Four-Hundred Plus Reasons for a Website Security Scan

Thursday, December 16, 2010

Jason Remillard


We all struggle sometimes to document the myriad effects and risks of web hacking, spamming and SEO results theft.  

As with anything sometimes it takes someone else's eyes to review the situation and perhaps put better phraseology to it.

Case in point, Tony Simpson's recent, and unsolicited I might add, posting about '400 Reasons for a Website Security Check'. His posting is actually something that everyone should read.  

He documents many customer examples of the risks associated with being online today, and covers the bases from a business owner perspective.  

He goes further to show what a scanner does from a vulnerability perspective (there are actually 32,000 permutations from the 400 he lists :), and augments everything with prose and good examples.

As I've been saying for quite some time now, this is everyone's responsibility and in most cases, your team is not prepared to handle this situation.  As we all know, getting a customer is hard enough in the first place.  

Keeping them in this scenario is actually simply manageable, if you have the correct approach. 


All in all, a challenging situation and one that will only grow as time progresses.  From our data, there are over 438,000 sites currently listed in the Badware index, with a net add of almost 10,000!  

From that perspective, its a growth of over 10,000 new sites a day that Google crawls and finds and adds to its badware list. This drops the SERPs, and splashes up a big red scary popup on every consumer-oriented browser.  

It may take anywhere from 1-15 days to be removed from the index - thus, a significant business impact.  So, root through your helpdesk.  Find out how bad it is.  Get some scans done.  

Customer reductions in churn and an increase in satisfaction is something we all should be working towards. 

Possibly Related Articles:
SPAM malware Vulnerabilities websites Scanning
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.