Website Attacks

Corporate websites are under constant attack. This includes being probed by hundreds of automated bots on a monthly basis, to intentional injection of malicious code, to a distributed denial of services (DDoS) attack.

Whitepaper

How to Protect Your Website from Unauthorized Access

A website is essentially made up of written code, constructed to interface with browsers, the Internet, and many user-facing, user-friendly features like shopping carts and video. These systems are in many cases constructed with more of an emphasis on user-friendliness than on security. Protecting a website requires an alternative focus—not just on how good it looks and how well it works, but on protection of customer data and of the internal network. This requires proper testing of the code and of the execution of the code, to be sure that it interfaces with servers, databases, shopping carts and content management systems in a way that does not compromise security.
The Open Web Application Security Project (OWASP) sets the security standard for Web Application Security. OWASP keeps the world-wide security community abreast of security tools and standards, testing methodologies, code review and informative conferences. For information technology (IT) professionals and others interested in technical detail and geek speak details about OWASP and specific, constantly updated security news, more information is available at https://www.owasp.org/.
OWASP identified the following as top security risks, based on data on real attacks in 2013:

  • A1 – Injection
  • A2 – Broken Authentication and Session Management
  • A3 – Cross-Site Scripting (XSS)
  • A4- Insecure Direct Object References
  • A5- Security Misconfiguration
  • A6 – Sensitive Data Exposure
  • A7 – Missing Function Level Access Control
  • A8 – Cross-Site Request Forgery (CSRF)
  • A9 – Using Components with Known Vulnerabilities.
  • A10 Unvalidated Redirects and Forwards

This white paper details the general recommendations that business owners can take.

Whitepaper

How to Prevent Employees from Stealing Business Website Domain Names

As part of launching new company websites, employers often request that individual employees register the domains on their companies’ behalf. Management – not wanting to deal with the minutia of this task – may choose to delegate this responsibility to an employee who will enter his or her own name and information as the domain registrant, thereby gaining administrative control over the website and domain.

Accordingly, a number of companies are finding that entrusting their employees to create and register their websites can have dire consequences. If the proper precautionary measures are not taken, a company can find itself in a precarious situation if the employee is terminated or voluntarily leaves and does not turn over the information related to the company’s website. This whitepaper will address how businesses can avoid website domain conversion by employees and the potential legal claims they may bring.