avc-community Welcome, AV-Comparatives partners and friends!

This is a place of sharing and exchanging information, the hub of the AV-Comparatives community, where we keep in touch with our partners and friends. We’d like to thank you all for your past, present and future support and for helping us emphasize the importance of independent testing of security software.

Online safety for website owners

There are several common website security threats:

Malicious software can be used to steal passwords, hack into ill-secured websites or computers and so on. If your site allows uploads, keep in mind that uploaded files may not always be what they seem. An anti-virus software is needed to check the files.

Lack of data validation. All data used by the website should be validated in terms of form and length. For example, Name fields should validate characters and number fields should validate numbers, e-mail address field should check for a valid e-mail address form (name@domain.com) and so on. Input and output data validation can help against data poisoning.

Inside theft. If you are a company, keep in mind that a disgruntled employee can use the data for attacking the website. Change your passwords after firing someone, or immediately cancel all addresses that no longer apply.

Careful what you store. SQL injections and other exploits can be used by fraudsters to extract sensitive data form your website’s databases. To avoid this, do not store sensitive data such as credit or debit card details.

Automated hacking. A large number of bots (software that run automated tasks on the Internet) is crawling the web looking for vulnerable websites. While the main bot attack techniques are easy to avoid, the web developer has an important role to play in making your website immune to all automated hacking attempts.

Data management. If you are a business with multiple computers and employees, special emphasis should be put on this. Access management and network computer security (ensured by anti-virus and security software) should always be seen as key factors.

SSL and encryption should be used especially if the website collects information from individuals that interact with your website. The first acts as a secure connection layer, and the second is important for the security of personal data.

Cross-site scripting attacks are a very common hacking method that uses any field on the website when user can input text. Most web developers should know about the vulnerability and build a secure website accordingly.

Authentication management and session management should be taken very seriously, because if not done properly they could result in vulnerabilities allowing a user (hacker) to alter information or access information they would not be allowed to.

If possible, use FTPS instead of FTP.  FTPS (File Transfer Protocol Secure, or FTP Secure) adds support for TSL (Transport Secure Layer) and SSL (Secure Sockets Layer) encryption protocols thus strengthening security and control over FTP access.

Use a version control service to help with identifying the versions of you website and rollback to a version you consider safe, in case you suspect an attack on the current version.

See also “My website has been hacked – what should I do?

About AV-Comparatives

AV-Comparatives is an independent organization offering systematic testing that checks whether security software, such as PC/Mac-based antivirus products and mobile security solutions, lives up to its promises. Using one of the largest sample collections worldwide, it creates a real-world environment for truly accurate testing. AV-Comparatives offers freely accessible results to individuals, news organizations and scientific institutions. Certification by AV-Comparatives provides an official seal of approval for software performance which is globally recognized. Currently, AV-Comparatives' Real-World Protection Test is the most comprehensive and complex test available when it comes to evaluating the real-life protection capabilities of antivirus software. Put simply, the test framework replicates the scenario of an everyday user in an everyday online environment – the typical situation that most of us experience when using a computer with an Internet connection. AV-Comparatives works closely with several academic institutions, especially the University of Innsbruck’s Department of Computer Science, to provide innovative scientific testing methods.
If you plan to buy an Anti-Virus, please visit the vendor's site and evaluate their software by downloading a trial version, as there are also many other features and important things for an Anti-Virus that you should evaluate by yourself. Even if quite important, the data provided in the test reports on this site are just some aspects that you should consider when buying Anti-Virus software.

AVC Analyzer