Many websites have recently become victims of hackers. The hackers would generally destroy data and leave the websites in an inoperable state which would leave website owners with the task of reconstructing their sites from scratch if they failed to have a backup. This could also pose a major risk for companies who had their customer’s payment information hosted on their websites. In the early days of hacking websites, defacing the websites by leaving tags or "calling cards" stating the unknown group's signature was not uncommon.
Failing to give due attention to your web security will put you in a major financial burden that may result in:
- The expenditure involved in repairing the damage done and building contingency plans for protecting compromised web applications and websites
- Loss of customer trust, confidence, and reputation with the consequent harm to brand equity and possible effects on profitability and revenue
- Legal battles and other associated implications from Web application attacks and poor security measures including fines and damages to be paid to victims.
- Negative impact on revenues and profits arising from any falsified transactions and employee downtime
- Website downtime which is in effect the closure of one of the most vital sales channels for an e-business
Web Security Weaknesses
Hackers make attempts to attain access to your database server via two main routes: web and database servers and web applications. Some of the common web security weaknesses include:
- Cross-Site Request Forgery (CSRF): CSRF is a malicious attack in which users are tricked into executing an action they did not intend to do. A third-party website sends a request to a web application that a user is already authenticated against (for e.g. their bank). The attacker will then be able to access functionality through the victim's already authenticated browser.
- Security misconfiguration: Security misconfiguration gives hackers access to sensitive data or features and can lead to a complete system compromise.
- SQL injection: This injection allows the attacker to create, read, update, modify, or delete data stored in the back-end database.
- Insecure direct object references: Insecure direct object reference is when a reference is exposed to an internal implementation object by a web application. Internal implementation objects include database records, directories, files, and database keys. When an application succeeds in exposing a reference to one of these objects in a URL hacker will be able to manipulate it in order to gain access to a user's private data.
- Broken authentication and session management: If authentication credentials and session identifiers are not protected on a regular basis, an attacker will be able to hijack an active session and assume a user’s identity.
- Cross-site scripting (XSS): XSS permits attackers to execute scripts in the victim's browser and this results in hijacking user sessions, redirecting the user to malicious sites, or defacing websites.
How cWatch Helps in Securing Your Website
To prevent the above-discussed web security vulnerabilities and have a safe website experience you will have to consider installing a reliable web security tool capable of handling different threats and attacks and also preventing hacking attempts even before they could hit the network. Comodo is now offering cWatch, a security stack providing customers with the most advanced managed security service for threat management and monitoring purposes. cWatch can be used for cloud, on-premises, or hybrid environments.
Key Features Offered by cWatch include:
- Web Application Firewall (WAF): Powerful, real-time edge protection ideal for web applications and websites providing enhanced security, filtering, and intrusion protection
- Security Information and Event Management (SIEM): Enhanced intelligence capable of leveraging existing events and data from 85M+ endpoints and 100M+ domains
- PCI Scanning: This scanning enables service providers and merchants to stay in compliance with PCI DSS
- Secure Content Delivery Network (CDN): A global system of distributed servers to enhance the performance of web applications and websites
- Malware Monitoring and Remediation: Detects malware, provides the methods and tools to remove it, and prevents future malware attacks
- Cyber Security Operations Center (CSOC): Comodo provides a team of always-on certified cybersecurity professionals providing 24/7 remediation services and surveillance
You can log into the cWatch admin console using any browser. If you are logging in for the very first time, use the username and password provided in the cWatch account confirmation email. Comodo insists that you change your password after your first log in for security reasons.
To change your password:
- Click the profile icon under your username on the left
- Click 'Change Password' in the 'Profile' interface
- Provide your current password
- Enter your new password
- Click 'Change Password'