Do I need a vulnerability assessment?

Do I need a vulnerability assessment?

Posted by David Law in Hosting Essentials on November 25, 2012 with No Comments

The CVE (Common Vulnerabilities & Exposures) database includes over 59,000 known information security threats. While the techniques used to access your data or alter website code vary greatly, a security breach usually has one of these aims:

  1. Database access and the theft or corruption of personal or sensitive data
  2. Altering website code in order to change what users see
  3. Intercepting personal and sensitive data
  4. Denial of Service (DoS) attacks that render services unavailable

If you’re thinking about having a security expert or your hosting provider evaluate your website or server vulnerability, here are a few questions to ask yourself in order to help you decide.

server security checklist

Is personal or sensitive information passed to or from your servers, or displayed when a user is logged in?

If yes, your website could appeal to hackers who can use techniques to intercept this information. These might include Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF) and cookie manipulation in order to steal or use session information.

Does your website use a frequently updated application to generate the html (e.g. WordPress), or is the programming bespoke?

Secure programming reduces the risk of certain types of attack like code injection and SQL injection, as well as those threats already mentioned above. If you use a trustworthy platform or you are satisfied that your programming is secure, you can be more certain that best practices are in place to defend your application.

Do you have information in your database that would appeal to hackers and thieves?

The more attractive your data, the more likely someone is to try and retrieve it, and the more responsibility you have to protect it. If you have users’ personal information, especially sensitive information or credentials, your data will be more attractive to hackers.

Does your organization have any detractors or groups who oppose it?

Even a small number of passionate adversaries could be motivated to disrupt your activities. And although you may not feel that your website would be a target for hacktivists, if you are perceived to have relationships with other companies who have been targeted or you have a popular website, that may be enough to attract the wrong kind of attention.

In their 2013 Information Security Survey PWC found that hacktivism was the third biggest cause of security breaches, with 25.39% of respondants estimating hacktivists as the cause of a security breach.

Are you using out of date software and applications on your servers?

Software patches often include important security updates. If you have not updated your software, CMS or other applications for several months or years, you could be unnecessarily exposed to threats. Check the website of the application provider or contact a sales representative to find out about recent updates and what they are designed to achieve.

Tags: , , , ,

Leave a Comment

Back to Top

2024 © | All rights reserved