If you own or manage a website you’re probably focused on improving the look and feel of the site, its traffic, speed, and functionality. Is website security a priority for you? For many website owners, it isn’t…until their website gets hacked.
The consequences of a website hack can be detrimental to your company, including a hit to your brand’s reputation and bottom line. Large companies are well aware of this, which is why many have “Bug Bounty Programs” to reward website users for finding and reporting bugs, like exploits and vulnerabilities that live on their websites. There have been two popular bug bounty cases in the news lately with organizations you’re probably familiar with, the United States Pentagon and Facebook.
Hack the Pentagon
Naturally, security is a top priority for the United States Pentagon. This is why the Pentagon has recently introduced its own bug bounty program called ‘Hack the Pentagon.’ It invites pre-approved experts to find and identify problems in some of the public U.S. Defense Department websites. The individuals who find security holes will be rewarded with up to $150,000. Having a controlled environment to identify vulnerabilities allows them to be addressed before cyber criminals can exploit them.
Ash Carter, Defense Secretary says, “We can’t just keep doing what we’re doing. The world changes too fast; our competitors change too fast… I am confident that this innovative initiative will strengthen our digital defenses and ultimately enhance our national security.”
Facebook Bug Bounty Program
What better way to identify vulnerabilities fast than by creating a whitehat program that is open to the public? According to their website, Facebook recognizes and rewards security researchers who report vulnerabilities that pose a privacy or security risk to facebook.com, instagram.com or any of its related websites.
This month, researcher Anand Prakash was awarded $15,000 for finding and reporting a password flaw on Facebook.com. This particular password flaw gave cyber criminals access to accounts without the account owner’s knowledge. Prakash tested this vulnerability on his own account by using a brute-force attack to break into and gain access to information saved on the account, including photos, videos, messages and financial information stored in the payment section. Once in, he was able to set up a new password, which would essentially lock the real user out of their own Facebook account. A brute-force attack is a type of DDoS attack used to calculate every possible combination that could make up a password and testing it to see if the password is correct. With his help, Facebook learned that anti brute-force measures were missing from some of its beta pages.
While Facebook and the Pentagon are ideal targets, hackers do not discriminate. Fifty percent of small businesses have been the target of a cyber attack. Fortunately, you don’t need to create a bug bounty program to have website security. You can prevent a brute-force attack and other common DDoS attacks with the use of a web application firewall (WAF).
Call the SiteLock Website Security Consultants to find out how a web application firewall works and how it can protect you from an attack. We’re available 24/7 to help at 877.563.2700.