Test-Achats found that 55 out of 100 web stores are not secure

Test-Achats recently found that some Belgian web stores leave the door open for intruders. We at Combell consider Internet security a top priority and therefore offer various features that you can very easily enable to protect your web store. In this article, we will give you an insight into how you can use them.

Web store security: good news and bad news

Last month, Test-Achats investigated the security of web stores. The consumer organisation also wanted to see if the situation had improved since an earlier study conducted in 2015. Both tests examined 100 popular web stores. And there was both good and bad news.

  • The bad news: there are 5% more web stores offering poor security.

  • The good news: the number of critical issues has decreased compared to 2015 (from 33 to 25).

Test-Achats based its study on the OWASP top 10, which lists the ten most common security risks, and found that 23 web stores contained critical vulnerabilities, including cross-site scripting or code injection. Test-Achats found that 2 web stores suffered very serious vulnerabilities – one of them even allowed hackers to access customer data.

Consequences for the customer and the web store

The consequences of these security risks can be very serious. A hacker could e.g. replicate a login or payment screen and hijack a session from the user or administrator. And when a hacker gets access to the customer database, he can use this data to send a convincing phishing e-mail containing the customer's details (last name, first name, past orders, etc.).

Not only will your user be harmed, but the reputation of your web store will suffer severe damage as well. Some vulnerabilities will also have a negative SEO impact on your ranking in search engines. And, last but not least, since the introduction of the new General Data Protection Regulation (GDPR), you run the risk of being fined considerable amounts if you do not sufficiently protect your customers' data. For the record, Test-Achats has also informed the Data Protection Authority (DPA) of the findings of this investigation.

TIP: You may also want to read our article entitled “GDPR: What you should know as a Combell customer

Combell helps you secure your web store

Proper security is paramount. Combell is therefore doing its utmost to make the Internet a safe place for everyone. We also have partnerships with quality labels from Safeshops and beCommerce and contribute to the development of their security labels.

Unfortunately, there is no such thing as absolute security on the Internet. But having your web store screened by these quality labels will ensure you have good foundations for your web store. And with the addition of our expertise, you can be sure that your web store offers a great level of security.

With your cooperation, we want to create a secure environment where your customers can shop in full confidence and where e-commerce can grow. That is why our hosting includes several tools that help you secure your web store:

Free HTTPS connection for your web store

Free HTTPS with Let's EncryptThis requires an SSL certificate, which is not a problem since Combell offers you a free Let's Encrypt SSL certificate with your web hosting. This way, third parties cannot spy on you or intercept traffic to and from your web store. If you require additional guarantees, we will be happy to provide you with advice on the type of certificate that is required for your web store.

Automatic patching of security vulnerabilities

For your Linux hosting package, our automatic patching system scans all the files of your website, as well as the software of protocols, scripts and applications. It checks if there are any vulnerable files, or if some files contain malware. Via the control panel, you can decide whether Combell should automatically patch these files or not. By patching the software vulnerability, hackers will no longer be able to exploit these bugs.

Remember that patching is only a temporary solution. Later, you will have to update the software itself.

We allow hackers to “attack” us

We allow hackers to “attack” usWe are committed to ensuring the highest level of security for our web hosting platform. We take all possible measures and have a team of experts who are constantly dealing with this issue. And yet we are going one step further. After all, who can better understand a hacker’s malicious intent than a hacker himself? That is why we collaborate with a bug bounty platform, where ethical hackers (= white hat hackers) thoroughly test our infrastructure.

Obviously, they do not really break in, but they do find the very last vulnerabilities before ill-intentioned people do so. This superior screening system allows Combell customers to rest even easier.

Combell Shield, the most comprehensive protection for your hosting

Hosting provider protects against hackers, malware and DDoS attacksYour Combell web store also benefits from Combell's renowned security features:

  • 24/7 monitoring of your website makes brute-force attacks impossible
  • Premium protection against hacking and malware
  • First-class firewalls keep every intruder away
  • Combell’s gigantic network withstands DDoS attacks
  • Hosting in a physically strictly monitored and secured data centre

All these security features are part of Combell Shield, the most comprehensive protection for your hosting.

Are you interested in learning more about how to keep your web store safe from intruders and thieves?

Download our free e-book (in Dutch)