Posted by websiteverification on January 19, 2012
IT penetration testing is a process used to assess the safety and security of a computer system or network by faking an attack from malicious hackers. The procedure is related to a vulnerability assessment, but includes a lot more. A vulnerability assessment is performed by a machine looking throughout your network. With a penetration test, a professional penetration testing resource reviews the results of the vulnerability scans and also validates the results against the network or application. Because it is an actual human being performing the review, there are frequently new findings that a machine doesn’t catch. Also, because the test is usually carried out from the position of a prospective hacker, it will more often find the vulnerabilities that hackers find. You may have heard penetration testing referred to as ethical hacking.
Penetration testing is done for many different reasons. Some of these are: To discover high risk vulnerabilities that can result from low risk vulnerabilities. To recognize vulnerabilities that may otherwise be hard to identify with automated network or vulnerability scanning software. Testing networks to be able to successfully detect and respond to hacking attacks.
Penetration tests are an element of a security audit. The Payment Card Industry Data Security Standard (PCI DSS) and the security and auditing standard require both annual and ongoing penetration testing.
Posted in website verification | Tagged: penetration test, pentest, vulnerability assessment, vulnerability scanning, website security, website verification | Leave a Comment »
Posted by websiteverification on February 13, 2010
Vulnerability scanners are one step further than what you already have to keep your website safe. It is a very important part of website security. A vulnerability scanner is used by an ASV (authorized scanning vendor) to look for and recognize threats to your computer system. It scans for many different common vulnerabilities on your system and then sends the results to you in a report so you will have the info you need to get it fixed.
I am sure you have all heard about the many threats that are lurking out there on the internet. Things like malware (spyware, adware), viruses and worms, and internet phishing can cause horrible problems to your computer system and website. Here is a quick explanation of some of these well known dangers.
Malware (short for “malicious software”) is designed to take over a computer system without the permission of the user. Malware includes things like spyware and adware. Spyware can infect computers without their knowledge and steal private information about the user. Occasionally spyware is concealed within types of adware. Adware is short for “advertising supported software” and isn’t illegal – which makes people believe it is safe, but that’s not always the case. Computer users should protect themselves against malware by using firewalls and vulnerability scanners.
Computer viruses, as you know, are spread from computer to computer just like a human virus spreads from person to person. Computer viruses can range in severity; some may cause only somewhat bothersome problems while others can damage your hardware, software or files. Another threat, worms, is similar to viruses because they spread from computer to computer, but unlike a virus, they can travel without any human action. Worms use files or data transport on your computer system so they can travel without help. Always have anti-virus software on your computer and vulnerability scanners to help you avoid these issues.
Internet phishing is the criminal practice of trying to acquire private information such as usernames, passwords, and credit card information from unknowing users. This happens because those doing the phishing disguise themselves as trustworthy businesses or people. It is normally carried out by email and frequently directs users to phony websites that look identical to real ones the user has visited before.
Now that we have reviewed some of the major threats of the internet, be sure to put in place a vulnerability scanner.
Posted in pci compliance, website verification | Tagged: pci compliance, pci scanning, vulnerability assessment, vulnerability scanner, website security | Leave a Comment »