What is Website Security?
Having an effective and reliable website security helps to build trust and confidence between you and your customers. It is important to protect your site from outside attacks and to keep customer information confidential and secured.
Security is a measure of how safe your website and its data are from hackers.
How does web site security impact on your website ranking?
A secure website is of paramount importance to your business. Websites are under continual attack by hackers, looking to steal funds or personal information of your clients or, in some cases, take control of the website and change it for their purposes. Even a single security breach can be disastrous to your company, both financially and in terms of the trust you have built with your clients in safeguarding their personal information.
Ultimately, higher customer confidence means higher sales through repeat orders and customer loyalty.
How is the Web Performance score calculated ?
Security score is calculated on following factors apart from XSS vulnerability. These factors are graded as Critical, Medium, Low, for Info, No Disclosure.
Step 1:
Site Security Score is:
XSS Vulnerability + Internal IP Address Disclosure + Directory listings + Stack + Internal paths + Programming errors messages + Database error messages + Source code + Local file inclusions + Remote file inclusions + Remote code injection + Insecure password transmission + Insecure login form transmission + Frame injections + Open redirections
Points for each metric: 0 for Critical, 1 for important, 2 for Medium, 3 for Low, 5 for Info, 6.6666666666666666666666666666667 for No Disclosure
Step 2:
If XSS Vulnerability is either Critical or important or Medium:
Site Security Score = Site Security Score * XSS Vulnerability factor (0.125 for critical, 0.25 for important and 0.5 for medium)
If XSS Vulnerability is either Low or info or No Disclosure:
Site Security Score = Site Security Score * XSS Vulnerability factor (0.65 for low, 0.8 for info and 1 for no disclosure)
Step 3:
If any of the items except for XSS Vulnerability has severity Critical or Important then:
Site Security Score = Site Security Score * Metric in question factor (0.25 for critical, 0.5 for important)
If any of the items except for XSS Vulnerability has severity Medium or Low then:
Site Security Score = Site Security Score * Metric in question factor (0.5 for medium, 0.7 for low)
Other factors affecting security apart from XSS vulnerability
- Internal IP Address Disclosure
- Directory listings
- Stack Trace Disclosure
- Internal paths disclosure
- Programming errors message
- Database error message
- Source code
- Local file inclusions allowance
- Remote file inclusions allowance
- Remote code injection allowance
- Insecure password transmission allowance
- Insecure login form transmission allowance
- Frame injections allowance
- Open redirections allowance
The formula for Security Score is shown below:
Test
|
Grade
|
Security score
|
XSS vulnerability
|
Critical or
Important or
Medium
|
Poor
|
And
| ||
Other factors
|
Critical or
Important
| |
XSS vulnerability
|
Low
|
Needs improvement
|
And
| ||
Other factors
|
Medium or Low
| |
XSS vulnerability
|
Not vulnerable
|
Good
|
And
| ||
Other factors
|
For info or
No disclosure
|
Following additional details regarding security are also provided with the security score:
- Cookies are not marked as “Secure.”
- Cookies are not marked as “HTTP Only.”
- Version Disclosure
- Access Denied Resources
- SQL Injection
- OS Level Command Injection
- CRLF / HTTP Header Injection / Response Splitting
- Find Backup Files
- Crossdomain.xml Analysis
- Finds and Analyses Potential Issues in Robots.txt
- Finds and Analyses Google Sitemap Files
- Detect TRACE / TRACK Method Support
- Detect ASP.NET Debugging
- Detect ASP.NET Trace
- Server-Info pages
- Find Hidden Resources
- Auto Complete Enabled
- ASP.NET ViewState Analysis
- ViewState is not Signed.
- ViewState is not Encrypted.
- Custom 404 Detection
- Manual Proxy Mode
How can you improve your site security score?
Typically, there are key pages in your site where it is important to reinforce security, namely:
- Log-in page
- Using the shopping cart
- Creating an account
You can maximize your site security by limiting administrative access to your site. Device a difficult password which cannot be easily decoded. Change your site password regularly.
If your website platform doesn’t offer these services, check our Power Site. Fast Track’s fully customizable website solution that includes all of the latest features including a CMS, eCommerce, SEO and more.
Other articles you will find interesting:
Walang komento:
Mag-post ng isang Komento