RE: Website security checking service

[Ken Schaefer]

Have your organisation, if it's writing custom code, use an established, proven 
data access framework. If you're writing your own, then enforce some 
architectural standards that your developers have to follow.

I haven't seen many SQL injection bugs in, say, the native SqlClient and OleDb 
providers that Microsoft provides - so simply use parametised queries (even if 
you build them dynamically in ASP.NET).

Cheers
Ken

> -Original Message-
> From: Marc Maiffret [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, 30 September 2008 11:44 AM
> To: NT System Admin Issues
> Subject: RE: Website security checking service
>
> It is nice to see some conversation around the topic of web security and
> specifically SQL injection. I mentioned months ago now this is the most
> critical security problem that most IT organizations currently face. Most of
> you have already been hit with SQL injection and it is luck of the draw
> whether your system is already compromised or not. Most organizations are
> still relying simply on perimeter firewalls and host based anti-virus and
> neither of these will protect you. I have done over 10 investigations of web
> compromises, because of SQL injection, in which most companies had been
> compromised for more than 6 months before *accidently* discovering the
> compromise.
>
> There are a few options:
>
> * Send developers to secure coding courses and hope they retain the
> information and will not make mistakes in the future.
>
> * Buy a *web* specific vulnerability assessment scanner such as:
> Retina Web Security Scanner
> http://www.eeye.com/html/products/RetinaWebScanner/index.html
> Acunetix
> http://www.acunetix.com/vulnerability-scanner/
> HP WebInspect
> https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=
> 1-11-201-200%5E9570_4000_100__
> Cenzic
> https://www.cenzic.com/
> IBM Rational AppScan
> http://www-01.ibm.com/software/awdtools/appscan/
>
> * Hire a consulting company to perform regular scans and assessments using
> MORE than traditional VA tools
> The DigiTrust Group
> http://www.digitrustgroup.com/assessment.html#webapp
> WhiteHat Security
> http://www.whitehatsec.com/home/index.html
>
> * Buy a WAF Web Application Firewall and find time to manage it yourself
> Breach WebDefend
> http://www.breach.com/
> Imperva
> http://www.imperva.com/
>
> * WAF Web App Security Managed Security Services, have someone else manage
> the hassle of keeping your site secure from attacks including SQL injection.
> Notifications of not just blocked attacks and fine tuned configuration but
> also any defects stemming from specific code failures so that your
> developers can remediate and learn from the process.
> http://www.digitrustgroup.com/managed.html#web
>
> A few things that will NOT protect you from SQL injection:
> * Using only traditional vulnerability assessment software
> * Performing server configuration hardening
> * Telling your admins to simply read SANS or OWASP
> * Any of those lame "site protected/site scanned by X" type certifications,
> most are only looking for known web vulns (which traditional vulnerability
> assessment software will fine) however they do not find custom coded web sql
> injection bugs.
>
>
> -
> Marc Maiffret
> Director of Professional Services
> The DigiTrust Group, LLC.
> 5757 W. Century Blvd, Ste. 700
> Los Angeles, CA 90045
> p: 310.348.2901
> f: 310.469.0103
> w: http://www.thedigitrustgroup.com
>
>
> > -Original Message-
> > From: Oliver Marshall [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, September 25, 2008 5:19 AM
> > To: NT System Admin Issues
> > Subject: Website security checking service
> >
> > Hi chaps,
> >
> > Can anyone recommend a website checking service that will check
> > websites on a regular basis for security issues and report back ? One
> > of our clients suffered an SQL injection attack this week, and on their
> > new rebuilt server they are keen to get some element of reporting as to
> > when any possible issues may be presented to visitors, or to be made
> > aware as to when flaws are found in the sites. The sites change
> > regularly and multiple teams work on any one site so a site that was
> > once tight-as-a-nut may, the next week, be made in-secure by the action
> > of another team.
> >
> > Olly
> > --
> > G2 Support
> > Email:  [EMAIL PROTECTED]
> > Web:http://www.g2support.com <http://www.g2support.com>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Website security checking service

[Marc Maiffret]

It is nice to see some conversation around the topic of web security and
specifically SQL injection. I mentioned months ago now this is the most
critical security problem that most IT organizations currently face. Most of
you have already been hit with SQL injection and it is luck of the draw
whether your system is already compromised or not. Most organizations are
still relying simply on perimeter firewalls and host based anti-virus and
neither of these will protect you. I have done over 10 investigations of web
compromises, because of SQL injection, in which most companies had been
compromised for more than 6 months before *accidently* discovering the
compromise.

There are a few options:

* Send developers to secure coding courses and hope they retain the
information and will not make mistakes in the future.

* Buy a *web* specific vulnerability assessment scanner such as:
Retina Web Security Scanner
http://www.eeye.com/html/products/RetinaWebScanner/index.html
Acunetix
http://www.acunetix.com/vulnerability-scanner/
HP WebInspect
https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=
1-11-201-200%5E9570_4000_100__
Cenzic
https://www.cenzic.com/
IBM Rational AppScan
http://www-01.ibm.com/software/awdtools/appscan/

* Hire a consulting company to perform regular scans and assessments using
MORE than traditional VA tools
The DigiTrust Group
http://www.digitrustgroup.com/assessment.html#webapp
WhiteHat Security
http://www.whitehatsec.com/home/index.html

* Buy a WAF Web Application Firewall and find time to manage it yourself
Breach WebDefend
http://www.breach.com/
Imperva
http://www.imperva.com/

* WAF Web App Security Managed Security Services, have someone else manage
the hassle of keeping your site secure from attacks including SQL injection.
Notifications of not just blocked attacks and fine tuned configuration but
also any defects stemming from specific code failures so that your
developers can remediate and learn from the process.
http://www.digitrustgroup.com/managed.html#web

A few things that will NOT protect you from SQL injection:
* Using only traditional vulnerability assessment software
* Performing server configuration hardening
* Telling your admins to simply read SANS or OWASP
* Any of those lame "site protected/site scanned by X" type certifications,
most are only looking for known web vulns (which traditional vulnerability
assessment software will fine) however they do not find custom coded web sql
injection bugs.


-
Marc Maiffret
Director of Professional Services
The DigiTrust Group, LLC.
5757 W. Century Blvd, Ste. 700
Los Angeles, CA 90045
p: 310.348.2901
f: 310.469.0103
w: http://www.thedigitrustgroup.com


> -Original Message-
> From: Oliver Marshall [mailto:[EMAIL PROTECTED]
> Sent: Thursday, September 25, 2008 5:19 AM
> To: NT System Admin Issues
> Subject: Website security checking service
> 
> Hi chaps,
> 
> Can anyone recommend a website checking service that will check
> websites on a regular basis for security issues and report back ? One
> of our clients suffered an SQL injection attack this week, and on their
> new rebuilt server they are keen to get some element of reporting as to
> when any possible issues may be presented to visitors, or to be made
> aware as to when flaws are found in the sites. The sites change
> regularly and multiple teams work on any one site so a site that was
> once tight-as-a-nut may, the next week, be made in-secure by the action
> of another team.
>  
> Olly
> --
> G2 Support
> Email:  [EMAIL PROTECTED]
> Web:http://www.g2support.com 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Website security checking service

[Ziots, Edward]

http://www.apachesecurity.net/

For information on the correct lockdown of apache, definitely recommend
have this book in your arsenal. If you do a lot of apache. 

Z
Edward E. Ziots
Network Engineer
Lifespan Organization
MCSE,MCSA,MCP,Security+,Network+,CCA
Phone: 401-639-3505

-Original Message-
From: Andy Ognenoff [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 25, 2008 10:38 AM
To: NT System Admin Issues
Subject: RE: Website security checking service

>Shame the server in question runs apache :(

I have NO experience with this but you could check out ModSecurity for
Apache:

http://www.modsecurity.org/

 - Andy O.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Website security checking service

[Andy Ognenoff]

>Shame the server in question runs apache :(

I have NO experience with this but you could check out ModSecurity for
Apache:

http://www.modsecurity.org/

 - Andy O.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Website security checking service

[Ziots, Edward]

Nothing truly wrong with apache if you set it up right and harden it, most 
don't, tho, and that is there downfall. 

Z

Edward E. Ziots
Network Engineer
Lifespan Organization
MCSE,MCSA,MCP,Security+,Network+,CCA
Phone: 401-639-3505
-Original Message-
From: Oliver Marshall [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 25, 2008 10:29 AM
To: NT System Admin Issues
Subject: RE: Website security checking service

Shame the server in question runs apache :(

-Original Message-
From: Andy Ognenoff [mailto:[EMAIL PROTECTED] 
Sent: 25 September 2008 15:26
To: NT System Admin Issues
Subject: RE: Website security checking service

In addition to vulnerability scans and coding practices, you may want to
look at a web application firewall.  If this is IIS, you could check out
ThreatSentry (http://www.privacyware.com/intrusion_prevention.html) or
ServerDefender AI (http://www.port80software.com/products/serverdefender/ ).

I personally use ThreatSentry on all my IIS servers but ServerDefender
wasn't out when I was evaluating so I don't know how good that product is.

Obviously, these products are NOT a substitute for better coding practices
but it is another layer to consider in a defense-in-depth strategy. It also
beats doing just scans since scans will tell you have a problem after the
fact but a WAF will *help* protect you proactively.

 - Andy O. 

From: Oliver Marshall [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 25, 2008 7:19 AM
To: NT System Admin Issues
Subject: Website security checking service

Hi chaps,

Can anyone recommend a website checking service that will check websites on
a regular basis for security issues and report back ? One of our clients
suffered an SQL injection attack this week, and on their new rebuilt server
they are keen to get some element of reporting as to when any possible
issues may be presented to visitors, or to be made aware as to when flaws
are found in the sites. The sites change regularly and multiple teams work
on any one site so a site that was once tight-as-a-nut may, the next week,
be made in-secure by the action of another team.

Olly

--
G2 Support
Online Backups 

Email:  [EMAIL PROTECTED]
Web:    http://www.g2support.com



 
 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Website security checking service

[Ziots, Edward]

http://www.owasp.org/index.php/Category:How_To

 

There are all the how to's happy testing. You might wanna look into
software from Appsec or HP Offerings to take a look at web application
security flaws. There are others out there also. 

Z

 

Edward E. Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP,Security+,Network+,CCA

Phone: 401-639-3505



From: Ziots, Edward [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 25, 2008 10:23 AM
To: NT System Admin Issues
Subject: RE: Website security checking service

 

Also look at OWASP site, which is more focused on web/application/SQL
layer security and mitigation than SANS is, IMHO. 

 

http://www.owasp.org/index.php/OWASP_Top_Ten_Project

 

Z

 

Edward E. Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP,Security+,Network+,CCA

Phone: 401-639-3505



From: Glen Johnson [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 25, 2008 8:48 AM
To: NT System Admin Issues
Subject: RE: Website security checking service

 

Here is a good link from SANS

http://www.sans.org/top20/

 

 

 

From: Oliver Marshall [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 25, 2008 8:19 AM
To: NT System Admin Issues
Subject: Website security checking service

 

Hi chaps,

 

Can anyone recommend a website checking service that will check websites
on a regular basis for security issues and report back ? One of our
clients suffered an SQL injection attack this week, and on their new
rebuilt server they are keen to get some element of reporting as to when
any possible issues may be presented to visitors, or to be made aware as
to when flaws are found in the sites. The sites change regularly and
multiple teams work on any one site so a site that was once
tight-as-a-nut may, the next week, be made in-secure by the action of
another team.

 

Olly

 

--

G2 Support

Online Backups 

 

Email:  [EMAIL PROTECTED]

Web:http://www.g2support.com

 

 

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Website security checking service

[Oliver Marshall]

Shame the server in question runs apache :(

-Original Message-
From: Andy Ognenoff [mailto:[EMAIL PROTECTED] 
Sent: 25 September 2008 15:26
To: NT System Admin Issues
Subject: RE: Website security checking service

In addition to vulnerability scans and coding practices, you may want to
look at a web application firewall.  If this is IIS, you could check out
ThreatSentry (http://www.privacyware.com/intrusion_prevention.html) or
ServerDefender AI (http://www.port80software.com/products/serverdefender/ ).

I personally use ThreatSentry on all my IIS servers but ServerDefender
wasn't out when I was evaluating so I don't know how good that product is.

Obviously, these products are NOT a substitute for better coding practices
but it is another layer to consider in a defense-in-depth strategy. It also
beats doing just scans since scans will tell you have a problem after the
fact but a WAF will *help* protect you proactively.

 - Andy O. 

From: Oliver Marshall [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 25, 2008 7:19 AM
To: NT System Admin Issues
Subject: Website security checking service

Hi chaps,

Can anyone recommend a website checking service that will check websites on
a regular basis for security issues and report back ? One of our clients
suffered an SQL injection attack this week, and on their new rebuilt server
they are keen to get some element of reporting as to when any possible
issues may be presented to visitors, or to be made aware as to when flaws
are found in the sites. The sites change regularly and multiple teams work
on any one site so a site that was once tight-as-a-nut may, the next week,
be made in-secure by the action of another team.

Olly

--
G2 Support
Online Backups 

Email:  [EMAIL PROTECTED]
Web:    http://www.g2support.com



 
 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Website security checking service

[Andy Ognenoff]

In addition to vulnerability scans and coding practices, you may want to
look at a web application firewall.  If this is IIS, you could check out
ThreatSentry (http://www.privacyware.com/intrusion_prevention.html) or
ServerDefender AI (http://www.port80software.com/products/serverdefender/ ).

I personally use ThreatSentry on all my IIS servers but ServerDefender
wasn't out when I was evaluating so I don’t know how good that product is.

Obviously, these products are NOT a substitute for better coding practices
but it is another layer to consider in a defense-in-depth strategy. It also
beats doing just scans since scans will tell you have a problem after the
fact but a WAF will *help* protect you proactively.

 - Andy O. 

From: Oliver Marshall [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 25, 2008 7:19 AM
To: NT System Admin Issues
Subject: Website security checking service

Hi chaps,

Can anyone recommend a website checking service that will check websites on
a regular basis for security issues and report back ? One of our clients
suffered an SQL injection attack this week, and on their new rebuilt server
they are keen to get some element of reporting as to when any possible
issues may be presented to visitors, or to be made aware as to when flaws
are found in the sites. The sites change regularly and multiple teams work
on any one site so a site that was once tight-as-a-nut may, the next week,
be made in-secure by the action of another team.

Olly

--
G2 Support
Online Backups 

Email:  [EMAIL PROTECTED]
Web:    http://www.g2support.com



 
 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Website security checking service

[Ziots, Edward]

Also look at OWASP site, which is more focused on web/application/SQL
layer security and mitigation than SANS is, IMHO. 

 

http://www.owasp.org/index.php/OWASP_Top_Ten_Project

 

Z

 

Edward E. Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP,Security+,Network+,CCA

Phone: 401-639-3505



From: Glen Johnson [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 25, 2008 8:48 AM
To: NT System Admin Issues
Subject: RE: Website security checking service

 

Here is a good link from SANS

http://www.sans.org/top20/

 

 

 

From: Oliver Marshall [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 25, 2008 8:19 AM
To: NT System Admin Issues
Subject: Website security checking service

 

Hi chaps,

 

Can anyone recommend a website checking service that will check websites
on a regular basis for security issues and report back ? One of our
clients suffered an SQL injection attack this week, and on their new
rebuilt server they are keen to get some element of reporting as to when
any possible issues may be presented to visitors, or to be made aware as
to when flaws are found in the sites. The sites change regularly and
multiple teams work on any one site so a site that was once
tight-as-a-nut may, the next week, be made in-secure by the action of
another team.

 

Olly

 

--

G2 Support

Online Backups 

 

Email:  [EMAIL PROTECTED]

Web:http://www.g2support.com

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Website security checking service

[Ziots, Edward]

Whitehat Security does this type of analysis on websites as a managed
service for a fee of course, but they will scan report, and show how to
remediate the SQL inject, CSS, and other application layer flaws, but
definitely it's a Layer & issue and thr dev's are squarely on the hook
for this type of nonsense, along with folks that run websites with
SA/DBO privileges and let the web application do anything on the backend
DB's ( Again lazy developers, that don't understand secure code from a
hole in the ground) 

 

Z

 

Edward E. Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP,Security+,Network+,CCA

Phone: 401-639-3505



From: Ken Schaefer [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 25, 2008 9:19 AM
To: NT System Admin Issues
Subject: RE: Website security checking service

 

SQL Injection is an application layer issue. Nothing with configuring
your server is going to stop that (other than possibly filtering out a
few common attacks). The devs need to write better code.

 

Cheers

Ken

 

From: Oliver Marshall [mailto:[EMAIL PROTECTED] 
Sent: Thursday, 25 September 2008 10:19 PM
To: NT System Admin Issues
Subject: Website security checking service

 

Hi chaps,

 

Can anyone recommend a website checking service that will check websites
on a regular basis for security issues and report back ? One of our
clients suffered an SQL injection attack this week, and on their new
rebuilt server they are keen to get some element of reporting as to when
any possible issues may be presented to visitors, or to be made aware as
to when flaws are found in the sites. The sites change regularly and
multiple teams work on any one site so a site that was once
tight-as-a-nut may, the next week, be made in-secure by the action of
another team.

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Website security checking service

[Erik Goldoff]

The folks at Vigilar could probably help.  And I'd bet that most of the
companies that are authorized to certify PCI compliance ( Ambiron/Trustwave
is one, Vigilar may be also) could run just the web version of their
vulnerability tests

  _  

From: Oliver Marshall [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 25, 2008 8:19 AM
To: NT System Admin Issues
Subject: Website security checking service



Hi chaps,

 

Can anyone recommend a website checking service that will check websites on
a regular basis for security issues and report back ? One of our clients
suffered an SQL injection attack this week, and on their new rebuilt server
they are keen to get some element of reporting as to when any possible
issues may be presented to visitors, or to be made aware as to when flaws
are found in the sites. The sites change regularly and multiple teams work
on any one site so a site that was once tight-as-a-nut may, the next week,
be made in-secure by the action of another team.

 

Olly

 

--

G2 Support

Online Backups 

 

Email:   
[EMAIL PROTECTED]

Web:  http://www.g2support.com

 

 


 


 

No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.169 / Virus Database: 270.7.1/1688 - Release Date: 9/25/2008
7:05 AM



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Website security checking service

[Oliver Marshall]

Oh I appreciate that. What I'm after is something that might give the
dev-pigeons an indication of when a site may be suffering from this (or
rather prone to this). 

 

From: Ken Schaefer [mailto:[EMAIL PROTECTED] 
Sent: 25 September 2008 14:19
To: NT System Admin Issues
Subject: RE: Website security checking service

 

SQL Injection is an application layer issue. Nothing with configuring
your server is going to stop that (other than possibly filtering out a
few common attacks). The devs need to write better code.

 

Cheers

Ken

 

From: Oliver Marshall [mailto:[EMAIL PROTECTED] 
Sent: Thursday, 25 September 2008 10:19 PM
To: NT System Admin Issues
Subject: Website security checking service

 

Hi chaps,

 

Can anyone recommend a website checking service that will check websites
on a regular basis for security issues and report back ? One of our
clients suffered an SQL injection attack this week, and on their new
rebuilt server they are keen to get some element of reporting as to when
any possible issues may be presented to visitors, or to be made aware as
to when flaws are found in the sites. The sites change regularly and
multiple teams work on any one site so a site that was once
tight-as-a-nut may, the next week, be made in-secure by the action of
another team.

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Website security checking service

[Ken Schaefer]

SQL Injection is an application layer issue. Nothing with configuring your 
server is going to stop that (other than possibly filtering out a few common 
attacks). The devs need to write better code.

Cheers
Ken

From: Oliver Marshall [mailto:[EMAIL PROTECTED]
Sent: Thursday, 25 September 2008 10:19 PM
To: NT System Admin Issues
Subject: Website security checking service

Hi chaps,

Can anyone recommend a website checking service that will check websites on a 
regular basis for security issues and report back ? One of our clients suffered 
an SQL injection attack this week, and on their new rebuilt server they are 
keen to get some element of reporting as to when any possible issues may be 
presented to visitors, or to be made aware as to when flaws are found in the 
sites. The sites change regularly and multiple teams work on any one site so a 
site that was once tight-as-a-nut may, the next week, be made in-secure by the 
action of another team.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Website security checking service

[Glen Johnson]

Here is a good link from SANS

http://www.sans.org/top20/

 

 

 

From: Oliver Marshall [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 25, 2008 8:19 AM
To: NT System Admin Issues
Subject: Website security checking service

 

Hi chaps,

 

Can anyone recommend a website checking service that will check websites
on a regular basis for security issues and report back ? One of our
clients suffered an SQL injection attack this week, and on their new
rebuilt server they are keen to get some element of reporting as to when
any possible issues may be presented to visitors, or to be made aware as
to when flaws are found in the sites. The sites change regularly and
multiple teams work on any one site so a site that was once
tight-as-a-nut may, the next week, be made in-secure by the action of
another team.

 

Olly

 

--

G2 Support

Online Backups 

 

Email:  [EMAIL PROTECTED]

Web:http://www.g2support.com

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~