Information Security

What is Information Security?

Information security is a multi-faceted activity which includes the classification and control of assets; personnel security; physical and environmental security; computer and network management; system access control; system development and maintenance; and business continuity planning.

What is BS 7799?

There is a British Standard Code of Practice for Information Security Management (BS 7799), which comprehensively addresses the perceived requirements of any Information Security company. With the rapid advancement of communication technology across the world and increased threats to the information resources of an organization, many companies may soon be required to comply with BS 7799.

Why Information Security is needed?

Although many individual policies may exist within an organization which address perceived information security requirements within each of the areas or department, there is normally a lack of single focused approach to a define information security policy as a whole.

Website Security Testing - Common Security Weaknesses

We offer following solutions to cope up with information security needs;

Weak Login Forms Vulnerability

Most shopping carts have two login pages, one for customers, and one for merchants. Either of these secured areas may be accessed by an account with a weak login combination.
An attacker can perform a brute force attack via the login form, using a proxy or a script on a shared server to mask their identity. We'll simulate this kind of brute force attack, using some of the most common username and password combinations, and let you know if your site is vulnerable to this sort of attack (and any passwords found).

Data Leakage Vulnerability

Database-driven websites are very common, and the parameters of a database query can often be seen in the URL of web pages. When information is passed in the URL in this way, a malicious user can iterate through the sequence and extract information that's held in the website database - this is called data leakage. We'll let you know if your site is vulnerable to this sort of attack.

SQL Injection Attack

SQL injection is the name given to a vulnerability caused by poor input validation in an application. It's a serious vulnerability, which can lead to a high level of compromise - usually the ability to run any database query. We'll scan your website with automated software, which tests every web page found for SQL Injection vulnerabilities.

Denial of Service Attack

It's hard to control access to a public webserver. Although it's possible to try and control access by IP address, in practice a malicious user can connect via almost unlimited free dial-up accounts, originating from their country of choice.
Your website may have performance-intensive pages. Repeated, high-frequency requests to such pages, may cause such a strain on the webserver as to severely disrupt normal service for other users. This is a Denial of Service (DDOS) attack. Our security test will determine if your site is vulnerable to this sort of attack.

Spam Relaying and Harvesting

Contact forms sometimes contain the email address of the recipient for the email, and this can be modified in the browser, in order to relay spam or anonymous mail, or to "bomb" mailboxes by overloading their capacity.
In addition, a common technique of spammers is to use search spiders to crawl websites and extract email addresses from the pages. This should be a consideration when providing publicly-accessible forums, member pages and email directories.

Order Manipulation

Internet traders sometimes must find a balance between ease-of-use for the customer, and security restrictions at the point of purchase. Payment solutions and shopping carts offer various security features, but often they prove too inflexible and the extra security is not enabled.
If a customer does manage to alter the price of an order, or mark an unpaid order as paid, will it be detected by the website software? We will determine whether or not your shopping cart software can be manipulated into allowing purchase of items at an altered price.

Admin Control Panel Vulnerabilities

The merchant's Control Panel on a shopping cart is possibly a weakness in your e-commerce solution. It's often assumed that users will behave, and it's often possible for a user of a control panel to elevate their privileges.
We can examine your web-based control panels to determine the implication of any security weaknesses present.