Ely, England, 18 September 2012 – Today, having a fully operating and secure website is crucial to most businesses and especially to those who trade online. With the constantly growing number of cyber attacks, organisations need to grasp at ever more sophisticated mechanisms to defend themselves. Yet, there is a simple method, which every organisation should be using as the first basic step towards protecting its website and web applications from cyber attacks. It is called Penetration Testing; also known as ethical hacking.
Alan Calder, CEO of IT Governance, says, ‘With the ever-increasing risk of external attacks to websites, the continual enhancements and upgrades to a system over time, and the continual discovery of new vulnerabilities and security holes; organisations need to conduct external penetration tests annually, at least.’
Effective Penetration Testing involves the simulation of a malicious attack against the security measures being tested, often using a combination of methods and tools, and conducted by a certificated, ethical professional tester. The resulting findings provide a basis upon which security measures can be improved.
The cybersecurity experts from IT Governance have identified some of the most common threats to organisation’s websites:
- More and more applications are directing traffic by default through ‘http’ to bypass firewall rules.
- Malware can be downloaded automatically.
- Websites can be infected by ‘code injection’, ‘cross-site scripting’ and other similar Black Hat techniques.
- Your website traffic can be hijacked.
- Blacklisting by major search engines can lose organisations business.
Alan Calder continues, ‘Inexperienced penetration testers rely too heavily on automated tools, rather than thinking strategically. Tools are helpful, but they have limitations when it comes to identifying potential exploits and accurately assessing risks. Organisations should be hiring skilled and independent pen testers who are able not only to produce a full report for their clients, but advise them on what effective controls they should be putting in place to protect their systems.’
IT Governance Ltd, the global leader in ISO27001 and information security products and services, offers fixed-price penetration testing packages which are designed to simplify security testing. More information on the Penetration Testing Standard Package can be found here www.itgovernance.co.uk/products/3184 and on the Web Application Testing Package here www.itgovernance.co.uk/products/3185.
Both the Penetration Testing Standard Package and the Web Application Testing Package include a comprehensive report indentifying vulnerabilities and recommended remedial activity. They are suitable for small companies with up to 20 externally facing IP addresses and up to four internal services running in a single organisation. One of the biggest benefits to organisations is that they can agree the scope of testing delivered for known and fixed benefits. The packages are currently available at the special price of just £1,950 each.
To book a pen testing contact the friendly, helpful IT Governance service centre team on telephone number +44 (0)845 070 1750 or by email to firstname.lastname@example.org.