Today I’ve been helping a small business with their website security, specifically in obtaining PCI Compliance. They are currently in the process of trying to obtain PCI Compliance and, unfortunately, their website has a number of serious vulnerabilities.
It’s interesting that there are a great many tools available for finding vulnerabilities and bringing them to the attention of the customer, even going so far as to try and word the vulnerability descriptions in such a way that a layman could understand it, yet there’s no information on how to go about getting these issues resolved.
What people want is not so much to be told about the errors, but to be told how to get rid of them.
It’s all very well and good telling the average person what a cross site scripting vulnerability is, or how an SQL injection vulnerability might be used to steal credit card data. But who do they go to in order to get rid of the problem?
The bigger security organisations out there won’t even consider looking at a small company’s website. They charge tens of thousands of pounds to run a penetration test to find vulnerabilities that will prevent a user from getting PCI Compliance, but otherwise they’re generally not interested. A small company doesn’t want to and generally cannot afford to pay that kind of money.
Well that’s where I step in. I’ve worked for a large security company. I’ve done website security work for large e-commerce websites. I’ve done network security. Now I’m offering my expertise to small companies at sensible rates. If you need help getting PCI Compliance then give me a call to discuss.