HiTRUST Web Security Health Check Service helps you to defend your Web site from attacks like SQL injections, Cross Site Scripting, and security loopholes such as backdoors, un-patched software and other ways hackers can compromise your Web site and Web application. Such service does not require additional hardware and software deployment. Besides, the checking should be done in a a regular basis as the best practice to maintain your Web site and application in a good health.

Web Security

Web site and Web application become integral parts of more and more business activities. However, Web site security is possibly today's most overlooked aspect of securing data. Hackers are focusing their efforts on hacking Web sites as it is mostly connected to Web-based applications such as shopping carts, forms, login pages, dynamic content, as well as important database like inventory, customer credit card numbers, transaction records, etc. Web sites are accessible 24 hours a day, 7 days a week and control crucial data since they often link directly to customer databases.

Some Web Incidents - Real Cases!

	Applicants to an university accessed their admission statue before the results were officially announced by manipulating the online Web application.
	Web site of an enterprise was hacked and all the credit card numbers from its online store’s database were extracted and displayed on a newsgroup.
	Lots of membership information of an organization was accessed without authority. The perpetrator simply changed the membership number parameter in the URL of a member’s profile page.

If such Web site incident happened in your company, the only action your customers would take is to limit online transaction and their release of personal information on your Web site. This would definitely be a barrier the development of your online business and communication, which have the advantages of low cost and higher productivity.

What Should You Do?

	To avoid web incidents, you first focus on Web application level security, and take regular web application health check because:
		Web application are usually custom-made and are not commercial application. Vulnerabilities in those applications may not be detected by "know vulnerabilities" checks by commodity security equippments or systems.
		Web application are always connected to important database, like customer credit card number, transaction record, etc, which attracts most hacker interests and attentions.
		Web application are publicly available on the Internet, 24/7, not only for your customers, but also for hackers or unauthorized users.
		According to a survey by the Gartner Group, almost three-fourths of all Internet assaults are targeted at Web applications.
		Such health check solidifies your policies and procedures for online compliance and makes the online compliance process more efficient, sustainable. Well format report can be generated automatically.

	Besides, take regular health check on network level security, to ensure there should have no configuration problems and identifies known vulnerabilities on the network level. This is essential because:
		Most security breaches are targeting at known vulnerabilities for which there are existing countermeasures. Regular health check against known vulnerabilities drastically lower your risk.
		Enterprises handling important data is required to take regular network security check in order to comply with a wide array of government and industry regulations, like SOX, PCI. Companies that do not fully comply with security regulations face serious consequences including heavy fines and legal action.
		Ensuring the compatibility of configuration among your security equipments maximizes their productivity on protecting the network, which help you gain maximum ROI form your existing security infrastructure.

Web Security Health Check

HiTRUST Web Security Health Check service help you to defend your Web site from hackers via regular health check and maintenance of it. Your may believe your company network and Web application are safe enough, but new vulnerabilities are discovered by hackers everyday. It is important to health-check your setup with the most update vulnerabilities regularly. Again, 75% of attacks are done via the web site and application.

Delivered as a service over the Web, the Health Check service eliminates the burden of deploying, maintaining, and updating software and hardware or implementing ad-hoc security applications. The service also consists of documentating the security hole found during the health check and recommended remedies.

Two separated checkings would be performed for pre-remediation and post-remediation.

Reference Information :

>> What is a Web Application?
>> Hackers' Favourite Web Attack Modes
>> Top 10 Web Vulnerabilities in Hong Kong