Website Security Test & Penetration Test
Every business today faces the challenge of securing its internal and external web based applications. Take the first steps to ensure that your website is secure with our website security and penetration test.
This comprehensive service helps protect websites and web applications against vulnerable attacks from hackers and cyber criminals. Their goal is to steal valuable and often confidential information and prevent organisations from conducting business.
By analysing the website, the scan software identifies possible security holes and vulnerabilities, then creates a detailed report which developers can use to repair any problems. Hyve security specialists are also available for consultancy if required.
Features & benefits
- Alerts weaknesses before hackers find them.
- The system scans, reviews and reports on any website or web application
- Works with websites hosted with Hyve or externally to Hyve
- Prevents website attacks and block attempts to hack into their internal systems.
- Scans websites for over 15000 vulnerabilities and provides a report detailing exactly what the problems are.
- Protect against loss of credit card information from websites
- protects confidential information in databases and files in the website not normally exposed via web pages
- Checks security of secured pages normally protected by passwords
- fraud protection
- reduces legal cases from customers and clients regarding loss of privacy
- Easy to read comprehensive report in printable PDF format
- Available in one off, monthly or yearly reviews
- Identifies security vulnerabilities so developers can take remedial action/li>
Top 10 vulnerabilities
Hyve security review scans for over 15000 vulnerabilities, here are the top 10 vulnerabilities that most websites do not successfully protect against:
- Cross Site Scripting (XSS)
XSS flaws occur whenever an application takes user supplied data and sends it to a web browser without first validating or encoding that content. XSS allows attackers to execute script in the victim’s browser which can hijack user sessions, deface web sites, possibly introduce worms, etc.
- Injection Flaws/SQL Injection
Injection flaws, particularly SQL injection, are common in web applications. Injection occurs when user-supplied data is sent to an interpreter as part of a command or query. The attacker’s hostile data tricks the interpreter into executing unintended commands or changing data.
- Malicious File Execution
Code vulnerable to remote file inclusion (RFI) allows attackers to include hostile code and data, resulting in devastating attacks, such as total server compromise. Malicious file execution attacks affect PHP, XML and any framework which accepts filenames or files from users.
- Insecure Direct Object Reference
A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, database record, or key, as a URL or form parameter. Attackers can manipulate those references to access other objects without authorization.
- Cross Site Request Forgery (CSRF)
A CSRF attack forces a logged-on victim’s browser to send a pre-authenticated request to a vulnerable web application, which then forces the victim’s browser to perform a hostile action to the benefit of the attacker. CSRF can be as powerful as the web application that it attacks.
- Information Leakage and Improper Error Handling
Applications can unintentionally leak information about their configuration, internal workings, or violate privacy through a variety of application problems. Attackers use this weakness to steal sensitive data, or conduct more serious attacks.
- Broken Authentication and Session Management
Account credentials and session tokens are often not properly protected. Attackers compromise passwords, keys, or authentication tokens to assume other users’ identities.
- Insecure Cryptographic Storage
Web applications rarely use cryptographic functions properly to protect data and credentials. Attackers use weakly protected data to conduct identity theft and other crimes, such as credit card fraud.
- Insecure Communications
Applications frequently fail to encrypt network traffic when it is necessary to protect sensitive communications.
- Failure to Restrict URL Access
Frequently, an application only protects sensitive functionality by preventing the display of links or URLs to unauthorised users. Attackers can use this weakness to access and perform unauthorised operations by accessing those URLs directly.
If you would like more information regarding our enterprise cloud hosting solutions, please complete our contact form or call us directly on 0800 612 2524.
“Hyve have provided timely, professional support accompanied by clear progress updates at every stage.”
“The most important element is the fact you soon get to know the team behind the support. They inspire confidence in their abilities and knowledge of the systems they support.”
“British Airways global audience means that traffic spikes can occur at any time of the day or night. Hyve's cloud platform, combined with their always available support mean that we can sleep...”
“A very friendly and highly technical team available to extend all possible help at any time. Excellent services - all issues are dealt with appropriate priority and resolved asap. I am particularly impressed by...”
“The scalability of the cloud platform allows us to cope with high spontaneous levels of demand, and we know there are always Hyve staff available to help us handle the largest influx of traffic.”
“We're extremely happy with the service Hyve provide to us. In particular, we are incredibly impressed by the professionalism, expertise, and consistently rapid response of the support team.”
“It's reassuring to know that Hyve will take care of everything server-side so we can focus on doing what we do, building the website.”
“We've been using Hyve for over a year now for a wide range of websites, all with different requirements and issues, and we've always found Hyve amazingly fast to respond, incredibly helpful, proactive...”
“My experiences with Hyve have been very good. The response time is quick so you don't spend your time on a telephone waiting. The staff are always very efficient. Thank you all for your help and patience.”
“Since moving our servers to the Hyve infrastructure I have nothing but good things to say about the levels of service received. I find the support I receive to be of excellent quality and very timely...”
“The sales and customer service support provided by Hyve is some of the best I have seen. Support tickets are responded to swiftly. Both our FTP and SFTP services have experienced 100% uptime over the last 2 years which is very impressive. Hyve provides tremendous value for money.”