High profile websites being hacked is nothing new nowadays – we hear about a different hack every week, if not every day. Hackers will use many different techniques to break into high profile websites and systems – including targeting weaknesses in the website’s security, social engineering and vulnerability exploits.
Some large companies spend a fortune on security teams and security audits but may still end up being hacked, due to the many attack factors present in the setup and scale of a large company.
Smaller companies and individuals may believe in security by obscurity, but still end up being hacked, if they happen to come onto the hackers radar for whatever reason.
All these factors cement the fact that every website should be built using at least basic security practices.
My website testing services can include basic security testing, where requested by the customer, to at least test whether basic security practices and processes are implemented by the website.
These tests look for security weaknesses in areas such as user registration, passwords, account maintenance and also some basic code injection, to check for SQL Injection and such like.
Note: The results of these tests provide an indication of what level of basic security practices and processes are implemented by the website, but not how secure the site is, as this would require advanced security testing.
For some sites, such as ecommerce sites, sites with lots of user data and sites relying on user-generated content, I’d normally also recommend some advanced security testing, such as Penetration Testing to be carried out on the site by a specialist service provider.