Services | Web Application Security |
 |
 |
 |
|
If your web site stores personal financial information, credit card information, personal medical information, or other confidential data, you may have specific regulatory requirements to protect that data. The PCI DSS (Payment Card Industry Data Security Standard) requires you to safely process and handle credit card information, HIPAA (Health Insurance Portability and Accountability Act) covers the safe handling of medical records, and GLBA (Gramm-Leach-Bliley) requires the protection of Non-Public Personal Information. If your company is publicly traded (or if you hope to be some day), then Sarbanes-Oxley section 404 requires that you attest to the accuracy of financial data. Helping you to achieve compliance with government regulations and industry standards is my top priority. I can help you to ensure that you have strong security controls in your IT applications and associated processes, and in doing so, help to protect your company from potential fines, loss of customer confidence, and loss of business.
|
What would be the impact to your business if your site were to be hacked? Your company’s public image, the confidence of your customers, and potentially your very business may be at risk if the security of your web site were breached. A firewall alone does not protect against web application attacks, because most web site attacks are launched via the normal permitted network ports -- 80 and 443. These attacks exploit vulnerabilities in the application itself, and can potentially result in exposure of confidential information, defacement or loss of availability of your web site. In some cases, it may even be possible for a hacker to take full control of your servers. Your best defense is to ensure that your applications are implemented securely; this does not need to be difficult, but it does require specialized skills and knowledge. I can help you to assure that your applications are not vulnerable to common web site attacks, such as SQL Injection, Cross-Site Scripting (XSS), Brute Force Attacks, or others. Based on the criteria you set, your web site security assessment may include: