Security for any e-commerce site is a must for the safety of your customers billing information and the financial safety of your organization. There are many points of failure, or vulnerabilities, in an e-commerce environment. Even in a simplified e-commerce scenario many potential security vulnerabilities exist. Whenever a user contacts a website and gives his credit card and address information, there are a number of systems and networks involved. Each system and network has security issues due to the following features of online purchases:
- A user must use a website and at some point identify or authenticate himself to the site. Typically, authentication begins on the user’s home computer and its browser. Unfortunately, security problems in home computers offer hackers other ways to steal e-commerce data and identification data from users.
- The user’s web browser connects to the merchant front-end. When a consumer makes an online purchase, the merchant's web-server usually caches the order's personal information in an archive of recent orders. This archive contains everything necessary for credit card fraud. Further, such archives often hold 90 days' worth of customers' orders. Naturally, hackers break into insecure web servers to harvest these archives of credit card numbers.
- The merchant has a back-end and database. A site’s servers can weaken the company's internal network. This is not easily remedied, as the web servers need administrative connections to the internal network, but web server software tends to have buggy security. Here, the cost of failure is very high, with potential theft of customers’ identities or corporate data. Additionally, the back-end may connect with third party fulfillment centers and other processing agents. Arguably, the risk of stolen product is the merchant's least-important security concern, because most merchants' traditional operations already have careful controls to track payments and deliveries. However, these third parties can release valuable data through their own vulnerabilities.
This is a simplified model of an e-commerce architecture. Yet even in its simplicity, there are a number of security problems. Encrypted e-commerce connections do little to help solve any of these issues except for network security problems. While other problems might be ameliorated by encryption, there are still vulnerabilities in the software clients and servers that must use the data. For this reason, a Basic Security Audit will review the following areas:
- Root Kit Detection
- Open Cart PHP and SSL Certifications for hacks and security breaches
- Discover SQL Errors
- Ethical Hack for Security Vulnerabilities
- Version Check Security Packaging
A Basic Security Audit normally takes approximately 4-5 hours. When a Numinix professional has completed the Basic Security Audit, a professionally prepared report will be forwarded to you outlining the problems and estimating how long it will take to correct each area, along with how much it will cost, so that you can begin to build your budget accordingly.
Purchase this audit as a part of the Development Roadmap and receive a significant discount on this and other essential audits.