eTrust Pro Secure Site Seals

Increase Your Profits By Increasing Trust

CUSTOMER SERVICE
1-800-339-2383


eTrust Pro Certified  





Website security Best Practices

eTrust Pro Website Security Tips

The biggest security threat to your website are the forms you use to collect user information. Follow these guidelines to secure your forms and server against the most common attacks.

You may need your Webmaster to help you implement these changes, but it will not be hard for them to do and it will make your site and your users information safer.

Using the eTrust Pro website trust seal and going by these best practices will show your customers you care about their privacy and personal information, which will increase your sales and allow you to sleep better at night knowing eTrust Pro is working for you.

What Is a XSS (Cross-Site Scripting) Attack?

70% of all vulnerabilities are Cross-Site Scripting issues. When an attacker introduces malicious script into a dynamic URL or form, a cross-site scripting (XSS) attack then occurs. It can display an alert window, do redirects, grab cookies, and do SQL injections.

Attackers can use your online forms to inject scripting that will execute or even worse access your database to steal user information or install trojans on visitors to your website. It's actually quite easy to stop these kind of attacks from happening.

Have your website programmer block or filter special characters from being used in the forms on your website and always filter input saved to your databases.

The filter will clean all information submitted to make sure any XSS attempt will not execute properly and in return your website and users information will be safer.

Guard against XSS (Cross Site Scripting) attacks

Simple test for your site using a basic XSS attempt :

<script>alert('Danger - Exploit Found')</script>

Copy and paste the code above into any of your website forms and submit them. If you see the message "Danger - Exploit Found" then you are vulnerable to XSS attacks. Have your website programmer add filters to filter out the special HTML characters below.

"><script>alert('XSS')</script>

Copy and paste the code above after a dynamic URL at your website and see if it excecutes. If you see the message "XSS" or receive a 500 server error then your site is vulnerable to XSS attacks. Have your website programmer add filters to filter out the special HTML characters below.

Special Characters To Filter Out Of Your Forms
<    >    "    &    –    (    )    '    ;    +    -    :


Areas to look for possible vulnerabilities :
  • Feedback Forms
  • Shopping Cart Forms
  • dynamic URLs with parameters passed through


Following this as a guide will help you secure your website from cross site scripting attacks. If you would like to read more in depth examples on XSS attacks OWASP has a nice article on the subject.



Try It On Your Site FREE For 30 Days!
Trust Seal by eTrust Pro eTrust Pro helps users trust your web site, which will increase sales. Signup today and get your website verified today. You can have the eTrust Pro "trust seal" on your site within 1 day (takes less the 24 hours to setup and verify). join


30 Day Free Trial
Try eTrust for 30 days
Seeing is believing so give us a try for 30 days for free and if you don't see an increase in sales cancel your account.


Testimonials
Vinyl BannersBuyaBanner
"Easy setup and excellent results!"
Operations Manager
Zach Drake

Contact Us
eTrust Pro, Inc.
321 North Mall Drive Ste M201B
Saint George, UT 84790

1-435-656-1310
1-800-339-2383




© 2008 - 2017 eTrust pro all rights reserved

All company & product names are trademarks of the respective companies with which they are associated.

eTrust Pro can provide a pci compliant Vulnerability Scan or PCI Scanning so your site meets all PCI Compliance requirements.