Is Your Website Hackabel? Use Acunetix Vulnerability Scanner
All validation for security purposes must be carried out within the server side script and not thorough client side authentication - such as JavaScript - as it can easily be bypassed by the user disabling JavaScript in their browser. When dealing with a numeric input, such as age, telephone number or credit/debit card number the value of the variable should be processed through a specially constructed function to ensure that the data only comprises of numeric characters (and possibly spaces). Similar functions can be constructed to handle other data types such as Dates, Integers and Floats.
Alternatively, for some numeric fields such as integers or dates the input method could be through the use of a drop-down selection box. If the input is selected from a dropdown box it would be generated by the source code and no validation will be necessary.
Vulnerability Scanning services need to be delivered in situ on-site. This can either be performed by a 3rd Party Consultant with scanning hardware, or you can purchase a 'black box' solution whereby a scanning appliance is permanently sited within your network and scans are provisioned remotely. Of course, the results of any scan are only accurate at the time of the scan which is why solutions that continuously track configuration changes are the only real way to guarantee the security of your IT estate is maintained.
Changing Trends in What Motivates Hackers According to Zone-H, the top 50 attackers defaced a total of approximately 2.5 million websites all over the globe. According to the CSI/FBI Computer Crime and Security Survey 2005, one of the most dramatic findings was the exponential increase in website defacement experienced by their respondents: in 2004, 5% of the respondents experienced defacement while in 2005 that figure went up to 95%. Recent trends over the past 12 months show that there is a shift from such disruptive vandalism that gains notoriety towards theft of data that translates into profit. The report on 2006 is still to be published. You need to rely on a vulnerability scanner such as Acunetix vulnerability scanner.
About the Author:
0 comments:
Post a Comment