Web Security Test

Web Security Test is a website by Pat Walsh, a freelance Website and App Tester, working in London and online.

It is the online resource for my Website Security Testing services.

Currently in the R&D phase, developing Website Security Testing services, to offer in addition to the Website Testing and App Testing services I currently provide, to many customers.

Who is it for?

Any business which runs a website – and that’s practically all businesses these days – needs to ensure their website is safe and secure.

This will help them to:

  • avoid their website being hacked
  • avoid data loss
  • avoid revenue loss
  • avoid reputation loss

Services

Currently in the R&D stage, developing the website security testing services that will be offered to help small businesses and website owners to test the security of their websites – and to secure their website, secure their business.

This will involve testing the website for many different security vulnerabilities and then reporting these issues back to the website owner, so they can be fixed.

Dangers to your website include

Hackers find and exploit security weaknesses in websites, computer systems and networks.

  • find and discover information on the potential target
  • identify vulnerabilities in the target system
  • try and exploit the vulnerabilities found

Distributed Denial of Service (DDoS) is an attack where multiple systems flood the bandwidth and system resources of a target system, usually causing the target system to fallover.

These are often carried out by botnets, which themselves were created by malware infecting systems.

SQL Injection involves malicious SQL statements being input into data-driven applications and websites, sometimes allowing the hacker to dump the entire database for their own use.

Cross Site Scripting (XSS) is a vulnerability typically found in web applications, allowing attackers to insert client-side scripts into web page(s) viewed by other users.

Security misconfiguration can be exploited by hackers to access a website or web application, due to security meaures and configuration not being properly applied.

Example issues are:

  • out-of-date software - including operating systems, web servers, databases and code libraries
  • default accounts and passwords being left in system
  • un-necessary features being installed and/or enabled
  • error handling messages reveal too much of your system configuration

Sensitive Data Exposure is where insufficient (or no) encryption takes place of sensitive data – e.g. passwords, credit card numbers, personal information etc.

This is where applications for authentication and session management are not implemented correctly, allowing hackers to gain passwords, keys or session tokens – often allowing them to exploit other user’s system identities.

Unvalidated redirects and forwards allow attackers to redirect users to phishing or malware site, or use forwards to access unauthorized pages.

New threats are emerging every day, from new hackers, hacker groups and global locations.

Dangers Defined - What is ...?

What is XSS? Cross-Site Scripting (XSS) is an attack on a website and/or web application, where a hacker can insert (inject) client-side scripts into web page(s) viewed by other ...
What is DDoS? DDoS (Distributed Denial of Service) is an attack where multiple systems flood the bandwidth and system resources of a target system, usually causing the target system ...
What is SQL Injection? SQL is Structured Query Language, a special language for querying and updating databases. SQL Injection involves malicious SQL statements being input (injected) into data-driven websites ...

Some big hacks

TalkTalk loses 95,000 customers, £60 million in costs after hack attack | Ars Technica UK #bighacks #security arstechnica.co.uk/security/2016/…
Time Warner Cable: 320,000 customer passwords possibly stolen - CNET #security #bighacks #malware cnet.com/news/time-warn…
Web attack knocks BBC websites offline - BBC News #bighacks #DDoS bbc.co.uk/news/technolog…
Iranian hackers 'targeted' New York dam - BBC News #security #threats #hackers #bighacks bbc.co.uk/news/technolog…
Moonfruit takes websites offline after cyber-attack threat - BBC News #hackers #DDoS #cybersecurity #threats bbc.co.uk/news/technolog…
Children's electronic toy maker Vtech hacked - BBC News #bighacks #hackers #security bbc.co.uk/news/technolog…

Secure your website, secure your business

@WebSecurityTest latest tweets