web security

Securing and being in control of your website is increasingly important. Times have changed dramatically since I first started back in 1994 - when the worries was focused around backups and keeping the connections from being dropped.

Today, websites are no longer static. They have evolved into application front ends to back-offices, ERP, CRM, shopping-solutions and logistics. They are tightly bonded with your core business ICT systems.

Still, all too many people seems to think that since websites use HTML to render their pages, there is no need to spend big money on security. True, you add HTTPS for payment, and you might have an audit once in a while. But hacking your own site? Nah, not many do that.

I argue that you should. It is much better - also from a cost-efficiency point of view - to discover your weaknesses yourself. Before hackers corrupts your website. Because now you can patch and plan your actions up front - instead of having to put out fires.

You see - someone will hack you. Is it not better that you be the one to find the holes?

This new version of Burp, from PortSwigger, is there to help you. Take a look at it, and take control!

Not sure how to do the hacking yourself? Then read the book: The Web Application Hackers's handbook 

Authored by the same guys!  

Not convinced? Well, then, why don't you just sit tight and wait for some script kiddie or a real hacker come pay your web application a visit?  

And now the Canadian Passport application web-site was discovered to have a fault - by a simple change of the ID in the URL, all applications and privacy data of other users where available. 

Duh.

Discovered at the I.T. Security Guy.