Posts Tagged ‘Website Security’

Top Website Security Vulnerability Tools

Need to check out your website and see if it secure our list contains some of the top website vulnerability scanners

1.  NikTo 2 Open Source web security application scanner
   
2. Paros Proxy Used to evaluate the security of web application
   
3. Burp Suite is an integrated platform for attacking web applications
   
4. Web Scarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols
   
5. Grendel-Scan is an open-source web application security testing tool
6. Web Inspect is a powerful Web Application Scanner from HP
   
7. Wikto, which apparently borrowed its name from Nikto (a Unix-based assessment tool)
   
8. Acunetix Web Vulnerability Scanner: Acunetix has pioneered the web application security scanning technology

In IIS7 if you want to add 2 or more web sites to the one web server using different domain name and different SSL certificates you need to assign more than one IP address to your server. Each website on IIS that you want to bind an SSL cert to must have its unique IP address.

Do you know that an SSL cert does not secure your website? 

Shockingly so many people around the world think that once a website has an SSL cert it is secure. What an SSL cert actually does is it only securing the data transfer from a HTTPS page in a web browser back to the web server. So it is simply a way to secure the transfer.

From speaking with many web users we discovered that they were under the impression that when they saw a SSL  secured logo  the website has high security and was protected from hackers. Unfortunately this is an incorrect assumption because web site security requires a lot more than just an SSL cert. We also learned from speaking to Irish web site owners that many were not taking their web site security as a high priority, the general comment that we got which shocked use was if we get hacked we will invest in IT Security for our website, but until then we do not see the need , because they believed that hackers might never find their web site and they were willing to take the risk. We have not carried out any surveys to assess how many Irish website owners think in this way, but to date every owner of an Irish ebusiness website we spoke with failed to understand why their website required a basic level of IT Security. What has gone wrong here? Is it simply a case of lack of education which is preventing some Irish online businesses from understands the risks involved, or is it a case that many Irish ebusiness are not willing to invest the money to protecting their website and their customers?