IT Penetration Testing 16/01/2012
_ Nearly all online business holders have heard of certain actions that must be taken to maintain the safety of your network and website. One of these actions is IT penetration testing. Another is vulnerability scanning. Vulnerability scanning and IT penetration testing are somewhat similar; though penetration testing involves more steps then vulnerability scanning. Penetration testing is a process of measuring the security of a website and computer network by generating a virtual attack on your system as if it were from a hacker. Vulnerability scanning is done electronically by scanning through the computer system searching for vulnerabilities. IT penetration goes above and beyond the scanning. A professional penetration tester meticulously reviews the results of the vulnerability scan and can often discover what the scanner doesn’t catch. They also authenticate the results against the network or applications. The simulation is usually carried out from the position of a future hacker so that it can find the risks that hackers will find.
_ Penetration testing is the best way to discover high risk vulnerabilities that could result from lower risk vulnerabilities. Penetration testing is also done so that vulnerabilities that may be difficult to detect with regular network or vulnerability scan software can be found. Penetration testing is also the best way for testing networks and responding to hacking attacks.
Penetration testing on your network is also a very important element of a security audit. The Payment Card Industry Data Security Standard (PCI DSS) and the security and auditing standards require ongoing penetration testing.
Improve Online Conversion Rate 30/08/2011
If you own a business online you may have heard the term “conversion rate”. Conversions in online marketing and sales refer to when the visitor to the website performs the marketer’s intended action. The marketer, or business owner’s, intended action is something like an online purchase or joining an email list, etc. Essentially, when a visitor to your site becomes a customer! The conversion rate is the percentage of visitors who perform the intended action…the percentage who make a purchase or whatever the intended action is.
So what exactly is the point of figuring out your conversion rate? Well, conversion rate is really important to an online business because it is the best way to measure whether your web site is doing well and being successful. There are many things you can do to improve your conversion rate and increase online sales and profits.
Generate user reviews about your products which can accelerate conversion. You can have a section on your site where previous customers can write reviews about how well they like your products. When someone searches for something that you sell, they will be direct to your site to see the reviews.
Create better content for your website that clearly targets the conversion goal. For example, if you are selling clothing online, make sure that you have pictures, text, video, etc. relating to that clothing. Make sure you add content to your site if you are having any special sales or clearance.
Improve your website navigation structure. If your website is not easy to navigate, visitors will be less likely to continue to visit the site. Be sure that the way it is structured makes it easy for visitors to browse and find what they want without having to think too much about where to click.
Remember, increasing conversion rate is essential in increasing sales and profits when it comes to an online business. If you want to increase sales (and who doesn’t?) think about using some of these ideas to improve your conversion rates. Also, there are some companies that will help you with this and do it for you. Check them out if you are interested!
Prevent Website Vulnerabilities 10/11/2010
Website owners should watch out for the risks of website vulnerabilities. As a website owner, you probably know that if your website is attacked, it will cause serious problems. I have listed some of the major website vulnerabilities that you as a website owner should be aware of.
SQL stands for “structured query language”. SQL is used by website producers to create the website. SQL injection is an attack on a website by the attacker placing malicious code into the SQL strings. The developer could accept the code not realizing that it is malicious and cause major problems to their site, because then the attacker can have access to the websites data. They could steal or modify data from your database. So beware.
Cross Site Scripting
Cross site scripting (also known as XSS) is another threat to your website. XSS happens when one of your web applications accidentally (or because of an attacker setting it up) gathers malicious data from a user. Malicious attackers are able to inject client side script into web pages that are viewed by other users. When the user clicks on the link from another website, instant message, or email message, it messes up your whole website. The best way to avoid this is as a user, only open links from webpages that are trusted. Cross site scripting is one of the most common threats to websites.
Another threat to be sure your website is not vulnerable of is session hijacking. This is when a valid computer session is exploited. The attacker is able to take over a web user’s computer session by obtaining the session id and then pretending to be the authorized user. They can then steal important information from the victim. Session hijacking may or may not be detectable to the website owner. But if your website is not responding in the normal or expected way, session hijacking could be a possible cause, so be aware.
So if you are an owner of a website, you need to watch out for these website vulnerabilities. One of the best ways to get rid of any website vulnerabilities is to have quarterly scans of your website by an approved scanning vendor.
FAQ Regarding PCI Vulnerability Standards 23/06/2010
PCI compliance is required for businesses that accept or store credit card information at their business. Many people still have a lot of questions about the PCI vulnerability standards which are also known as the PCI data security standards (PCI DSS). I put together a list of some frequently asked questions that many have about PCI.
What exactly is PCI compliance? The PCI vulnerability standards are a list of 12 requirements put into place by the five major credit card companies, also known as the PCI council. This was to make sure that all businesses are following the same rules regarding the safety and security of their customer’s credit card information. PCI has been around since September of 2006.
Who is required to be PCI compliant? PCI compliance must be met by any business, whether online or not, that accepts, transmits or stores credit card information. Even if you are a small business you must meet the PCI requirements. In other words, if your customers are paying with credit cards, you must follow the PCI standards.
Is there some place I can find a complete list of the PCI requirements? Check out the website https://www.pcisecuritystandards.org.
What about debit cards? PCI compliance includes any debit, credit and pre-paid cards branded with one of the five card association/brand logos, American Express, Discover, JCB, MasterCard, and Visa.
Is PCI scanning required to be PCI compliant? If you electronically store cardholder data post authorization or if your processing systems have any internet connectivity, a quarterly scan by a PCI SSC Approved Scanning Vendor (ASV) is required. PCI scanning is recommended to be done daily or quarterly.
What are the penalties for not complying with the PCI vulnerability standards? Fines ranging anywhere from $5,000-$100,000 per month can be invoked for PCI compliance violations. Penalties can be catastrophic, especially to small businesses, so do not take this lightly.
Hopefully by now, we are all making sure that we are PCI compliant. If you still have any questions about PCI vulnerability standards, don’t hesitate to do a little research. There is a lot of information available and PCI compliance is very important.
SSL for the Best Site Security 15/01/2010
If you want the very best in site security then you need to know about SSL. SSL stands for Secure Sockets Layer. SSL makes it possible for your business to accept credit cards and other sensitive information online. Secure Sockets Layer enables encryption of sensitive data during an online transaction. Encryption jumbles the data as it is being sent across the internet during transmission so that it won’t be accessible by predators. While SSL is important for your website, you should know that it is not enough!
As mentioned above, an SSL certificate is necessary if you have an online business and accept online orders or credit cards on your website. There are other reasons for SSL technology on your site as well. These include things such as if you require a login for customers on your site, or if your site processes personal information such as address, birth date, id numbers, etc.
Now even if you don’t own an online business, you should be aware of SSL. As an online shopper you want to be sure that when you enter your personal information online, that it is safe from internet fraud. When you get to a websites processing page, you will know that it has SSL because you will see a small padlock in the status bar at the bottom of your browser window. Also, look for “https” instead of “http” in the address line. If you see these two things, you will know you are on a secure website.
Site security is very important for a successful online business. But as mentioned above, even though SSL is important to protect the security of your site, it is not the only protection you need. The SSL certificate only protects sensitive data transfers, not your website as a whole. There are other forms of security for your website such as third party business verification, privacy policies, and being PCI compliant with pci scanning, not to mention ways to protect your computer as a whole, such as antivirus software and firewalls.