Pages

Tuesday 2 October 2012

Site Security Audits When Do I Need One?

By Daniel Turbin


Most people in the business will recommend an unrelated party audit on a yearly basis, and in several instances, this is more than adequate. It represents just a periodic check to ensure that nothing major has changed between this audit and the last, and will show any security holes that will have opened up in the intervening time interval.

It could be as straightforward as disclosing that the security patches aren't recent on the assorted pieces of software you use. It may show that certain network settings have been modified ( sometimes by accident and sometimes deliberately ), which make it less complicated for a would-be hacker to get inside. Or, if you are awfully fortunate, it may show that you're rock solid and have nothing to worry about, though this isn't the case because where internet site security in particular, and network security in general is concerned, there's sometimes room for improvement.

Of course, there are some instances where you may want to consider more frequent audits. Chief among these is if you've been hacked. In this example, just plugging the hole ( presuming you'll be able to find it ) and barring the door that the hackers gained entry thru isn't enough, because while they were "inside," they may have left some way of gaining entry again later on. Not just that, but in most situations, a Web security expert can help you get back onto your feet again after an information loss, so they're valuable for both their capability to help you in staying safe and for their capability to help you recover from the attack itself.

The second commonest reason you may wish to have more than just the standard yearly audit would be if you have had a piece of custom code written for your company, and this is fairly common. Sadly , cookie cutter, off the shelf pieces of software are usually insufficient for a specific company's wishes and when this occurs, most companies will go out and hire someone to develop a custom application for them that does what they need it to do.

Sadly, what can occur in these instances is that some of the lines of code in the custom application may accidentally open up a security hole in your otherwise solid system. In cases like these, having the code verified with an eye toward security can help ensure that the new software does what it's intended to do, and little more. This is a good way to avoid a nasty surprise down the road!



0 comments:

Post a Comment