eTrust Pro Secure Site Seals

Increase Your Profits By Increasing Trust

CUSTOMER SERVICE
1-800-339-2383

eTrust Pro Certified  




Web site security Best Practices

eTrust Pro Website Security Tips

The biggest security threat to your Web site are the forms you use to collect user information. Follow these guidelines to secure your forms and server against the most common attacks.

You may need your Webmaster to help you implement these changes, but it will not be hard for them to do and it will make your site and your users information safer.

Using the eTrust Pro website trust seal and going by these best practices will show your customers you care about their privacy and personal information, which will increase your sales and allow you to sleep better at night knowing eTrsut Pro is working for you.

What Is a XSS (Cross-Site Scripting) Attack?

70% of all vulnerabilities are Cross-Site Scripting issues. When an attacker introduces malicious script into a dynamic URL or form, a cross-site scripting (XSS) attack then occurs. It can display an alert window, do redirects, grab cookies, and do SQL injections.

Attackers can use your online forms to inject scripting that will execute or even worse access your database to steal user information or install trojans on visitors to your website. It's actually quite easy to stop these kind of attacks from happening. Have your web site programmer block or filter special characters from being used in the forms on your web site and always filter input saved to your databases.

The filter will clean all information submitted to make sure any XSS attempt will not execute properly and in return your web site and users information will be safer.

Guard against XSS (Cross Site Scripting) attacks

Simple test for your site using a basic XSS attempt :

<script>alert('Danger - Exploit Found')</script>

Copy and paste the code above into any of your Web site forms and submit them. If you see the message "Danger - Exploit Found" then you are vulnerable to XSS attacks. Have your web site programmer add filters to filter out the special HTML characters below.

"><script>alert('XSS')</script>

Copy and paste the code above after a dynamic URL at your Web site and see if it excecutes. If you see the message "XSS" or receive a 500 server error then your site is vulnerable to XSS attacks. Have your web site programmer add filters to filter out the special HTML characters below.

Special Characters To Filter Out Of Your Forms
<    >    "    &    –    (    )    '    ;    +    -    :


Areas to look for possible vulnerabilities :
  • Feedback Forms
  • Shopping Cart Forms
  • dynamic URLs with parameters passed through
Areas to look for possible vulnerabilities :
  • Feedback Forms
  • Shopping Cart Forms
  • dynamic URLs with parameters passed through


Following this as a guide will help secure your web forms. If you would like to read more in depth examples on XSS attacks OWASP has a nice article on the subject.



Try It On Your Site FREE For 30 Days!
Trust Seal by eTrust Pro eTrust Pro helps users trust your web site, which will increase sales. Signup today and get your website verified today. You can have the eTrust Pro "trust seal" on your site within 1 day (takes less the 24 hours to setup and verify). join


Latest News
7/21/2011
The trust seal has been optimized for faster load times and faster statistic views, up to 300% faster in fact.
6/27/2011
eTrust Pro Trust Seals will cost you at a minimum 500% less then McAfee Secure trust seal.

Testimonials
Vinyl BannersBuyaBanner
"Easy setup and excellent results!"
Operations Manager
Zach Drake

 Contact Us
eTrust Pro, Inc.
2051 E Red Hills Pkwy
Saint George, UT 84770

1-435-656-1310
1-800-339-2383

© 2008 - 2012 eTrust pro all rights reserved

All company & product names are trademarks of the respective companies with which they are associated.

eTrust Pro can provide a pci compliant Vulnerability Scan or PCI Scanning so your site meets all PCI Compliance requirements.