|
|
E-Commerce Services > Website Security Information |
|
Weak Login Forms VulnerabilityMost shopping carts have two login pages, one for customers, and one for merchants. Either of these secured areas may be accessed by an account with a weak login combination. An attacker can perform a brute force attack via the login form, using a proxy or a script on a shared server to mask their identity. We'll simulate this kind of brute force attack, using some of the most common username and password combinations, and let you know if your site is vulnerable to this sort of attack (and any passwords found). Data Leakage VulnerabilityDatabase-driven websites are very common, and the parameters of a database
query can often be seen in the URL of web pages When information is passed in the URL in this way, a malicious user can iterate through the sequence and extract information that's held in the website database - this is called data leakage. We'll let you know if your site is vulnerable to this sort of attack. SQL Injection AttackSQL injection is the name given to a vulnerability caused by poor input validation in an application. It's a serious vulnerability, which can lead to a high level of compromise - usually the ability to run any database query. We'll scan your website with automated software, which tests every web page found for SQL Injection vulnerabilities. Search the web for SQL injection. Denial of Service AttackIt's hard to control access to a public webserver. Although it's possible to try and control access by IP address, in practice a malicious user can connect via almost unlimited free dial-up accounts, originating from their country of choice. Your website may have performance-intensive pages. Repeated, high-frequency requests to such pages, may cause such a strain on the webserver as to severely disrupt normal service for other users. This is a Denial of Service (DDOS) attack. Our security test will determine if your site is vulnerable to this sort of attack. Spam Relaying and HarvestingContact forms sometimes contain the email address of the recipient for the email, and this can be modified in the browser, in order to relay spam or anonymous mail, or to "bomb" mailboxes by overloading their capacity. In addition, a common technique of spammers is to use search spiders to crawl websites and extract email addresses from the pages. This should be a consideration when providing publicly-accessible forums, member pages and email directories. Order ManipulationInternet traders sometimes must find a balance between ease-of-use for the customer, and security restrictions at the point of purchase. Payment solutions and shopping carts offer various security features, but often they prove too inflexible and the extra security is not enabled. If a customer does manage to alter the price of an order, or mark an unpaid order as paid, will it be detected by the website software? We will determine whether or not your shopping cart software can be manipulated into allowing purchase of items at an altered price. Admin Control Panel VulnerabilitiesThe merchant's Control Panel on a shopping cart is possibly a weakness in your e-commerce solution. It's often assumed that users will behave, and it's often possible for a user of a control panel to elevate their privileges. We can examine your web-based control panels to determine the implication of any security weaknesses present. |
|
|
See Also
|
Keywordswebsite security, ecommerce security, application
security, secure application, system security,
secure website, pen test, penetration test,
security weakness, website security test,
security testing, vulnerabilities, data
leakage, sql injection, denial of service,
ddos, order manipulation, eshoplifting,
e-shoplifting, e-fraud, internet fraud |
| Top | Home | ECommerce | Hosting | Site Map | Search | © 2003-6 | Contact |
Weak
Login Forms