Issuu on Google+

Site Evaluator - Website Security What is Website Security? Having an effective and reliable website security helps to build trust and confidence between you and your customers. It is important to protect your site from outside attacks and to keep customer information confidential and secured. Security is a measure of how safe your website and its data are from hackers.

How does web site security impact on your website ranking? A secure website is of paramount importance to your business. Websites are under continual attack by hackers, looking to steal funds or personal information of your clients or, in some cases, take control of the website and change it for their purposes. Even a single security breach can be disastrous to your company, both financially and in terms of the trust you have built with your clients in safeguarding their personal information. Ultimately, higher customer confidence means higher sales through repeat orders and customer loyalty.

How is the Web Performance score calculated ? Security score is calculated on following factors apart from XSS vulnerability. These factors are graded as Critical, Medium, Low, for Info, No Disclosure.

Step 1: Site Security Score is: XSS Vulnerability + Internal IP Address Disclosure + Directory listings + Stack + Internal paths + Programming errors messages + Database error messages + Source code + Local file inclusions + Remote file inclusions + Remote code injection + Insecure password transmission + Insecure login form transmission + Frame injections + Open redirections


Points for each metric: 0 for Critical, 1 for important, 2 for Medium, 3 for Low, 5 for Info, 6.6666666666666666666666666666667 for No Disclosure

Step 2: If XSS Vulnerability is either Critical or important or Medium: Site Security Score = Site Security Score * XSS Vulnerability factor (0.125 for critical, 0.25 for important and 0.5 for medium) If XSS Vulnerability is either Low or info or No Disclosure: Site Security Score = Site Security Score * XSS Vulnerability factor (0.65 for low, 0.8 for info and 1 for no disclosure)

Step 3: If any of the items except for XSS Vulnerability has severity Critical or Important then: Site Security Score = Site Security Score * Metric in question factor (0.25 for critical, 0.5 for important) If any of the items except for XSS Vulnerability has severity Medium or Low then: Site Security Score = Site Security Score * Metric in question factor (0.5 for medium, 0.7 for low)

Other factors affecting security apart from XSS vulnerability •

Internal IP Address Disclosure

Directory listings

Stack Trace Disclosure

Internal paths disclosure

Programming errors message

Database error message


Source code

Local file inclusions allowance

Remote file inclusions allowance

Remote code injection allowance

Insecure password transmission allowance

Insecure login form transmission allowance

Frame injections allowance

Open redirections allowance

The formula for Security Score is shown below: Test

Grade

Security score

XSS vulnerability

Critical or

Poor

Important or Medium And Other factors

Critical or Important

XSS vulnerability

Low

And Other factors

Medium or Low

Needs improvement


XSS vulnerability Not vulnerable

Good

And Other factors

For info or No disclosure

Following additional details regarding security are also provided with the security score: Cookies are not marked as “Secure.” Cookies are not marked as “HTTP Only.” Version Disclosure Access Denied Resources SQL Injection OS Level Command Injection CRLF / HTTP Header Injection / Response Splitting Find Backup Files Crossdomain.xml Analysis Finds and Analyses Potential Issues in Robots.txt Finds and Analyses Google Sitemap Files Detect TRACE / TRACK Method Support Detect ASP.NET Debugging Detect ASP.NET Trace Server-Info pages Find Hidden Resources Auto Complete Enabled ASP.NET ViewState Analysis ViewState is not Signed. ViewState is not Encrypted. Custom 404 Detection Manual Proxy Mode How can you improve your site security score? Typically, there are key pages in your site where it is important to reinforce security, namely: Log-in page Using the shopping cart Creating an account


You can maximize your site security by limiting administrative access to your site. Device a difficult password which cannot be easily decoded. Change your site password regularly. If your website platform doesn’t offer these services, check our Power Site. Fast Track’s fully customizable website solution that includes all of the latest features including a CMS, eCommerce, SEO and more. Visit www.site-evaluator.com for more information about Site Evaluator - Website Security Other articles you will find interesting: Site Evaluator - Accessibility Site Evaluator - Web Performance Site Evaluator - Social Media Optimization Site Evaluator - Site Availability Site Evaluator - Website Security Site Evaluator - Website Support Site Evaluator - Marketing Metric Site Evaluator - Search Engine Optimization Site Evaluator - Site Usability


Site evaluator website security