SiteLock is backed by tenured investors with a heritage in providing web and telecommunications solutions to online businesses. It is run by seasoned security veterans trained at Caltech, MIT, Wharton and Stanford.
$60.00 per year
- Deep 360° Site Scan (see below)
- Reputation Management
- Spam Verification
- Malware Scanning
- SSL Verification
- Business Verification
- Phone Number Verification
- Verifiable Trust Seal
- Unlimited Expert Support
- Network Security Scanning
- Automatic Malware Removal
- FTP Scanning
- File Change Monitoring
Daily Deep 360° Scanning
- User Web Application Scan
- User Plug-in Application Scan
- Brute Force Attacks Scan
- Backdoor Vulnerability Scan
- SQL Injections Scan
- Cross Site Scripting (XSS)
- Up to 500 Pages Scanned
What is it? SQL injection, is an extremely damaging attack in which hackers will attempt to access information stored in your database, such as customer data or user ID’s and passwords. SQL stands for Structured Query Language and is the programming language understood by databases. By inserting commands from this programming language into fields on your website’s input forms, hackers can gain access to the database records of vulnerable sites, stealing credit card data, passwords, email addresses and any additional data available in the database.
What is the impact? The impacts of this type of attack can be devastating. A recent example is the attack carried out on Sony’s networks, in which thousands of credit cards were stolen. The company has spent millions to recover. It can also badly damage your company’s reputation by exposing your customers’ private data to criminals.
How does SiteLock protect me? Their patent-pending 360-degree scan technology tests each input box on your website to ensure that they are not vulnerable to this type of attack. They verify the safety of each input box on your website by inserting code in the way hackers would. They do not read or collect any data, however. They use safe test procedures and code and if they discover a vulnerability in the testing, they report it to you immediately. SiteLock’s Expert Services team can also help you remove these issues from your site.
What can I do about it? Make sure any applications you use are kept up-to-date and limit the use of third-party plug-in’s where possible as they can be a source of many issues and may be updated less frequently or created by unscrupulous publishers. Use a website scanning service that includes SQL injection scans, such as SiteLock Premium. If you are writing your own code, be sure to validate your input fields for special characters and ensure you are checking for this type of hacking in your database procedures called from the website.
Cross-Site Scripting (XSS)
What is it? Cross-Site Scripting, or XSS, is a type of attack used by hackers to control the content of your web pages. Hackers will insert a piece of code into your site, usually through an input field such as a search box, user ID, or Name/Address box. If your website is vulnerable to this type of attack, the hacker can control the content of your page, including the user’s cookies or session variables.
What is the impact? Hackers use this type of attack to trick your visitors into providing personal data. Since visitors believe they are providing this information to your site, they are likely to provide sensitive information to hackers, since they trust your business. Hackers use information collected, such as user names, passwords, credit card information, etc. to carry out identity theft and other criminal activities.
How does SiteLock protect me? Their patent-pending 360-degree scan technology tests each input box on your website to ensure that they are not vulnerable to this type of attack. They verify the security of each input box on your website by inserting code in the way hackers would. Instead of taking over your page, though, they simply use harmless test procedures.
What can I do about it? Make sure any applications you use are kept up-to-date and limit the use of third-party plug-in’s where possible as they can be a source of many issues and may be updated less frequently or created by unscrupulous publishers. Use a website scanning service that features XSS scripting scans, such as SiteLock Premium. If you are writing your own code, be sure to validate your input fields for special characters and ensure that the settings for your code are frequently updated and hardened for security. You can also take advantage of SiteLock’s Expert Services team to correct any issues they identify in the scans.
What is it? Application scanning will verify the applications you’ve installed on your website against known vulnerabilities. As application versions age (like Windows 2000 or WordPress 1.0), hackers will find ways to attack these programs. The publishers then update them with newer versions, which you need to upgrade to in order to stay safe. They verify your version against catalogs of vulnerabilities to ensure you are running safe software on your site.
What is the impact? The impacts of this type of attack are wide-ranging, as it depends a great deal on the type of application. For most web applications, the vulnerabilities are likely to be Cross-Site Scripting or SQL injection.
How does SiteLock protect me? Their scanners identify applications you have installed and which version you have. They compare that to industry and proprietary lists to determine the security of your installation. If they discover a vulnerability in the testing, they report it to you immediately and can help you upgrade your and secure your site.
What can I do about it? Make sure any applications you use are kept up-to-date and limit the use of third-party plug-in’s where possible as they can be a source of many issues and may be updated less frequently or created by unscrupulous publishers. Use a website scanning service that includes Application vulnerability scans, such as SiteLock Premium.
What is it? SiteLock’s patent-pending 360-degree scan helps you make sure your website and communications are reaching your visitors as intended in three key ways:
Malware blacklist monitoring: SiteLock monitors search engine and proprietary lists of sites reported as malware to make sure visitors arrive at your site, not a “Red Screen” warning from their browser or search engine.
Email spam blacklist monitoring: SiteLock compares your email address, domain name, and email server to industry and proprietary lists used by popular email programs to identify which messages to mark as “Spam”. This ensures that your emails reach your customers’ inbox – not their spam folder.
SSL scanning: If you have an SSL certificate installed on your site for data encryption, SiteLock will scan that certificate to verify that it is not expired or otherwise out-of-compliance with web browser expectations. This prevents users from seeing warnings about data security when they visit your site.
What is the impact? Failure to keep up with and monitor any of these items can result in lost customers, abandoned visits to your website, and wasted marketing and website design efforts.
How does SiteLock protect me? Their scanner verifies your website, email, and SSL to ensure uninterrupted communication with your customers. If you ever do get included on one of these blacklists or non-compliance lists, SiteLock’s Expert Services team can help get you back up and running normally in a hurry.
What can I do about it? Use a website scanning service that includes reputation management, such as SiteLock Premium.
Network security vulnerabilities
What is it? Network servers have devices on them known as ports. Each port is set up to understand a certain type of language. There are ports, for instance, for database applications, website content, email, instant messaging/chat, etc. They are similar to channels on television or a CB radio. Each port is either open or closed to the outside world, meaning it will “listen” to requests for that type of service. If a port is open, it is an opportunity for a hacker to attempt to access data or files on that server. Some ports need to be open, such as the port for web content on your Internet server. Others should not be (like the email or database ports on the same server). Opening unnecessary ports can expose sensitive data and systems to hackers.
What is the impact? If hackers are able to access your network, the damage they can do is extensive. Depending on what parts of the server/network they reach, they could steal data, deface your website, or worse.
How does SiteLock protect me? They check each port (thousands) on your servers to make sure that only the appropriate ones are open for the type of server you are using (email ports for email servers, web ports for web servers, etc.). We’ll notify you if anything looks out of the ordinary so you can correct the issue.
What can I do about it? Close all unnecessary ports. Make sure your ports that are open are protected using strong security. Use a website scanning service that includes network scanning, such as SiteLock Premium. SiteLock’s Expert Services team can also help you lock down your network to prevent attacks.
Frequently Asked Questions
How does SiteLock notify customers when it finds an issue? SiteLock will inform the site owner by email. The report will provide complete information about the issue that is found along with help to correct it.
What happens if SiteLock finds a vulnerability? Will the SiteLock seal tell visitors that a website has failed? Site visitors will not be alerted to any problem. The SiteLock seal will simply continue to display the date of the last good scan of the website. If the site owner fails to rectify the problem, within a few days SiteLock will remove the seal from the site and replace it with a single pixel transparent image. At no point will SiteLock display any indication to visitors that a website has failed a scan.
Will SiteLock impact website performance? No. SiteLock scans won’t impact the performance of a website. The SiteLock seal has no impact on load times.