Back to story
5. Company websites
5. Company websites
The problem: In 2004 the Hamilton County Court in Cincinnati discovered that the Social Security numbers of drivers who'd received speeding tickets were posted on its website. Elsewhere, private data has been cloaked - but easily revealed - in the HTML code embedded in companies' customer service pages. Worse, a common security hole called an SQL injection vulnerability enables hackers to slice into your back-end database. Resulting security breaches have triggered FTC actions against firms such as Petco and Guess Jeans.

The solution: Know your site - how it works, how it manipulates data, and how it displays it. If it's too big to traverse in a day, hire experts to audit your exposure to security holes like cross-site-scripting vulnerabilities and SQL injection attacks.
More
10 commandments of information security
xxx Simple, cost-effective steps to prevent data theft (more)
How to build a bulletproof startup
How to build a bulletproof startup Got a great idea? There's never been a better time to turn it into a great company. Here's a 16-step guide to help you do it right. (more)
Contact Us Closed Captioning Manage Cookies+ Site Map

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer. Morningstar: © 2018 Morningstar, Inc. All Rights Reserved. Factset: FactSet Research Systems Inc. 2018. All rights reserved. Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor's Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2018 and/or its affiliates.

Contact Us Closed Captioning Manage Cookies+ Site Map

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer. Morningstar: © 2018 Morningstar, Inc. All Rights Reserved. Factset: FactSet Research Systems Inc. 2018. All rights reserved. Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor's Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2018 and/or its affiliates.