Skimming Malware Found on American Cancer Society Webstore
Incident Shows That Healthcare Sector Faces E-Commerce Threats
“The top issues are the same as those of e-commerce sites in any industry – it is critical to ensure that applications’ software development included code review to identify security flaws and fix them before exposing the application to the internet,” says Keith Fricke, principal consultant at tw-Security.
“Additionally, the server upon which the e-commerce runs need to have security patches that are up to date and should be scanned regularly for vulnerabilities and monitored for intrusions,” he says. It’s also important that application developers have knowledge of secure coding practices and have the tools to check code for issues such as buffer overflows, input validation and in the case of tying to backend databases, checking for SQL injection vulnerabilities, Fricke notes.
Organizations should also include these e-commerce sites in scope for any penetration tests conducted, he adds. “It is a good practice to have third parties review software code for flaws. System administrator access to ecommerce sites should require two-factor authentication.”