Penetration Testing, your best defense
Secure Ecommerce may be a priority for most retailers, especially given the recent high profile breaches, but the idea is hard to execute. There are a number of tactics merchants can use to build an experience that feels secure for consumers from SSL certificates to payment gateways and DDoS protection, but cyber criminals are adept at finding the most innocuous vulnerabilities.
Every ecommerce storefront is different, which makes it difficult to decide which security elements should be a priority for your business, which ones will provide the most protection for you. One tactic to find the best mix of security solutions for your online store is to perform regular security tests.
Testing tools allow you to scan your environment to try and find issues with your environment that hackers might exploit. Tests range from relatively high level vulnerability scans to comprehensive penetration testing. These tests allow retailers to approach security from a proactively, instead of waiting for a breach and scrambling to recover.
What is penetration testing?
Sometimes referred to as “ethical hacking”, penetration testing is an offensive security service that simulates an attack on your web store. These ‘ethical hackers’ are armed with the same tools, techniques and expertise as advanced cyber criminals and will help you identify the security gaps that criminals might exploit. The testers will look for human errors and technical flaws that could be exploited.
Why does it help?
Often, a security test will reveal high-level security gaps that have gone unnoticed internally. Fresh eyes can uncover weak password processes, misconfigured systems and even legacy machines that expose company data.
Beyond internal systems, penetration testing tools leverage public forums for information discovery. What used to be (literal) dumpster diving is now much easier information about a company, its employees, its history, all available online.
Information gained from these sources allows testers to simulate an attack, to try and break through your security defenses, just as a hacker would. Whether they are successful in actually penetrating your system or not, they will have enough information about your operations to help you close some of the gaps.
The most valuable part of the test is the followup report that details the vulnerabilities, much like a roadmap, it gives you the opportunity to address security issues before they are exploited.
At Tenzing, we encourage our retail clients to perform regular security tests, particularly because it is a requirement of their PCI DSS compliance. Depending on a retailers size, environment and business priorities, we have a number of service options to help them examine the security of their web store.
If you’re interested in learning more about Tenzing Security Services check out the product page here or contact us today to chat about what test option would be the most beneficial for your business.