Newsletter - Spring 2010 - Web Site Security & SagePay Update

Eliminate security loopholes...

A number of website owners have been seeking to attain Safe / Trusted statuses recently from certification bodies such as McAfee Secure, Verisign or Norton Safe Web. There's no doubt that the appearance of such a status in Google listings can definitely attract visitors and build customer trust - but it is not often 'a given' that such a certification will be granted. The reason for this is that websites built using Dreamweaver versions prior to 8.0.2 may have generated insecure SQL code structures. E-CC updated it's Dreamweaver versions over a year ago - but not all web development firms may have followed suit and even this doesn't ensure that pre-built add-ons will have been reworked with the new version.  If you have any kind of website then it is well worth checking whether you are exposed to this risk.

What's the risk?  Well, as one example illustrates, if you operate a database-driven website developed with an earlier version of Dreamweaver then both your website and database are wide open to potential 'SQL Injection Attacks' (in which a willful hacker could delete or change the contents of your website's database) as well as other loopholes. How much of a risk this presents to your business - only you can really know. The good news is that positive steps can now be taken to eliminate and reduce the risk - which is worthwhile doing, as the cost of having to 'undo' such malicious activities, once comitted, generally far outweighs the costs of re-coding the front-end web pages.

This is something we have recently done for a very large, complex ecommerce website. We even used McAfee Secure as an additional testing tool as it offers useful  feedback about insecure pages.   The owner is already noticing higher sales conversions as well as getting far more sleep at night!

If you would like to improve the security surrounding your website (which we would strongly recommend) - then please get in touch with us for an initial consultation.

 

Essential SagePay Changes...

If you use SagePay (formerly ProTX) you may have seen their recent announcement... 

Important URL and Security Update from Sage Pay

Hello,


We've noticed you're still using the old Protx URLs to send transaction information details to Sage Pay. As part of our system upgrade we now need you to make a minor change to your system by starting to use the Sage Pay URLs as soon as possible.


We've set a deadline of 30 September 2010 to give you time to move across to the Sage Pay URLs.  All of the technical information you need is included below, along with what we think will be the most common FAQs.


As always, if you have any questions, please don't hesitate to contact our support team anytime on 0845 111 44 55 or email support@sagepay.com ...

We estimate the effort to do this is not more than an hour's work - so please make an appointment for your site to be altered as soon as possible to avoid any loss of service.