These security scanning services are inexpensive, starting as low as $20 per month. Sign up for one. It’s likely required by your credit card agreements, the cost is modest, and the security benefits are significant. If your site receives a clean bill of health from a scanning robot, it’s certainly more secure, and thus less likely to be hacked.
However, a clean scan does not mean your site is immune to attacks. These scans probe your network at its foundations, down at the protocol level. Wiley hackers instead can attack your site at the application level. Application level attacks often use a technique called “SQL injection,” where hackers paste funny characters into your Web forms or into your dynamic URLs. If your site isn’t coded securely, these funny characters could allow a determined and savvy hacker to take control of your database. Once in control, the hacker could destroy your site, steal your data and potentially seize customers’ credit card numbers.
Commercial e-commerce platforms typically receive more rigorous testing than applications developed in house, and are less likely to have SQL injection vulnerabilities. Database-backed Web applications developed in house, no matter how small or simple, could expose your entire database to hackers if coding errors were made.
Questions to ask yourself:
• Is our site regularly scanned by a certified security monitoring service?
• Are all our online applications purchased, or are some developed in house?
• Have we applied the most current patches to our purchased applications?
• Who is responsible for keeping these patches up to date?
•How do we ensure our in-house Web applications are safe from SQL-injection attacks?
Should You Publicize Your Scans?
Security experts disagree as to whether you should publicize these network scans.
Some experts suggest trumpeting security scanning as a marketing benefit. ScanAlert’s Leonard, for example, asserts it’s essential for catalogers to bring the security issue up with customers to reassure them.
- Companies:
- The Rimm-Kaufman Group