SQL Injection

What is it?
SQL injection, is an extremely damaging attack in which hackers will attempt to access information stored in your database, such as customer data or user ID's and passwords. SQL stands for Structured Query Language and is the programming language understood by databases. By inserting commands from this programming language into fields on your website's input forms, hackers can gain access to the database records of vulnerable sites, stealing credit card data, passwords, e-mail addresses and any additional data available in the database.

What is the impact?
The impacts of this type of attack can be devastating. A recent example is the attack carried out on Sony's networks, in which thousands of credit cards were stolen. The company has spent millions to recover. It can also badly damage your company's reputation by exposing your customers' private data to criminals.

How does SiteLock protect me?
The patent-pending 360-degree scan technology tests each input box on your website to ensure that they are not vulnerable to this type of attack. They verify the safety of each input box on your website by inserting code in the way hackers would. They do not read or collect any data, however. They use safe test procedures and code and if they discover a vulnerability in the testing, they report it to you immediately. The Expert Services team can also help you remove these issues from your site.

What can I do about it?
Make sure any applications you use are kept up-to-date and limit the use of third-party plug-in's where possible as they can be a source of many issues and may be updated less frequently or created by unscrupulous publishers. Use a website scanning service that includes SQL injection scans, such as SiteLock Premium or Enterprise. If you are writing your own code, be sure to validate your input fields for special characters and ensure you are checking for this type of hacking in your database procedures called from the website.


Cross-Site Scripting (XSS)

What is it?
Cross-Site Scripting, or XSS, is a type of attack used by hackers to control the content of your web pages. Hackers will insert a piece of code into your site, usually through an input field such as a search box, user ID, or Name/Address box. If your website is vulnerable to this type of attack, the hacker can control the content of your page, including the user's cookies or session variables.

What is the impact?
Hackers use this type of attack to trick your visitors into providing personal data. Since visitors believe they are providing this information to your site, they are likely to provide sensitive information to hackers, since they trust your business. Hackers use information collected, such as user names, passwords, credit card information, etc. to carry out identity theft and other criminal activities.

How does SiteLock protect me?
The patent-pending 360-degree scan technology tests each input box on your website to ensure that they are not vulnerable to this type of attack. They verify the security of each input box on your website by inserting code in the way hackers would. Instead of taking over your page, though, they simply use harmless test procedures.

What can I do about it?
Make sure any applications you use are kept up-to-date and limit the use of third-party plug-in's where possible as they can be a source of many issues and may be updated less frequently or created by unscrupulous publishers. Use a website scanning service that features XSS scripting scans, such as SiteLock Premium or Enterprise. If you are writing your own code, be sure to validate your input fields for special characters and ensure that the settings for your code are frequently updated and hardened for security. You can also take advantage of SiteLock's Expert Services team to correct any issues we identify in our scans.


Application scanning

What is it?
Application scanning will verify the applications you've installed on your website against known vulnerabilities. As application versions age (like Windows 7 or Wordpress 4.0), hackers will find ways to attack these programs. The publishers then update them with newer versions, which you need to upgrade to in order to stay safe. They verify your version against catalogs of vulnerabilities to ensure you are running safe software on your site.

What is the impact?
The impacts of this type of attack are wide-ranging, as it depends a great deal on the type of application. For most web applications, the vulnerabilities are likely to be Cross-Site Scripting or SQL injection.

How does SiteLock protect me?
The scanners identify applications you have installed and which version you have. They compare that to industry and proprietary lists to determine the security of your installation. If they discover a vulnerability in the testing, they report it to you immediately and can help you upgrade your and secure your site.

What can I do about it?
Make sure any applications you use are kept up-to-date and limit the use of third-party plug-in's where possible as they can be a source of many issues and may be updated less frequently or created by unscrupulous publishers. Use a website scanning service that includes Application vulnerability scans, such as SiteLock Premium or Enterprise.


Virus scanning (drive-by downloads)

What is it?
If your site has been compromised by hackers, they may be using your website to distribute virus-infected software to your visitors without your knowledge. Your visitors may be getting software installed on their computers when they visit your site without knowing that is happening.

What is the impact?
Your visitors will have their computers infected with viruses after visiting your site. Of course, this causes frustration, anger, and distrust with your visitors.

How does SiteLock protect me?
The scanner reviews all files and applications on your website against industry and proprietary databases of virus software. If they identify a virus on your site, they notify you immediately and can help you remove it.

What can I do about it?
Use a website scanning service that includes virus scanning, such as SiteLock Enterprise.


Reputation monitoring

What is it?
SiteLock's patent-pending 360-degree scan helps you make sure your website and communications are reaching your visitors as intended in three key ways:
  • Malware blacklist monitoring: We monitor search engine and proprietary lists of sites reported as malware to make sure visitors arrive at your site, not a "Red Screen" warning from their browser or search engine.
  • E-mail spam blacklist monitoring: We compare your e-mail address, domain name, and e-mail server to industry and proprietary lists used by popular e-mail programs to identify which messages to mark as "Spam". This ensures that your e-mails reach your customers' inbox - not their spam folder.
  • SSL Scanning: If you have an SSL certificate installed on your site for data encryption, we will scan that certificate to verify that it is not expired or otherwise out-of-compliance with web browser expectations. This prevents users from seeing warnings about data security when they visit your site.
What is the impact?
Failure to keep up with and monitor any of these items can result in lost customers, abandoned visits to your website, and wasted marketing and website design efforts.

How does SiteLock protect me?
Our scanner verifies your website, e-mail, and SSL to ensure uninterrupted communication with your customers. If you ever do get included on one of these blacklists or non-compliance lists, our Expert Services team can help get you back up and running normally in a hurry.

What can I do about it?
Use a website scanning service that includes reputation management, such as SiteLock Basic, Premium or Enterprise.


Network security vulnerabilities

What is it?
Network servers have devices on them known as ports. Each port is set up to understand a certain type of language. There are ports, for instance, for database applications, website content, e-mail, instant messaging/chat, etc. They are similar to channels on television or a CB radio. Each port is either open or closed to the outside world, meaning it will "listen" to requests for that type of service. If a port is open, it is an opportunity for a hacker to attempt to access data or files on that server. Some ports need to be open, such as the port for web content on your Internet server. Others should not be. Opening unnecessary ports can expose sensitive data and systems to hackers.

What is the impact?
If hackers are able to access your network, the damage they can do is extensive. Depending on what parts of the server/network they reach, they could steal data, deface your website, or worse.

How does SiteLock protect me?
It check each port (thousands) on your servers to make sure that only the appropriate ones are open for the type of server you are using (e-mail ports for e-mail servers, web ports for web servers, etc.). We'll notify you if anything looks out of the ordinary so you can correct the issue.

What can I do about it?
Close all unnecessary ports. Make sure your ports that are open are protected using strong security. Use a website scanning service that includes network scanning, such as SiteLock Premium or Enterprise. Our Expert Services team can also help you lock down your network to prevent attacks.
Was this answer helpful? 0 Users Found This Useful (0 Votes)