OK, so first off I do apologise for the lack of posts, it has been a very busy time here at Modulus with all that has been going on in the online space, particularly around security and the privacy of your information and that of your customers.
So, how secure is your Website and corporate network?
Do you store customer information on your Website? Is your corporate network exposed to the outside world?
If you are truly making the most of your Website and technology, you will have answered yes to the above. But have you taken measures to make sure that the information you store and share is safe and secure?
Website developers tend to rely on the framework of their choice (PHP, Java, ASP.Net) to provide some level of security around their code and while these frameworks do a good job at securing the Website, it does not mean that someone hasn’t already found an exploit in that framework, or has a keen interest on accessing data you store and will do anything they can to get to it.
Penetration and vulnerability testing is a MUST if you do a lot of your business online.
Depending on your customers, or who you are maybe integrating some of your Website or corporate network with, it is a good idea to check any contractual agreements you have in regard to any compliance required. For example, if you are collecting personal information and payments online, you may be required to be PCI compliant if you are collecting the payments within your Website and not using a third party payment provider like PayPal or DPS.
The process of becoming compliant with the likes of PCI is to provide true and valid information via a questionnaire, as well as provide some information around the security if your Website or corporate network. This is where vulnerability and penetration testers are bought in to test your Website/applications and the infrastructure they are hosted. They will use a range of tools and attempt to find holes in your Website or network including remote access, file system access, database vulnerabilities and port scanning to name a few. Once complete, you will be given a report of your systems and the level of priority around securing any issues found. This is a generally required on a regular basis and provides customers, stakeholders and third party providers knowledge that your Website or network infrastructure is as secure as it can be.
If you do business online, get in touch and chat to me about your Website security .