Advertisment

Five things every new-age biz should know about security

author-image
Soma Tah
New Update
online-payment

NEW DELHI, INDIA: Ensuring security for online transactions has become pertinent for any business today, as the number of online shoppers growing by leaps and bounds.

Advertisment

Ashish Tandon, Chairman and CEO at Indusface says, "It is quite evident that the new generation of customers has got into online buying in a big way. With customers having such huge credit and debit card purchasing power, the number of online transactions is only going to increase

According to Statista, people pay around $235.4 billion just for mobile transactions, and e-commerce sales are expected to touch $440 billion in US alone by 2017. Are global businesses prepared to process such transactions securely?

Indusface suggests five steps to lay a secure foundation for any new age business:

Advertisment

Intelligent App Scanning to Detect Hidden Flaws & Vulnerabilities

Current online threats that horrify e-retailers include defacement of websites leading to blacklisting, loop holes in web application security providing attackers access to sensitive and confidential data, malware/spamware aiding attackers in capturing data for misuse and to gain access to visitor information and online behavior, malware installing itself into a computer to stealing data without knowledge and so on.

Automated application scanning combined with manual penetration testing to look for logic flaws in coding and app vulnerability helps provide a detailed report with evidence of exploits with steps of attacks.

Real-time Mobile Application Penetration Testing

Mobile applications are often more unsecure. OWASP maintains that mobile apps are as vulnerable as web apps. Often mobile malware, unsafe app capabilities, hidden processes, and complex code vulnerabilities cause applications to crash or share data with third parties. With constant updates, the problem only gets worse. Such issues can only be dealt with real-time mobile application penetration testing for malware detection, log analysis, Layer 7 assessment and more.

Advertisment

Browser-Server Communication and Beyond SSL

Often recognized by a padlock in the URL bar, Secure Sockets Layer ensures that the communication between web browsers and server is encrypted.

It's good to prevent eavesdropping over internet. However, it's not a panacea to every kind of threat. Most online retailers advertise that their websites are secure as they use 128 or 256 bit encryption and they might even display a seal from an external certificate authority confirming that their site is secure, but they fail to understand that SSL is not enough to protect against application layer attacks.

Shielding Web Applications 24 X 7

Around 75% cyber attacks occur at the web application layer. As Web applications keep updating frequently, they serve as easy entry points for hackers. It may take several days to detect and fix such vulnerabilities. In addition, there are stringent compliance requirements, e.g. by PCI DSS and IT Act 2000, requiring enterprises to ensure maximum security for their web apps.

Advertisment

In such a situation, Web Application Firewall is the only way to virtually patch vulnerabilities like XSS and others. It acts as a shield that prevents exploitations without obstructing normal traffic or online business operations. Additionally, WAF also provides smarter business solutions with zero WAF false positives and continuous monitoring with adaptation for any changes to the application.

Offload Your Worries with Security Outsourcing

As online businesses get bigger and more players join the bandwagon, intense competition will lead to aggressive marketing and sales effort, backed by rapid development of sophisticated web applications. However, in the middle of key business activities, security should not struggle.

If web application security technology is not exactly your stronger suit, there is always an option to offload these worries to a trusted security partner. It's all about understanding the complexities and strategizing a strong 360-degree application security plan around the 'Detect, Protect & Monitor' concept.

e-commerce security