Date with iviz "What do you want to know about Online Security"

Date with Ivizsecurity.com

I (AjiNIMC) got an invitation to visit Ivizsecurity’s office and to work with their development and research team. I was eagerly waiting for it and I need to get answers to so many queries.

I got a golden chance to visit the research team at Ivizsecurity.com to understand penetration testing, web security and everything else. They have done good work on web security too. I will be asking few queries but I  need more queries (some of which may not come to my mind) so that I get answers to all:

I will be asking:

  1. How can I see vulnerabilities with my own site?
  2. Can I do that with others site where I dont have access to the server?
  3. What are the common vulnerability issues for websites?
  4. How about user data stored in a DB? What are the concerns?
  5. Emerging threats for websites?
  6. I read about flash vulnerabilities? Can you explain more on it?
  7. How do I know whether my web hosting company is secure?
  8. ….

I will be adding more to it but please help me get more and more queries that can help other webmasters, I will get back to this and post the answers too.

6 Responses to “Date with Ivizsecurity.com”

  1. John says:
    April 21, 2010 at 9:54 am

    I need to know about following things
    #1 When I am using open source application like wordpress, drupal how do I know that it is secure? How to check it and the messages taken to reduce risk.
    #2 Can you also tell about the virus information that Google gives on its SERP and firefox on its browser, how do I remove that?

    Will be great if you can get answers to these.

  2. admin says:
    April 21, 2010 at 9:56 am

    Thanks John, I will get the answers to it, good questions by the way.

  3. John says:
    April 21, 2010 at 10:00 am

    One more query I have
    #3 The good websites one should read to understand about the web securities.

  4. admin says:
    April 21, 2010 at 10:01 am

    Thanks John, again a good query

  5. Rajan Subra says:
    April 23, 2010 at 10:06 am

    I am Rajan, saw your post on FB and came here. Do ask about

    -1, how do I scan my whole website for viruses?

    I will be asking more, I am interested to see the recommended websites.

  6. admin says:
    April 25, 2010 at 6:15 pm

    I got following more queries

    8) Do you see a major difference in quantity or severity of security issues with the different web server platforms, i.e. LAMP, Microsoft or nginx servers?
    9) What is currently the most common attack vector: SQL injection, scripting programming flaws, SSH, FTP, or control panel software?

    10) How best to react to flood and DDOS attacks in progress
    11) What scanners do you use/recommend to test bespoke web applications for vulnerabilities
    12) Any way to stop or identify forms being intercepted over http
    13) How best to guard against Windows zero day exploits
    14) How would you best secure mySQL with phpymyadmin access
    15) What log analysers are best for quickly identifying scanning / probing that needs action. i.e not standard port scans/finger printing but actual hack attempts

    16) Should I use both a hardware and software firewall for my server?

    I asked it at http://www.webmasterworld.com/supporters/4120446.htm

Leave a Reply