First steps in assessing your website security

Is there any domain on earth without having its own kind of threats? Seems to be a tough question, but I would dare to say that such a case does not exist. The digital era, especially the internet, has powerful threats which are posing huge risks every second to companies and home users. With the highspeed internet we have today (literally terabits per second through optical fibers in oceans), these digital threats are spreading and attacking servers worldwide in a blink of an eye, by disrupting the accessibility of the services we rely on for, everyday tasks. Companies suffer loses which is quite painful from the economic point of view.

This article is going to be very practical because I am going to give you three things to look up for in your website in order to evaluate how secure your platform is. So, I am assuming you are a business-man which has a company with online presence on an upward trend to success. Any offline moments of your website due to hackers and digital threats could cost you big amounts of money, so here are the three simple and easy to apply steps I have for you today. Let’s dig into!

Secure your connection! It may sound trivial but the HTTP protocol, which drives the internet websites and many other services today, is not encrypted by default. It sends the data in plain text over the internet cables which can span through thousands and thousands of miles. Anybody on the track can intercept and see the messages. Just think of a bank you use which does not have encrypted connections and you transfer considerable amounts of money. I think you have already guessed how deep the rabbit hole is. Your data have been leaked and your money is not in a secure place anymore. Now think of the same scenario on your website. Maybe you sell different kinds of services and products, so you process orders and manage user accounts. Maybe you even process payments. With each leak, the customers will gradually lose trust in you and your business will suffer. Secure your connection! Use HTTPS! Are you not sure whether you already use or not? Check the gold lock in URL bar in the left-top part of your browser. Today’s browsers are smart enough and will tell you the state of your connection. The takeaway information for this vulnerability is: buy SSL certificates issued by highly trusted authorities.

Update your software! In general, this step is one of the easiest things you should always do. Vulnerability patches for software are rolled out regularly. Normally, non-technical people avoid updating any part of a system because of the fear of breaking the entire functionality. Sometimes, even the software developers do not update their project dependencies once the project is in development or production, but this thing is not good at all. Maybe you do not want to update to a whole new version because of the real risk of messing the things up, but you should apply at least the security patches released by the vendors. They will not break the system in 99% of the cases. I really encourage you to do take this step. Whether you have a website based on a content management system such as WordPress or Joomla, or a website developed with thousands of small JavaScript libraries from the ground up, it should be updated in order to be safe against most attacks that target the core of the application. But keep in mind that updating the base software will not protect against flaws made by the programmers that built your website upon them.

SQL Injection! I know this one is a bit harder to check for somebody without technical knowledge, but I will try to explain it as simple as possible. If you have a database behind your platform, it is very likely to be an SQL Database. They are the most widespread. With security holes at different inputs which are connected under the hood to the database, data leaks can occur. A hacker can instruct the computer to give him that data he wants from the database (even employees data). For this one, I will give a command line tool which can be used to assess the state of the input points on the website: sqlmap. Sqlmap is a great tool to exploit such a vulnerability and see if a certain input field on website is vulnerable. If you are not comfortable with non-graphical interfaces, you can ask a geekier friend to help you out. In the case your company has a development department, pass them the tool and they will know for sure how to use it.

Get a professional security audit! I know this one is the fourth one on the list, but take it as a bonus! Getting a professional assessment from a trusted company can reduce the risk of getting infected with a very high percentage.

These are my tips for you to quickly test and secure your website in a few hours. Cyber Dacians offers professional cybersecurity services tailor made for your needs. I really encourage you to get in touch with us! You can find us here: www.cyberdacians.com