Security in your eCommerce begins and ends with the strengh of your website security. One successfull attack can lead to information thefts, malware infections, defacements, and can entirely destroy your company turnover. Check out these tools to prevent attacks from reaching your eCommerce site.
SSL / TLS / HTTPS
Is TLS fast yet – A great site on the myths of SSL/TLS performance and cost.
Firesheep – You don’t think it is important to encrypt your data with SSL/HTTPS? Have a look on this demonstration on how unprotected traffic can be intercepted and sessions hijacked.
Enhance your consumer confidence with HTTPS – As there is a clear connection between consumers’ perceptions of security practices and commercial success.
Free SSL/HTTPS certificates – you are an eCommerce SMB and you can’t afford to buy a certificate? That could be the right solution for you.
SQL injection, XSS, DDoS
sqlmap – An open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
XSS Payloads – All you ever wanted to know on XSS payloads.
Norse – A real time map of DDoS attacks to watch, really impressive!
The impacts of an eCommerce hacked website – While large companies are focused on competitors, SMEs have to deal with an evolving digital world. Discover in this article how cyber-attacks can be dramatic for an eCommerce site, especially SMEs.
OWASP Zed Attack Proxy (ZAP) – An easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
OZON – Cybersecurity solution that detects vulnerabilities and malwares, protects against cyber-attacks and identifies fraudulent transactions. Their mantra? We Secure eCommerce!
Exploit databases and breach coverage
Exploit Database – Very comprehensive list of vulnerabilities.
PunkSPIDER – Lots of vulnerabilities of all kinds all over the web (about 90M sites scanned with over 3M vulns at present)
Data Loss DB – Good list of breaches including stats on number of records compromised
Retail Data Breaches – A great indication on last hacked eCommerce sites.
The OWASP Top 10 Risks – The OWASP Top Ten is a powerful awareness document for web application security.
SANS 20 Critical Security Controls – Critical security controls for effective cybersecurity
OWASP Password Storage Cheat Sheet – There are plenty of bad ways of doing it, this is a great resource documenting the good ways
Diceware – A popular method of creating strong pass phrases suitable for use as a password
How Secure is your Password? – An Analysis of E-Commerce Passwords And Their Crack Times
1Password – Still my favourite password manager; client based, runs on all devices and the keychain is syncable via multiple mechanisms
Dashlane – One of the most powerful tool to manager your passwords. The premium version is currently one year free to try.
KeePass – An open source password manager. Passwords can be stored in highly-encrypted databases, which can be unlocked with one master password
Security statistics reports
Findings from the Breach Level Index by Gemalto – The study reveals that data breaches continue to increase with 888 occurring in the first six months of 2015, which has comprised of 246 million records worldwide.
Verizon Data Breach Investigations Report – The annual DBIR is based on real world security incidents and is a great resource for evidence-based security metrics
WhiteHat Security Statistics Report – Based on findings in the websites they monitor with their security products so another good evidence-based report
Trustwave Global Security Report – Another annual report driven from real world investigations (plus they use the terms “threat intelligence”, “seedy criminal underground” and “data defender” so you know it’ll be good!)
7 tips to protect your eCommerce from Hackers – Tips on how you can keep your site safe from hackers, malwares and frauds.