NTA Monitor

Latest News

New version of network scanning tool arp-scan released

15th March 2011 A new version of a respected and popular network scanning tool has been released. Read More

Tests show rise in number of vulnerabilities affecting web applications with SQL Injection and XSS most common flaws

1st March 2011 SQL injection and cross-site scripting (XSS) were the most common flaws found in web applications in 2010 according to results from tests carried out by NTA Monitor. Read More

Assess risk to manage effects of budget cuts

9th February 2011 Signs of economic recovery may be appearing in some industries, but for most organisations - particularly in the public sector - budget cuts and cost savings are here to stay for the foreseeable future. Read More

"Basic security threats not changed in 15 years"

1st February 2011 There may have been significant technological advances to the hardware and software organisations use, but according to Roy Hills, who co-founded NTA Monitor in 1996, the basic security threats have not changed in the last 15 years. Read More

Beware the Cyber Shoplifters warns NTA Monitor

As the recession starts to bite, the threat from 'cyber shoplifting' will increase for online retailers, warns leading IT security consultancy, NTA Monitor.

The majority of online retailers use a payment provider to process payments by simply verifying the card details and checking against the billing address rather than the entire transaction. NTA has found that by manipulating form variables on an online retail site or on the back-end payment gateway, cyber shoplifters may change the amount debited from their account or change the currency with which goods are purchased, both resulting in paying less for the items in their shopping basket.

The payment provider will just take the amount logged on the card against purchases made and the online retailer is left to pick up the difference.

Of those retailers who sell online, 85 per cent have experienced internet fraud in the year to April 08 and 64 per cent said internet fraud had increased*. Roy Hills, technical director at NTA Monitor comments: "As a PCI DSS Council Approved Scanning Vendor, we know only too well the serious situations that a company with significant security vulnerabilities can find itself in. Internet fraud is on the increase and 'cyber shrinkage' looks set to get worse in the lead up to Christmas unless retailers get their shop in order."

NTA Monitor has three wise tips for online retailers over the Christmas season:

Put procedures in place to check items against the amount paid and currency before they are dispatched. Anything sent by the browser should not be trusted and should, therefore, be verified before the item is dispatched and with all user data being received by the server validated on the server side.
Perform input validation on all client input using character white lists to limit common problems such as XSS & SQL injection.
Prevention is better than cure, so perform high level testing of online applications to identify weaknesses within the 'business logic' in addition to regular PCI and OWASP testing.

*British Retail Consortium's (BRC) Retail Crime Survey 2008

This article was first released on: 1st December 2008