It seems like nowadays we hear about the latest hacked websites and companies very often. Even the largest companies, which spend millions of dollars on website security audit, get hacked and quite often. No doubt, the fact that even large companies, which house data of millions (or billions) of people, get hacked is very troubling. So if large companies can get hacked, how can small companies and websites protect themselves against attacks and malware? This is specially worrisome if you have an eCommerce website, including the Magento eCommerce Platform. There is no simple goto solution here, as each software is very specific and needs very specific security measures.
However, there are certain measures that all website owners should take. Here is a Website Security Audit checklist with just a few precautions one can make. Please note that the list of security measures we implement is far larger than this list:
1. DDoS protection – having a WAF (Web Application Firewall) is vital for any website. WAFs can protect your website from many types of attacks one of which is DoS (Denial of Service) or DDoS (Distributed Denial of Service). During a (D)DoS, a computer or many computers flood your server with automated traffic until it becomes unresponsive.
2. SQL/Code injection prevention – strong software development practices, well-tested code, and a WAF can help prevent injection attacks. Code or SQL injection attacks are attacks where malicious users or bots try to inject code or SQL commands on your website through form elements.
3. XSS attack protection – a XSS (Cross-Site Scripting) attack is a type of an attack when a malicious user or a bot sends malicious data with the request that causes the website do something it shouldn’t such as hijacking the users away from the site or revealing database credentials.
4. Brute Force attack protection – a brute force attack is when an attacker / bot tries every possible password combination until the correct one is detected.
More information will be found on our Security and Audits Page.
Please contact us at 310-882-7755 to inquire about Website and Server Security, Compliance, and Website Security Audit services in the greater Los Angeles area specially for eCommerce platforms including the Magento eCommerce Platform.