|> Frequently Asked Questions|
Is an online security audit really useful?
There is no such thing as a 100% perfect secure online application, website or web services, but the vast majority of attacks, and particularly those of worms or viruses, are carried out using publicly disclosed vulnerabilities. You can effectively prevent those attacks and protect your systems using our audit services. This link will show you details of our online security audit.
Doesn't a firewall provide sufficient protection?
Using a firewall is a necessary step to protect your server, computer or your local network. In today's Internet, no host should be connected to the Internet without a firewall protection. But a firewall leaves some ports open to be able to use standard Internet programs like port 80 for the web server and services like file sharing, email or web, which may be exploited. Hence, network security defense provides no protection against web application attacks since these are launched on port 80 (default for websites) which has to remain open to allow regular operation of the business.
Defencive measures are not sufficient, and regular security assessments will help you to identify potential security threats and fix them.
What is a security audit?
A security audit performs vulnerability assessments of Internet-accessible hosts like web servers. It checks against a wide repertoire of attacks that hackers regularly launch against orgnizations including SQL Injection, Cross Site Scripting, Directory Traversal Attacks, Parameter Manipulation...etc. If your web applications are compromised, hackers will have complete access to your backend data eventhough your firewall is configured correctly and your operating system and applications are patched repeatedly. For more information, please click on this link.
Will an online security audit damage my web application, or pose a threat to my data?
Our audit is conducted in in a non destructive manner, which means that it will not delete or corrupt and existing data in your database. Our team try to insert some test data into the database as part of the SQL Injection test routines which are performed, however these entries can easily be deleted after the scan.
Why are numerous emails sent out during an audit?
During a scan, it might occur that forms present in the web application are filled out and submitted. This could trigger a mailing system. It is because we complete and submit forms blindly during certain specific vulnerability checks. If forms are not validated for human input, undesired effects might occur. This issue is a vulnerability in itself. A hacker can perform the same steps to flood the mail system, for example by using automated bots. This issue is dependent on how the custom website actually works at the server side with certain type of requests. This mass mailing can be caused my more than one thing: Forms, Links, multiple requests etc..
It is important to be aware that this is a vulnerability and not something wrong in our test systems. Such mass mailing entry points should be made more secure. When using forms for sending emails (example: registration forms), techniques such as CAPTCHA (http://en.wikipedia.org/wiki/Captcha) should be used to prevent this situation.
This page is constantly being updated. If you have any question, please feel free to contact us. Thank you.
|Copyright © 2012 Hoost Communication. All Rights Reserved.|