Christmas is right around the corner and winter sales are arriving too. Online shopping is planned. Your banners, packaging and special offers are ready, but did you think of your website’s security?
We won’t remember you to update and install patches or to watch suspicious operations (what you are already doing), but we concentrate on three elements to protect your client data and to reassure them about your security level.
1/ HTTPS certificate
Using HTTPS is indispensable for an e-commerce website. Users expect to see the well-known padlock on pages where they give their information. Many people only rely on an URL starting with HTTPS and the padlock to judge the reliability of a website.
However, malicious hackers do know it too. Now they create websites with an HTTPS certificate to deceive users. A study from Phishlabs estimates that in the 3rd quarter 2018, 49% of phishing websites are using an HTTPS certificate.
(We detail here how to identify suspicious emails to avoid phishing attacks, which can be tricky even for experienced users.)
It is a question that we often hear. Sorry, we don’t have a formula ROI=… to reveal. The return on investment of penetration testing is complex to measure, but we are giving you 4 keys to demonstrate the financial benefits of pentest. Security is not only useful to avoid potential problems, it mostly creates value encouraging sales.
1/ Investing to avoid a loss or a higher future expense
Penetration tests are a preventive action. Pentests, by simulating realistic attacks of malicious hackers, enables to detect security flaws, technical as well as logical (this article explains more precisely what logical flaws are).
Vaadata is a startup specialising in web, mobile, social engineering and IoT penetration testing. We are looking for a future pentester to join our team!
Who are we?
- A dynamic startup with an expertise in ethical hacking
- A small and fun team, very unsimilar to the corporate world of big consulting companies
- A company that allows time to technical watch and creativity
Who are we looking for?
What is a Cross Site Request Forgery Attack?
The CSRF is an attack that forces an end user to perform unwanted actions and without noticing on a web application he/she is currently authenticated.
CSRF attacks specifically target requests that make modifications, not data theft, because the attacker has no way of seeing the response of the falsified request. The outcome of the actions is what interests the attacker.
This type of attack is based on the fact that when a user is authenticated on an application, it will usually provide a session ID that its browser stores in a cookie.