About Thawte

News

OWASP identifies top 10 website security vulnerabilities

Website owners have had to address a number of widespread threats in recent years as automation tools add scalability to cybercriminal activities. Rather than focus on individual targets and risk invested time being lost, hackers are instead opting to cast much wider nets to identify and exploit security weaknesses. Ars Technica columnist Dan Goodin recently outlined the top 10 website security vulnerabilities from the Open Web Application Security Project.

Implementing effective security solutions can mitigate a significant portion of risk, but Goodin pointed out that many exploits stem from configuration mistakes. As a result, it is important for companies to ensure that SSL certificates are properly installed on their web servers and to evaluate implementations on an ongoing basis. Such an investigation may also yield other efficiencies by identifying underused web applications or out-of-date software that may lack the functionality and security of the latest version.

"But a lack of end-to-end SSL or TLS protection is only one example of insufficient transport layer protection," Goodin wrote. "Browser cookies used for authentication and other sensitive purposes must contain a secure flag. And certificates should never be self-signed or allowed to expire."

In addition to data in transit, companies must take measures to protect stored information. Goodin highlighted the value of encryption, but also warned that many companies fail to protect the entirety of their information. Credit card numbers and personal information as well as users' passwords and other account authentication credentials should be protected. Businesses that lack visibility over how data moves through their IT environments and which applications handle it may need to go through an extensive data management process to improve their security standing.

Collaboration to improve security
One of the challenges facing information security professionals is a matter of scale. The creation of accessible malware tools and crimeware kits means that even non-technical users can exploit weak points in a company's digital ecosystem. As a result, some businesses are pooling cybersecurity expertise to create stronger safeguards. For example, PayPal has spearheaded the creation of several protocols designed to better protect users and organizations against common threats. SC Magazine contributor Karen Epper Hoffman commended the company's efforts, noting that its Domain-based Message Authentication, Reporting & Conformance (DMARC) specification has gained the backing of Microsoft, Google, Yahoo and a number of financial institutions.

PayPal's Andy Steingruebl told the news source that the efforts of single organizations can have some impact, but solving the challenges associated with cybersecurity will likely come from a collaborative effort. He emphasized that organizations must come together to craft best practices and solutions as well as identify and address new threats as they emerge.

Get your SSL certificate today to improve the safeguards protecting your website visitors' data.

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +27 21 819 2200
Fax: +27 21 819 2950

Thawte is a leading global Certification Authority. Our SSL and code signing digital certificates are used globally to secure servers, provide data encryption, authenticate users, protect privacy and assure online identifies through stringent authentication and verification processes. Our SSL certificates include Wildcard SSL Certificates, SAN /UC Certificates, SGC SuperCerts and Extended Validation SSL Certificates.

What is an SSL Certificate Which SSL Certificate is Right for Me? Why Choose Thawte?