Vulnerable websites aren’t just a reputation risk, they leave an open door to your backend systems and company data, says Fortinet.
The days of the enterprise website serving as a static billboard are long gone. Now, websites are a valuable brand ambassador, and crucially, they are often also a channel to market and a conduit to the enterprise backend systems. In some cases, your site IS your business. Unfortunately, many South African companies still overlook the importance of effectively securing their websites.
A website’s greatest strength is also its greatest weakness, it is accessible to everyone. This makes a website a natural target for the cyber-criminal, hacker or hacktivist. Compounding this challenge is the fact that competition and business goals may drive web developers and designers to push site updates without proper security testing.
Regardless of the reason for the vulnerabilities or the motivation of attackers, a compromised website has serious implications – loss of revenue, negative impact to a company’s reputation and theft of sensitive information such as credit card numbers and personal data.
In South Africa, most of the high profile hacks recently have been hacktivist-style attacks on controversial or high-profile organisations. We’ve seen the defacement of the AARTO and Department of Health sites, the hack of the SAPS informants’ database, and the hacking of the Johannesburg City billing system, among others. These are just the widely-known cases. Unless cases go to court or are publicised, corporates are not likely to draw attention to site breaches.
In many cases, it requires extensive and careful forensic work to determine the extent of the breach if a site has been hacked. It is for good reason that hackers use the phrase “you’ve been owned” when they breach website security. Since most websites are connected in some way to multiple enterprise systems, there is a good chance that access via the website has allowed access to these systems. As a rule of thumb, enterprises should consider all their systems potentially vulnerable once their site has been touched.
Challenges in Securing Web Applications
A recent study by Verizon showed that the top two reasons for an attack on websites were theft (financial or personal gains) and hacktivism (disagreement or protest). These attacks can come in the form of exploits to existing security vulnerabilities in the operating system or web application software. More sophisticated forms of attacks like SQL injection and cross-site scripting are also used to gain access to sensitive data.
Verizon 2012 Data Breach report
While network security is relatively straightforward − define security policies to allow/block specific traffic to and from different networks/servers – web sites are made up of hundreds, and sometimes thousands, of different elements including URLs, parameters and cookies. Manually creating different policies for each of these items is almost impossible and obviously does not scale. In addition, web sites change frequently with new URLs and parameters being added, making it difficult for security administrators to update security policies.
The difficulty in protecting a website is further compounded by the ongoing discovery of software vulnerabilities of the actual website and the applications running on it, challenges in developing and applying updates, code revisions and updates, and time-to-market pressure.
Adding to this already complicated environment is the fact that behind most web sites is a distributed infrastructure of servers for the actual web site, its applications and databases, increasing the difficulty of securing these key elements.
The end result is that just like traditional applications and operating systems are considered inherently vulnerable, web-based applications cannot be assumed to be secure − they require independent security measures.
Protecting Your Online Assets
Protecting your website must take a holistic approach that includes the structure of the site and its applications as well as the underlying network. Fortinet recommends a three-pronged approach to tackling web application security:
• Secure Coding Practices and Code Reviews – Developing web applications securely and implementing a secure coding practice as part of the development life cycle should be an integral part of application development projects. By following the guidelines recommended by the Open Web Application Security Project (OWASP) and other bodies, users could build a more secure and trusted application. Once developed, the code should be reviewed by an independent third party.
• Perform Web Application Vulnerability Assessment / Penetration Testing – Applications should either be reviewed manually or through automated application vulnerability assessment tools to identify vulnerabilities. This could be further followed up with specific application penetration testing exercises for critical applications.
• Utilise a web application firewall – A web application firewall (WAF) allows organisations to detect and block application layer attacks. Such a specialised firewall is needed in addition to conventional network security solutions because traditional firewalls are designed to detect and combat attacks at the network and network port levels, not the application level. By complementing an existing network firewall with a WAF, you can address the unique requirements of web based applications and increase the overall security level of the network.
Many variations of WAFs exist today. Fortinet’s FortiWeb appliance, for instance, combines a WAF with XML Firewall capabilities in a single platform with several add-on modules like Vulnerability Scanning, Application Acceleration and Server Load Balancing that further complement the basic capabilities offered.
The Johannesburg Stock Exchange (JSE), which saw group earnings after tax for 2015 increasing by 42% to ZAR899 million (2014: ZAR634 million), Nicky Newton-King, Chief […]
BHP Billiton on 8 December 2014, announced that the new company it intends to create through its proposed demerger will be called South32. The majority […]
10X Investments welcomes two new additions as the organisation continues to expand. This comes as a result of the increased demand in the company’s retirement […]
PPC Ltd, Business Connexion and Pfizer Pharmaceuticals are among the elite organisations to have been shortlisted as finalists for the 12th Annual National Business Awards. […]
Regional collaboration in the power and water sectors, the untapped potential of renewable energy and investment challenges will be top of the agenda at the […]
When women support each other and work together, they can achieve so much more and make a powerful and meaningful impact. This was dramatically illustrated […]
Universum South Africa’s annual survey of over 16 900 tertiary students from all 23 accredited tertiary institutions and over 9 100 professionals has thrown up […]
The winners of the digital industry’s most anticipated Awards were announced on 12 November 2014 during an event that played host to stirring speeches. The […]
The critical role which knowledge and innovation should play in Africa’s development will be the focus of this year’s African Economic Conference (AEC) scheduled to […]
The 2014 African Investing for Impact Barometer was released on 9 September in Cape Town. Its message: investing for impact is on the rise in […]
Leather goods manufacturer Research Unit has beaten stiff competition from 30 finalists to win the Cape Talk 567 Small Business Awards with Sage One, powered […]
At the 2014 Enactus South Africa National Competition sponsored by Harmony Gold Mining Company and Sasol Limited, 22 university teams will showcase the impact of […]
Aliko Dangote, Businessman and Africa’s billionaire has been named as the 2014 Forbes Africa Person of the Year. “This is our fourth Person of the […]
Today, 14 April 2014, the Mo Ibrahim Foundation announced the three 2014 Ibrahim Fellows. Established in 2010, the Ibrahim Leadership Fellowships is a selective programme […]
The 2014 annual ICT Skills Survey, which officially kicked off in June 2014, is continuing apace as ICT practitioners and employers are encouraged to take […]
The African Innovation Foundation (AIF), announced the finalists of the prestigious Innovation Prize for Africa (IPA) 2014. Ten African innovators have created practical solutions to […]
“Employers might have experienced a tough year on the labour front. However in the light of recent changes and additions made to key labour acts, […]
Denis Mukwege is the laureate of the Sakharov Prize for Freedom of Thought 2014, following today’s decision by EP President Martin Schulz and the political […]
The 2014 Sanlam/Business Partners Entrepreneur of the Year competition was today, 4 Febraury 2014, launched and organisers are calling for entrepreneurs who are striving to […]
The winners of the 2014 Sanlam / Business Partners Entrepreneur of the Year competition were today, 3 September 2014, announced at an awards ceremony held […]
South Africa’s young business talent from various business sectors were acknowledged and celebrated at the 2014 Standard Bank Rising Star Awards, which took place at […]
You have been on the edge for a while, now its time to take a leap and fly at this year’s Unleashed Woman Born to […]
The 17-18th November 2015 brought together (in Dubai) some African Heads of State and Government, as well as the captains of industry that have operations […]
The World Economic Forum announced today, 17 March 2015, the leaders under 40 who are shaping the future of industry and society. About half of […]
The winners of the second annual African Blogger Awards have been announced, with the competition receiving over 1 000 entries from across the continent, nearly […]
The 2015 African Blogger Awards entries are now officially opened to all African bloggers, Instagrammers, Twitter influencers and YouTubers. The competition has expanded this year […]
On the eve of U.S. President Barack Obama’s visit to Kenya for the Global Entrepreneurship Summit, GeoPoll, the Global Entrepreneurship Network and the US State […]
In my 35 years in IT, I have never seen so much simultaneous change in technology. Every part of the IT stack is in transition […]
Chivas Regal will be taking one South African social entrepreneur to Silicon Valley with four other global finalists from its Win The Right Way competition. […]
Nigeria’s fastest growing and most innovative telecommunications company, Etisalat has announced the call for entries for the 2015 Etisalat Prize for Literature, which is in […]
The first annual FAIRLADY Women of the Future Awards in partnership with, Santam search kicked-off earlier last month with a call for entries from South […]
Is gender discrimination standing in the way of entrepreneurship? Recently researchers at MIT asked this very question and found a disturbing answer: “Both professional investors […]
Batseta, Council of Retirement Funds for South Africa is delighted to announce the short-listed nominee companies in the 2015 Imbasa Yegolide Awards. These awards honour […]
The African Innovation Foundation (AIF) in collaboration with the Ministry of Industry, Trade, Investment and Digital Economy in Skhirat, Morocco, researcher Adnane Remmal was announced […]
Florence Seriki, Omatek Ventures Engineer Chief Executive Officer has emerged the recipient of the IT Personality of the Year 2015 in Nigeria following a painstaking […]
Managing investments successfully involves a careful balance. On the one hand there is the requirement for consistency in process and philosophy. The dark side of […]
Tellingly, this year’s Survey on the Global Agenda 2015 revealed education and skills development as the biggest challenge facing Africa in 2015, followed by building […]
Jaguar Land Rover South Africa is introducing a comprehensive suite of updates to Range Rover and Range Rover Sport for 2015 model year, reaffirming their […]
Entries for the annual MTN Business App of the Year Awards taking place on 13 August 2015 in Johannesburg have closed, and an expert panel […]
The stars of SA radio were heralded at a sparkling banquet at the Sandton Convention Centre last night when the winners of the 2015 MTN […]
While the tax proposals regime announced in the 2015 National Budget signalled difficult times ahead, South African Finance Minister, Nhlanhla Nene also announced new tax […]
The winners of the Nigeria Technology Awards 2015 have been announced at an official event held at the Ace-Olivia Hall, City Mall, Lagos, Nigeria on […]
As we usher in the New Year, consumers and businesses alike look at international trends that have the potential to impact the South African economy […]
Orange announced the winners of the 2015 Orange African Social Venture Prize during the AfricaCom Awards ceremony held in Cape Town, South Africa on 18 […]
This year both desperation and salvation are on the cards in the retail industry and other consumer-facing sectors, according to Aki Kalliatakis, one of South […]
South Africa’s premier annual entrepreneurial competition, Sanlam/Business Partners Entrepreneur of the Year, this morning named Gil Oved and Ran Neu-Ner, founders and owners of The […]
South Africa finds itself in a situation where increasing export revenues is a necessity for sustainable growth. The increased domestic spending between 2004 and 2007 […]
Tanzania Women of Achievement has today, 4 November 2014, launched the 2015 Tanzania Women of Achievement Awards (TWAA), scheduled to take place on the 7 […]
As one of the goals for the New Year, companies should take stock of how resilient they are and take steps to improve their ability […]
On the eve of the implementation of the new Broad-Based Black Economic Empowerment legislation on 1 May 2015, a time when B-BBEE is being given […]
January is upon us once more, with all its promise of new beginnings, change and big aspirations. In December, the news is full of reviews […]
The 2016 Africa Oil Week (www.Africa-OilWeek.com) will showcase 130 top speakers with a high-quality exhibition and with well over 1000 senior delegates in attendance from […]
The Group BMCE Bank of Africa announces the closing of Round 1 of the second edition of the African Entrepreneurship Award (AfricanEntrepreneurshipAward.com). The AEA is […]
More than 250 senior representatives and advisors from regional governments, UN agencies, international and regional NGOs, CBOs, investors and donors, research institutes and the private […]
Known as one of the key milestones in February since 16 years, the Bamako Forum (http://www.ForumDeBamako.com) will take place this year from 18 to 20 […]
Two young entrepreneurs, Bahle Nteleki and Mazizi Njokweni, have been crowned the national winners in the 2016 Business Partners / SME Toolkit Global Entrepreneurship Week’s […]
The Businesswomen’s Association (BWA) of South Africa has announced the winners of the 2016 Businesswoman of the Year Award (BWOYA) in the categories of corporate, […]
It is almost time to say goodbye and perhaps even good riddance to 2016. Aside from the political drama here and abroad (including Brexit, Trump, […]
Etisalat has announced its call for entries to the 2016 edition of the Pan-African Prize, Etisalat Prize for Literature (Prize.Etisalat.com.ng). This is coming just a […]
Players in Agribusiness will have a rare opportunity to learn how to prepare credit-yielding and investor-attracting business plans – at special training session on the […]
African Leadership Academy (http://AfricanLeadershipAcademy.org), in partnership with The MasterCard Foundation (www.MasterCardFDN.org), is proud to announce Africa’s top youth entrepreneur finalists for the sixth annual Anzisha […]
The jury is still out on whether the world is heading for steady growth or if we could slip back into recession. In the US, […]
The year 2016 is expected to be another year of generally low equity returns in the low-growth, low-inflation environment and will prove to be somewhat […]
In recent years, the global meetings industry has begun to recognise Africa as a sought after destination. Meetings Africa showcases Africa’s diverse offering of services […]
Dorna Sports, promoter and organiser of the MotoGP World Championship, which is sanctioned by the Fédération Internationale de Motocyclisme (FIM), has announced that Michelin will […]
Mining Indaba has assembled an array of global, regional industry leaders and experts for the 2016 Investing in African Mining Indaba to be held from, 8 […]
The GSMA today, 1 June 2016, announced the first speakers for the 2016 Mobile 360 Series – Africa conference, which will take place 26 to […]
Despite a tough economic environment, 92% of small businesses in South Africa actively plan to increase their customer base and generate more sales over the […]
South Africa’s premier annual entrepreneurial competition, Entrepreneur of the Year competition sponsored by Sanlam and Business/Partners, has named Johan Eksteen, second-time finalist and owner of […]
The upcoming National Budget Speech should prioritise concrete interventions to avert further economic deterioration and improve investment prospects. This is according to Eric Enslin, FNB […]
The accomplishments of the small business community in South Africa was in the spotlight as winners of the 2016 South African Small Business Awards were […]
It’s that time again – when we look back at the year that has passed and throw our predictions into the ring for what lies […]
TMT Finance, the global telecom investment news and events provider, and IHS Towers, the largest mobile telecommunications infrastructure provider in Africa, Europe and the Middle […]
As the 26th World Economic Forum on Africa comes to an end and bids farewell to more than 1 200 heads of state, CEOs, academics, […]
Investing in African Mining Indaba, the world’s largest mining investment event, today announced registration is open. Reacting to the market conditions and unfavorable currency-conversion rates […]
The City of Joburg is set to score a double this year in continental agenda setting roles with the African Union (AU) Summit currently underway […]
The World Economic Forum’s 25th meeting in Africa, taking place in Cape Town on 3 to 5 June 2015, will be the largest ever in […]
2X Software, a global leader in virtual desktop and application delivery solutions, today, 14 January 2014, announced they have released the much anticipated 2X ApplicationServer […]
Spending on 3D printing in the Middle East and Africa (MEA) market is set to increase from $0.47 billion in 2015 to reach $1.3 billion […]
Leadership at Pamoja, SEACOM’s Cloud services and content aggregation business unit, has confirmed the company’s attendance as an exhibitor at the 3rd Annual Cloud World […]
In remarks at the opening session of the 44th World Economic Forum Annual Meeting, the Forum’s Founder and Executive Chairman, Klaus Schwab, called on participants […]
Fatima Beyina-Moussa, CEO of ECAir, Equatorial Congo Airlines, the national airline of the Republic of Congo, chaired the proceedings of the 47th General Assembly of […]
The latest edition of the Ericsson Mobility Report, launched today, 17 November 2015, provides insight into the future of 5G networks, including a forecast of 150 million […]
The 5th edition of the Africa Business Forum in Addis Ababa, Ethiopia will be held for the Second time in Ethiopia on the 1st of […]
The overall winners of the 5th All Africa Business Leaders Awards (AABLA) in Partnership with CNBC Africa Grand Finale, hosted by Bakgatla-Ba-Kgafela were revealed at […]
The 5th Small Business Friday has arrived. Today, 2 September 2016 is South Africa’s biggest small business day of the year. This powerful and meaningful […]
Energy transformation means the time is right for policymakers to reappraise their approach to energy access, according to a new report from PwC. On current […]
Simbi Wabote, Executive Secretary of the Nigerian Content Development and Monitoring Board will convene with legislators including, Senator Donald Alasoadura, Chairman – Senate Committee on […]
Orange (www.Orange.com) is announced the winners of the 2016 Orange Social Venture Prize for Africa and the Middle East during the AfricaCom Awards ceremony held […]
With one day to go before the first ever 702 Sun International CEO SleepOut in South Africa, just over ZAR 23 million in pledges has […]
The top strategies for mid-market businesses over the next 12 months are increasing customer loyalty and reducing operating costs, according to new research from The […]
Over the past two decades, affluent stakeholders in the mining sector have been converging in Cape Town for the annual African Mining Indaba (AMI) to […]
The Internet Society will bring its annual Africa Peering and Interconnection Forum (AfPIF) to Tanzania for the first time. The organisation has partnered with the […]
The South African Minister of Tourism, Derek Hanekom has called on mobile networks and tourism operators to free up broadband to allow international tourists to […]
In Africa, 90% of retail payments are via cash, with only 10% of payments made electronically. Compared to European payment methods where debit and credit […]
Following the overwhelming success of the South Africa: Gas Options meeting in Cape Town last week, which welcomed over 300 investors to learn about South […]
A newly launched programme from executive search firm Odgers Berndtson Sub-Saharan Africa has paired seven MBA students with leading CEOs for a day of intense […]
“A learning culture is what enables Cisco and Apple to ‘out-innovate’ their competitor, it is what enables ING Direct, Zappos and Starbucks to grow at […]
Africa needs society-minded entrepreneurs, not glitzy projects. There is a growing interest in entrepreneurs as the solution to contemporary global challenges—climate change, poverty, and disease. […]