Quote:

This site is tested and certified daily to pass the FBI/SANS Internet Security Test. The "live" HACKER SAFE mark appears only when a web site's security meets the highest security scanning standards of the U.S. government, Visa, MasterCard, American Express, Discover and JCB.

Sites free of all known vulnerabilities that can be remotely scanned for, such as those earning HACKER SAFE certification, prevent over 99.99% of hacker crime.

This information is intended as a relative indication of the security efforts of this web site and its operators. While this, or any other, vulnerability testing cannot and does not guarantee security; it does show that www.hardwarestore.com meets all payment card industry guidelines for remote web server vulnerability testing to help protect your personal information from hackers. HACKER SAFE does not mean hacker proof. HACKER SAFE certification cannot and does not protect any of your data that may be shared with other servers that are not certified HACKER SAFE, such as credit card processing networks or offline data storage, nor does it protect you from other ways your data may be illegally obtained such as non-hacker "insider" access to it. While ScanAlert makes reasonable efforts to assure its certification service is functioning properly, ScanAlert makes no warranty or claim of any kind, whatsoever, about the accuracy or usefulness of any information provided herein. By using this information you agree that ScanAlert shall be held harmless in any event.

Quote:

Step3

Web application testing is the third phase of ScanAlert's daily security audit, and perhaps the most important. According to analyst firm Gartner Group, an estimated 70% of all security breaches today are due to vulnerabilities within the web application layer. Traditional security mechanisms such as firewalls and IDS' provide little or no protection against attacks on your web applications. During this testing phase, all HTTP services and virtual domains are checked for the existence of potentially dangerous modules, configurations settings, CGIs and other scripts, and default installed files. The web site is then "deep crawled," including flash embedded links and password protected pages, to find forms and other potentially dangerous "interactive elements." These are then exercised in specific ways to disclose any application-level vulnerabilities such as code revelation, cross-site scripting and SQL injection. Both generic and software specific tests are performed in order to uncover misconfigurations and coding error vulnerabilities.

This three phase approach to vulnerability auditing enables us to perform more accurate audits with less load on your servers. It also enables us to run any single test or test phase on a target to detect changes, test specific ports or vulnerabilities, or run web application only tests on multiple web sites residing on a single server.

Quote:

Daniel Patterson, lead Webmaster for Shoppers Choice, says his company has since corrected the XSS vulnerability on its site and will be looking for other potential bugs. "It was surprising -- we thought we had fixed the problem a while back," Patterson says. "It is also surprising that Hacker Safe apparently had not notified us of a seemingly popular method for XSS."

Quote:

ScanAlert has some big-name Hacker Safe customers: A&E Television Networks, Ace Hardware, American Red Cross, Fidelity National Financial, General Nutrition Centers, HP, Johnson & Johnson, NIKE, Northrop Grumman, PETCO, Ritz Camera, Sony, The Sports Authority, The World Bank, U-Haul, Visa, Warner Brothers, and Yahoo. None of these companies were found to have vulnerabilities by sla.ckers.org.

Quote:

"We are all just doing this on the side," says "Kyran," a member of Sla.ckers group. "There is no targeted or unified effort. Rather scary isn't it? A small group of people doing this in their spare time, finding so many XSS vulns. It really makes you wonder what the real bad guys are doing."

Quote:

www.nike.com/nikewomen/index.jsp?X';}alert('XSS');if(1==1){x='x