Ford & Slater Security Test
Ford & Slater’s public facing web site had a small administration area that allowed Ford & Slater’s staff to make small changes to content and access customer enquiries.
“I think like many companies, we’d taken careful steps to ensure our web server infrastructure was secure, but when it came to the ASP software running within our web site, we’d simply assumed security would be taken care of by our existing digital agency”.
Joint Managing Director Nigel Strevens met Xibis Director Simon Perry when they competed in a league tennis match.
“After the game we talked about what each other did for a living and it was obvious that Simon was passionate about web security, and particularly concerned about the current state of the web development industry”.
The next day, Xibis offered to check the Ford & Slater web site for security problems.
“Xibis asked me to sign an agreement that gave them permission to penetration test my site. Simon explained that they were going to try and hack into my web site, and may be able to access confidential information”.
“I’d asked Xibis for a 'quick check' of the website rather than a full audit – and I certainly received the results quick”.
“Within a ½ hour of emailing the agreement to Xibis, Simon phoned me to let me know about a serious problem - and proved this by telling me what my administration password was. I’d given Xibis nothing but our website domain name and my permission. It really showed just how vulnerable our website was”.
After quickly taking the system offline, Ford & Slater went back to the agency that originally built the system to ask them to have a thorough check of the security.
“They were as surprised as we were – which was actually a bit scary!”
Simon took time to explain the issues in detail, even retrieving the password a second time to demonstrate the problems properly in a meeting with Nigel and the Ford & Slater Group IT Manager.
“Even using just Notepad and Internet Explorer on our office computer and explaining what he was doing as he went along, it still took less than five minutes to repeat the process”.
While not every website is quite this vulnerable, Xibis estimates that more than a quarter of systems they’ve looked at have had a problem that is just as easy to exploit. Rarely does the client even suspect they are there, and they are often very confident that the system will be secure.
Ford & Slater have now fixed the problems in their Extranet and their new upgraded system has been through Xibis’s thorough security testing process.
Get in touchXibis Limited, 67 London Road,
Oadby, Leicester LE2 5DN
Or call us on0116 272 9990