WIXLIB

Essential BlackfridaySecurity ChecklistA must have checklist that any CTO can use toharden their website's securitywww.getAstra.com

For CEO & CTOIncident Response Plan for a security breachIncident response plans (IPR) provide instructions on how you should respond topotential hack scenarios, including data breaches, DoS (Denial of Service)/DDoS(Distributed Denial of Service), firewall breaches, virus or malware outbreaks orinsider threats.According to the SANS Institute, there are six key phases of an incident responseplan:1. Preparation: Preparing users and IT staff to handle potential incidentsshould they should arise2. Identification: Determining whether an event is indeed a security incident3. Containment: Limiting the damage of the incident and isolating affectedsystems to prevent further damage4. Eradication: Finding the root cause of the incident, removing affectedsystems from the production environment5. Recovery: Permitting affected systems back into the productionenvironment, ensuring no threat remains6. Lessons learned: Completing incident documentation, performing analysisto ultimately learn from incident and potentially improve future responseeffortsSANS Institute: An Incident Handling Process for Small and Medium BusinessesGet a Security audit (VAPT) doneA security audit/ VAPT (Vulnerability Assessment and Penetration Testing) to findsecurity bugs & loopholes in the website. Such an assessment is essential topatch "show stopper" vulnerabilities before the big sale day. A typical securityaudit helps you identify the following security issues: SQL InjectionBusiness Logic errorsCross-site Scripting (XSS)Amount Manipulation during checkoutDenial of ServiceBroken Access ControlWeak authentication/authorization

Unrestricted file uploads leading to 'shelling' of serverServer takeover possibilitiesOpen Redirection vulnerabilitiesAd-ware, Malware & BackdoorsInjection attacks like XSS, LFI, RFIGet an essential security audit done by AstraAdequately provision server resources to handle spurt in trafficIt is a good idea to have more bandwidth than you would plausibly needsince over-provisioning provides extra time to identify and deal with the attack. Itensures that the server is able to accommodate unprecedented spikes in trafficwithout causing outages for customers.Look for copycat & phishing websitesFinancial phishing attacks are expected to rise during the Black Friday sale andcontinues through Cyber Monday and Christmas. Identify copycat and phishingwebsites that hackers may be using to trick customers and steal their credit cardinformation.Search for 'typo domains' that may be spreading malwareSimilar to the previous point, typo domains could be used to spread malware andperform phishing attacks. You could report such content to their hosting providerand in some cases issue a DMCA takedown notice.

Setup a vulnerability disclosure programYou should create a vulnerability disclosure page so that hackers can responsiblydisclose any security loopholes they may find on your portal. This way you canensure that the details of the vulnerability are not disclosed to the public andyour website remains secure.You can create a responsible disclosure program in seconds through your Astradashboard.Use a Website Firewall (WAF) to detect threatsFirewalls tend to be a great defense against hack attempts, automated tools andbots. They'll block out malicious requests irrespective of the vulnerability beingthere in your website or not. It helps you to keep the bad guys away from yourinfrastructure.Setup Astra in minutes & be safe from 100 attacks, bad bots and more. Manageyour responsible disclosure page from the same dashboard. Signup now.

For Code & InfrastructureUse HTTPS/SSL to encrypt website trafficConfigure your web server to use HTTPS/SSL (Secured Socket Layer). It willencrypt the traffic from the visitor's web browser to your server. It is used toensure data confidentiality & data integrity through encryption and hashing.Redirect traffic from the HTTP version of the website to the HTTPS version foradded security. Set the Secure flag for all session cookies, use SSL certificateswith Extended Validation.You can get a free SSL certificate from Cloudflare or LetsEncryptStrengthen password policy to the backendApplications should enforce password complexity rules to discourage easy toguess passwords. The password change mechanism should require a minimumlevel of complexity as described below: Password must meet at least 3 out of the following 4 complexity ruleso at least 1 uppercase character (A-Z)o at least 1 lowercase character (a-z)o at least 1 digit (0-9)o at least 1 special character (punctuation) — do not forget to treatspace as special characters tooat least 10 charactersat most 128 charactersnot more than 2 identical characters in a row (e.g., 111 not allowed)You can use How Secure is my password? to check the strength of yourpasswords

Do not use weak password hashing algorithms like MD5Passwords must be stored in system using "Hashing". Storing plain passwords inyour database is unethical, wrong and extremely dangerous. Therefore,passwords must be hashed before storing them.Also the hashing algorithm used must be cryptographically secure and mustproduce a long random string, otherwise they can be cracked. Some securehashing functions: Argon2 is the winner of the password hashing competition and should beconsidered as your first choice for new applications;PBKDF2 when FIPS certification or enterprise support on many platforms isrequired;scrypt where resisting any/all hardware accelerated attacks is necessarybut support isn’t.bcrypt where PBKDF2 or scrypt support is not available.Disable unused and sensitive ports like FTP, SSH on the serverYou should restrict open ports, and ports exposed on the Internet for onlyessential services. Perform regular audits to detect new ports in the listeningstate, which could indicate unauthorized access and a security compromise.Often ports like FTP, SSH etc. are left open on the server allowing hackers tobrute-force or exploit vulnerabilities to gain access to the server.If it is necessary to use such services on a production server, put in place IPrestrictions such that only whitelisted IP addresses/ranges can access the server.Run an online port scan to see the open ports: Pen-test Tools - TCP Port Scan withNmap

Remove the unused sub-domains and websitesIt's always a good idea to reduce the attack surface area. Remove any code formthe server that you are not using. Hackers try to find security issues in unused &outdated software to gain access to the server and databases.You can make a list of all sub-domains by analyzing the CNAME records in yourDNS records.Use a CDN for storing assets, file uploadsStore assets like CSS, JS and image files on CDNs to reduce the server load duringthe sales. Use the CDN to store files/images that a user may upload on yourwebsite. It would prevent the server from being 'shelled'.Update your CMS and plugins with latest security patchesWith Content Management Systems (CMS)like Magento, OpenCart, WordPress being used by millions of websites, theybecome a ripe target for hackers to exploit already known security issues.Make sure you have installed the necessary security patches and using the latestversion of the core CMS and it's plugins as-well.Price manipulation testing for a safe checkoutWith this flaw a hacker is able to manipulate the price of the shopping cart andcomplete the purchase either for free or by paying a lesser amount. Put in placeadequate data validation checks in the checkout flow, for example: data typechecks, final amount checks and verification of transaction and billing amountafter the purchase has been completed.

Such a loophole would be identified with Business Logic security testing. In thepast it has been seen that 2 out of 5 hackers are 'Financial hackers' who try toexploit the system for their own financial gain.Secure the admin areaIt's super important to restrict access to the admin area/backoffice of yourwebsite. It is a favorite target for hackers and usually the first place they try tohack. You should leave no stone unturned for securing this area. Some suggestedsecurity measures are: Change the default admin URL to something unrelated and difficult for ahacker to guess.Restrict access to admin area so that only trusted IP addresses are allowedto connectUse Two-factor Authentication (2FA) for logging inPlace HTTP authentication in addition to the default login & passwordLimit login attempts from a certain IP/SessionLog all successful/failed login attemptsUse a VPN to access this secure areaUpdate the server OS and modulesEnsure that your production servers are using the latest version of the operatedsystem with all the patches in place. Remove unnecessary modules whichconsume bandwidth and critical server resources.

For organizationStrict access control for current & former employeesKeep a track of server/website/admin access granted to staff. Follow the principleof least privilege when giving access and revoke rights immediately once theperson leaves the company or no longerneeds to have access.Incident Response Team monitoring vital stats during the saleA rapid, accurately targeted, and effective response can minimize the overalldamage to finances, hardware, and software caused by a specific incident.The Incident Response team should be actively monitor critical serverstatistics like:1.2.3.4.5.6.7.8.Server UptimeServer Resource UtilizationUnauthorized computer or data accessToo many failed login attempts to website, backend, FTP/SSH etcPresence of a malicious application, such as a virusPresence of unexpected/unusual programs on the serverDenial of service condition against data, network or computerMisuse of service, systems or informationGet Astra to monitor your website's security for Black FridaySpecial instructions for non-tech team membersPrepare them for the sale and ask them to report any abnormal or unusualactivity on the website. They should be trained not to click on suspicious lookinglinks or divulge any sensitive information to un-trusted or un-verifiedpeople/emails.

Ensure devices are secureDevices that are used to connect to the admin/back-office of the website shouldbe secure from malware, backdoors and other infections. Perform regularmalware and virus scanning on those machines. Do not login to secure areasfrom public or untrusted computers/mobile devices.Continuous backups of files & databaseTake continuous (preferably daily) full backups of ALL the files and the databasesbeing used on the server. Store the backups on an external server and on yourlocal machine in case of an emergency. It will help you restore the website quicklyin the case of a compromise.Monitor third party solutions (CRM / dev environment / supportsoftware)Monitor for suspicious activity, garbage data, malicious looking links etc. to see ifa hack is underway. Self-hosted solutions could also be used an as entry point tothe server and the internal network.