Is your web site “Hacker Safe”?

Filed under Hacking

Perhaps not if your one of 80,000 web sites that display the small green logo proclaiming your web site is “Hacker Safe”. I recently read two good articles one on Dark Reading and the other in the Computerworld mag that I get. While I understand that this is a marketing persons dream..promote your site as secure and not able to be hacked…”see all the customers that come and buy your products”! In the long run this is probably a bad idea. While I agree that what the “Hacker Safe” program by ScanAlert does at a basic level, scanning for known web site vulnerabilities, should be part of any overall vulnerability management program. However, in addition to automated scanning you have to conduct manual penetration testing on these applications as well on a frequent basis…automated scanners have a place but you cannot rely on these scanners 100% and then declare yourself “Hacker Safe”. If there is one lesson you learn in security and it’s “nothing is 100% secure”.

Both of these articles focused on the recent hack in which an undisclosed number of customers had personal and credit card data compromised. was a “HackerSafe” customer. However, note that the ScanAlert people mentioned the web site was “probably” hacked when they withdrew their “Hacker Safe” certification when they found vulnerabilities. How ironic…so how is a potential customer supposed to know that a web site one day is “Hacker Safe” and the next day it isn’t? By removing a logo temporarily? Perhaps during this “probable” period and ScanAlert should have changed the “Hacker Safe” logo to “Hackers- Safe to Hack”. Seems like a poor attempt from ScanAlert to do damage control.

Whats the lesson here? It may seem like a great marketing idea to call your site “Hacker Safe”…but in the long run…if you get hacked it will soon turn into a marketing disaster that your company will not want to face. Putting any kind of logo or certification declaring your site is secure is a bad idea.

Post a Comment

Your email is never published nor shared. Required fields are marked *