Start safeguarding your ecommerce website, protect your
online revenues, and keep your customers’ information
secure from hackers, viruses, and identity theft.
Online retail
websites generate revenues, represent a company brand, and
create a customer’s first impression. However, a hacker can
exploit vulnerabilities on legitimate websites, making the business
an unknowing accomplice to spyware or identity theft. This can
endanger business revenues, customer data, and company reputations.
Trend Micro™ SecureSite is a hosted, web-based solution for websites
that enables online retailers or web hosting companies to automatically
test websites for vulnerabilities via daily scanning and reporting.
If vulnerabilities are found, online retailers can engage in-house IT resources
or Trend Micro channel partners to remediate them using tips provided by TrendLab’sSM worldwide network of security experts. With this online service there is no additional hardware or software required to deploy, install, or maintain.
SecureSite service will test websites daily for vulnerabilities, dangerous content and links that expose consumers’ computers and personal information to malicious use. Websites that meet security policies will be able to display a new Trend Micro SecureSite trust mark, as part of the service, to identify their security concern and diligence to Internet users.
KEY FEATURES
WEB APPLICATION SECURITY TO PROTECT ONLINE RETAILERS
SecureSite Monitoring
•
Automated daily scanning of your website for web threats and vulnerabilities
•
Helps provide website customers with peace of mind that their data will remain secure and private
•
Helps safeguards business reputations
•
Help to protect online retail websites with leading-edge web vulnerability assessment technology
Web Application Security by Trend Micro
•
Assesses the website with daily vulnerability snapshots to help prevent attacks such as website hijacks, SQL injection, cross-site scripting or bot activities
•
Monitors for vulnerabilities across multiple web applications, databases, and operating systems
•
Reports on highest risk vulnerabilities so you can quickly prioritize
•
Provides a web-based console with overall vulnerability report card, and a variety of alerting options
•
Allows an IT professional to quickly address problems with remediation tips on over an ever-growing list of security vulnerabilities
No Hardware or Software to Install
•
Maintained and updated by Trend Micro, so you are always safeguarded by the latest technology and protection
SecureSite automatically scans once a day for the following types of vulnerabilities:
Fraud/Phishing Enablers
Cross Site Scripting enables phishing scams and is the most common website vulnerability.
Data Leaks
Data leaks can expose sensitive information such as IP addresses, social security numbers, credit card data, internal web pages, source code, and XML documents to attackers.
Unauthorized Use
Unauthorized use of the site or its infrastructure enables attackers to gain access to protected portions of the website, annoy or defraud users, and control servers.
THE NUMBERS PROVE WEBSITES NEED ONGOING PROTECTION
•
More than 28,000 known xss vulnerabilities identified at named websites with only 5% fixed - www.xssed.com, August 2008
•
More than 40% of web threat incidents involved legitimate sites unknowingly distributing malware - TrendLabs, 2008
•
Over 70% of online shoppers look for a third party seal of approval when they visit a website - Consumer Reports
Web Application Security to Protect Online Retailers and Website Holding Personal/Sensitive Information
Scans
Examples
Protects Against
Web and Web 2.0
Applications
Web Infrastructure – Apache, Apache Tomcat, Microsoft™ Internet Explorer, Mozilla FireFox, Microsoft™ IIS, FTP, BEA Weblogic, Adobe ColdFusion, SSH, TELNET, and shopping carts
Web 2.0 – JavaScript, AJAX, Adobe Flash applications
Web Applications – Applications and contents residing on the website
•
Compromise of websites through use of cross-site scripting vulnerabilities
•
Content spoofing
•
Javascript malware payloads
•
Vulnerabilities that can cause denial of services on the website
•
Corruption or theft of data and identities
Databases
•
Oracle
•
Microsoft™ SQL Server
•
Sybase
•
PostgreSQL
•
Sun™ MySQL
•
IBM™ DB2
•
IBM™ DB2/400
•
Lotus Notes™/Lotus™ Domino
•
SQL injection attacks designed to steal credit card data and identities
•
Configuration issues, and policy compliance violations
