The security standards of today’s E-commerce websites are surprisingly low considering the amount of business they conduct. With more and more consumers doing their shopping online, hackings have reached epidemic proportions. InfoSec officials face a tough task, but cybercrime can be countered.
Besides educating consumers to practice safe browsing habits and avoid unknown WiFi networks, there are a few steps that must be taken by all CISO’s and InfoSec executives. The biggest problem today is the lack of secure software and plugins in websites.
Today’s leading Content Management Systems (CTM) are surprisingly exploitable. Numerous vulnerable plugins were found in Checkmarx’s The Security State of WordPress Top 50 Plugins research. But as mentioned above, these problems can be rectified.
The best way to create safe software and plugins is to implement a secure Software Development Life Cycle (sSDLC). This ensures that the product is released with minimal possible loopholes and vulnerabilities that can be exploited by cybercriminals. Products developed in a secure SDLC also require minimal post-production security investments.
Correcting an application at an advanced stage of progress takes up more time, effort and resources. This is where Source Code Analysis (SCA) can play a vital role. Scanning the code in the initial phases of development helps reduce production costs due to early fixing of loopholes. This also ensures increased efficiency and faster production rates.
Besides building the E-commerce websites on secure platforms, owners and CISO’s must also try to enforce the following security measures to raise safety standards:
1 – Banning of Weak Passwords
This is probably the most overlooked aspect of E-commerce website safety. Numerous reports regarding the weakness of passwords on the internet have been published in recent years. Websites should simply require and guide their customers to compile login passwords of complex nature.
2 – Usage of Secure Socket Layer (SSL)
This security measure makes sure that all information exchanged via the website is done with proper encryption. All sensitive data the user sends is inaccessible to hackers and other third-party people. Buying and implementing an SSL certificate is easy and fast, making it a must in all E-commerce websites.
3 – Payment Card Industry (PCI) Compliancy
Also known as Network Security Scans; these must be performed atleast on a quarterly basis. This is basically PCI Compliance methodology that makes E-commerce website officials aware of the latest risks and dangers. PCI Scans should be carried out by Approved Scanning Vendors (ASV) only.
Other recommended anti-hacking tactics include the using of tracking numbers for all orders, monitoring the website with real-time analytic tools and updating plugins and software. While the responsibility for safe internet usage eventually falls upon the user at home, proper infrastructure and safe programming habits can help win the fight against cybercrime.
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.