WEB SECURITY TESTING

Why web security?

Your website is a gateway to your customers. It is often your first impression and can be last, if not properly secured. Whether the website just disseminates company information or is used for e-commerce activities, breach of security can often result in reputation and financial losses, as well as multiple litigations.

It is therefore important to regularly evaluate website security and protect your website from malicious attacks.

Outsourced website

It is common to outsource website hosting and maintenance to third party service providers. Many e-commerce related websites also outsource the payment mechanism to third party service providers. However, outsourcing does not ensure that your website is secure. Many website security breaches are caused by mis-configured web servers and insecure web programming. Whether these are managed in-house or outsourced, the risks and consequences to your business still remains the same.

The payment services often go through rigorous testing to secure payment data. However, this does not protect your website from other forms of attacks and vulnerabilities specific to your website.

Vulnerabilities in website design may result in many security issues such as defacement or denial of service. It may also be possible to extract your customer’s information or re-direct a legitimate user to a site masquerading as your website and encouraging them to share information which you would usually not request. Such an attack may also re-direct your website users to an illegitimate payment gateway or simply re-direct payment to a different bank account.

What can you do?

It is important to be proactive and regularly evaluate your website security controls against such malicious attacks.

In a world where new vulnerabilities are discovered daily and number of hacking attacks is increasing exponentially, website owners must always be on guard and seek the help of security experts to conduct independent security evaluations on a regular basis.

How can Turnkey help?

Our WebSECURE services assist website owners to evaluate security of their website against known vulnerabilities and common attack scenarios. It includes scanning your web site for common vulnerabilities such as SQL injection, Cross-site scripting and Local and remote file inclusions, source code disclosure, session security problems, URL modification, etc.

We use automated tools and manual testing to test your website for these and other vulnerabilities.

Our WebSECURE service is based on OWASP and includes the tests for the top 10 most critical web application security risks.

We don't rely only on automated tools. We also use manual testing and proof of concept exploits to filter out false positives generated by the tools. In addition, we provide guidance on how to address the security vulnerabilities identified.

WebSECURE is an efficient and cost effective way to secure your website and prevent malicious attacks.