I'll let the stats speak for
themselves.TJX Companies Inc. TJX Companies, owners of
T.J. Maxx, Marshalls, Winners, HomeGoods, A.J.
Wright, and Bob's stores, on the 17th January this
year, disclosed that 40 million of their customers' credit
and debit card details were stolen. In parallel, federal
credit union SEFCU published a similar warning that the
personal details of 10,000 of its customers were
compromised in the hack attack.
3. In December 2006, University of Colorado, Boulder
experienced a hack attack that resulted in the theft of
thousands of names and social security numbers - a total
of 17,500 records were compromised. University of Texas,
Dallas, reported in December 2006 that the data of 35,000
individuals (current students and alumni) was
compromised. Social security numbers were exposed,
according to the Privacy Clearing House.
4. When dealing with all user inputs through text boxes, it is
important to restrict the length of the input. All textbox
fields should be as short as possible and must be an
appropriate length for the data to be entered. By keeping
each field as short as possible, the number of characters
that an attacker could use to launch a SQL injection is
restricted.
5. One line of defense includes the Restriction of Error
Messages. Error messages are normally generated in
HTML which an attacker will be able to view. The details of
all error messages should be logged in database or file on
the server and displayed through a dynamically produced
error page. It is important to have the proper website
security when you have your own business online. Using a
vulnerability scanner is a smart idea. Don't forget to have
your site scanned with an Acunetix Vulnerability Scanner.