"The license that protects you against the theft of personal data and fraud in the use of credit cards."
The safety of the infrastructure of the sites is a particularly sensitive issue, to which one can not remain indifferent, because sometimes the vulnerabilities may inadvertently be introduced by managers when implementing changes in the policies of the firewall, creating vulnerability to hackers, worms or Trojan horses . The only solution is to proactively monitor the network in order to meet the threats and implementing appropriate measures before the attackers take advantage of them. Beyond this aspect is also important to convey that to the end user can browse the site safely.
He was thinking about these things that MarketWare Europe launched the digital certificate Hacker Secured. This was not only designed and conceived with the aim of providing mechanisms that allow administrators to proactively monitor networks and preventively throughout its network, as well as convey confidence and assurance to users, they are protected against theft of personal data and fraud the use of credit cards.
Thus, the Hacker-Secured, validate through audits daily, weekly or monthly to sites, in order to pass safety tests in the FBI / SANS. When the site met the minimum requirements imposed by the best security practices will be awarded the certificate Hacker-Secured. In this situation you have the guarantee that in 99% of cases there will be no intrusions.
Description of the Audits The Audits will be held daily in three phases:
Scan for detection of vulnerable ports, network penetration tests, test complete analysis of web applications. With this audit can be run on a continuous and proactive monitoring of security systems, significantly reducing the length of time for research and discovery of vulnerabilities. Fact that contributed to a faster resolution of problems if they occur and the provision of the factor of confidence to the end user.
Stage 1 - Scan for Detection of Vulnerable Ports
The first phase consists in carrying out a scan which aims at comprehensive analysis of the network to detect the TCP and UDP ports that are open and susceptible to attacks.
Stage 2 - Network Penetration Tests
In a second phase will be analyzed all open ports to determine exactly the service they are running, including the type and specific version. The aim is to examine in detail all the vulnerabilities of all services such as DNS, SMTP, SSH, FTP, HTTP and SNMP, using methods of signature or evaluation of response. They will be used techniques for detecting intrusion and penetration of firewalls to ensure an analysis with the utmost precision.
Stage 3 - Full Analysis of Testing Web Applications
This third phase aims to analyze the level of web applications.
According to Gartner, 70% of security breaches occur at this level. Here all fields and HTTP services will be tested in order to identify potentially dangerous modules, the setup parameters, CGIs and other scripts. The site will be driven to find forms that are used to identify vulnerabilities, such as disclosure of code and cross-site scripting. Analysis of general and specific software will be implemented to detect vulnerabilities of configuration that are related to errors in the code.