Nearly one billion people have internet access and 340 million web users rely on internet search engines to locate business information daily. In 1992 only 8 dotcom websites existed. Today over 90 million dotcom websites and one trillion pages indexed by Google vie for visits from the consumer.

In order to compete in this new economy it is not enough to just be on the web. Many companies are turning to SEO strategies to gain a competitive edge. Search Engine Optimization (SEO) is the interdisciplinary process of improving the ranking of a web site in search engine results for a particular search query. A top ranking in the search engines for a high profile high traffic search query can turn a small regional company into a company with national and even international exposure almost overnight.

This increased visibility, however, exposes a company to a variety of internet spawning security threats. Threats like phishing exploits, cross-scripting exploits, denial-of-service (DOS) attacks and the ubiquitous irritant of spam can all lead to losses in productivity, increased technical expenses and even expose a company to liability and significant litigation.

As a corporate web site gains exposure to all the far reaches of the internet it becomes increasingly more likely that the site will be scanned and its code indexed by automated “web bots” coming from nefarious domestic and international networks. These “web bots” harvest email addresses and search for specific coding exploits and misconfigurations that can later be used to send spam and/or initiate hacker attacks against the vulnerable web site.

The cost of dealing with these global threats is now in the 100’s of billions of dollars annually. Cross-site scripting (XSS) attacks, for example, comprised 80% of all documented web site security vulnerabilities in 2007. XSS vulnerabilities within a web site can be used to redirect visitors to a competitor’s web site, steal visitors’ personal or credit card information, compromise company databases, install phishing pages into the corporate web site, or enable hackers to silently install malicious programs onto a visitor’s PC ultimately linking them into a distributed botnet.

Because of these threats, it is imperative that a company have web site code assessed from a security standpoint, externally or in-house, prior to deploying the code on production systems. In addition, “Best-Practices” guidelines should be followed when developing future web content and functionalities.

“Best-Practices” guidelines should include:

• Ensure encoded email addresses are protected from “web bot” harvesting by spammers
• Audit code for vulnerabilities and cross-scripting (XSS) exploits
• Validate user input on the server-side before executing any additional code
• Utilize server-side rewrite rules to safely redirect requests that are known hacker profiles or automated scans
• Monitor server access logs, error logs and mail server logs

Comments:

Add Your Comment

Name: Company name:

Email:

(We will never sell your name or e-mail address to anyone)

Comment:

Remember my personal information
Notify me of follow-up comments?

Please enter the word you see in the image below: