@Will, Tom & Kevin: I've been using it and it does a good job of catching some very common issues. Its basically doing a daily Nessus security assessment and will flag quite a number of things, including XSS, SQL injection and vulnerable 3rd party apps. Overall its a good investment and they help you become PCI-certified, a requirement of the credit card companies.
@Tom "Having a security audit is a good thing, but I wouldn't say a sign saying 'we're secure' drives people one way or the other." I beg to differ. We've actually asked some of the customers and they do have a greater sense of security when they see the HackerSafe badge. So it has had a positive impact on the site. @Kevin: "Plus unless you're saving Credit card data and run on a poorly configured server, SSL pretty well keeps you covered as long as you make sure your application is solid. The biggest threat to online consumers is there own machines and how well they maintain and secure them." Thats a fairly simplistic view of site security. XSS right now accounts for the majority of attacks on sites and having regular audits, coupled with good coding practices, helps to ensure that you don't run into issues. Of late, the server component isn't the big target, its the application itself. Services such as ScanAlert help you lock those down. Rey... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:259453 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
