www.hackersafe.eu | websitebeveiliging| Business to You | Hans Bouman

ETT 2014 Introductie Hans Bouman - B2U

1992 – 2000 Product manager e-Commerce

2001 - heden Secure eCommerce

2002 – 2005 Country Manager Ogone

2005 Strategic Partner Europe (website security) www.hackersafe.eu

2006 Preferred Partner www.internetkassa.com

2006 Reseller (SaaS anti-spam/anti-virus) www.emailcleanport.nl

2014 Partner BeNeLux (Personalized websites) www.convertplus.nl

2015 - heden Email/SMS payment link service www.paybylink.eu

3rd of March 2015

Secure Payments

Security Pays

Security matrix

Privacy

legislation Legal

liability

Quality

Syst.own

Program.

Educate

merchants

Hosting

issues

Website &

application

builders

Manage

ment

& reports

Marketing

Partners

chain

protection

WWW.PCISECURITYSTANDARD.ORG

PCI is so… credit card focussed

Security matrix

Privacy

legislation Legal

liability

Quality

Syst.own

Program.

Educate

merchants

Hosting

issues

Website &

application

builders

Manage

ment

& reports

Marketing

Partners

chain

protection

Security so… credit card focused

Basket/products

First name, Surname

Financial information

Credit card numbers

Storage: more and more in the CLOUD

Social Security Number

Passport numbers

Driver's license number

Delivery address

Mobile number

Email address

Date of Birth

Passwords

Hobbies

Order history

EU Directive 95/46/EC - The Data Protection Directive

“(46) Whereas the protection of the rights and freedoms of data

subjects with regard to the processing of personal data requires

that appropriate technical and organizational measures be taken,

both at the time of the design of the processing system and at the

time of the processing itself, particularly in order to maintain

security and thereby to prevent any unauthorized processing;

whereas it is incumbent on the Member States to ensure that

controllers comply with these measures; whereas these measures

must ensure an appropriate level of security, taking into

account the state of the art and the costs of their

implementation in relation to the risks inherent in the

processing and the nature of the data to be protected;”

Security matrix

Privacy

legislation Legal

liability

Quality

Syst.own

Program.

Educate

merchants

Hosting

issues

Website &

application

builders

Manage

ment

& reports

Marketing

Partners

chain

protection

Responsibility vs Liability

The OWNER of the domain.

The OWNER of the domain.

Who is responsible for the security of the website?

Who is legally liable?

The OWNER of the domain.

Who has to pay the costs and penalties?

SQL-injection

SQL Database

Error Disclosure

Directory Traversals Improper Error Handling

Application Source Code Disclosure Authentication

Bypass

Insufficient Session Expiration

Command Injection

SSL Injection

Malicious CGI Scripts

Buffer Overflows

Client Side Vulnerabilities

Directory Indexing

Server Nisconfigurations

How to involve marketing?

Privacy

legislation Legal

liability

Quality

Syst.own

Program.

Educate

merchants

Hosting

issues

Website &

application

builders

Manage

ment

& reports

Marketing

Partners

chain

protection

So, where are your monitoring reports?

“We have a great website builder with good reputation”

“We have the most secure hosting company”

“It’s their risk a well, so they will manage it…”

“Other companies check it, so…”

Vulnerability scan & report

All internal staff & external partners

involved and fully committed

www.domain.nl

Hosting1

Firewalls, IDS,

DMZ, Routers,

Gateways, Ports,

Services,

Emailservers

Websites(n)

Applications, CMS,

scripts, XML-

interface, API’s

Internet

DNS

www.domain2.nl

Hosting3

Websites(n)

Applications, CMS,

scripts, XML-

interface, API’s

Firewalls, IDS,

DMZ, Routers,

Gateways, Ports,

Services,

Emailservers

Helpdesk

Responsible: Board

Managers

Mayors

Executive

Report (PDF)

login.domain.nl

Hosting2

Websites(n)

Applications, CMS,

scripts, XML-

interface, API’s

Firewalls, IDS,

DMZ, Routers,

Gateways, Ports,

Services,

Emailservers

Suppliers Shopping

portals Logistics

System owners

Programmer

External partners

Marketing

How to involve marketing?

Privacy

legislation Legal

liability

Quality

Syst.own

Program.

Educate

merchants

Hosting

issues

Website &

application

builders

Manage

ment

& reports

Marketing

&

TRUST

Partners

chain

protection

If you invest in security, why not show it?

Malware verspreid via grote websites

Get trusted: “NO MALWARE”

www.convertplus.nl

How the buyer thinks…

How?

Enter URL in Google…

My URL not

on the first line?

Trust starts at search-engines

Ah, that one

is secure

How to recognize secure sites

Logische

keuze!

Broken link…

What?

This

cannot

be secure

Slow website…

Is the site

downloading

malware?

No SSL or even SSL-error message…

Don’t understand,

but looks scary...

Close window!

Can I recognize a secure website?

Floating logo,

very visible!

Fake website?

Easy to find and

understand!

Contact details in trustmark

Real webshop,

contact details

available!

NEW: Engagement mark

Trust

engagement

to click

3rd of March 2015

Secure Payments

Security Pays

Thank you!

BUSINESS TO YOU

www.b2u.nl

www.hackersafe.eu

Office: +31 297 381302

Email: hackersafe@b2u.nl