In addition to vulnerability scans and coding practices, you may want to look at a web application firewall. If this is IIS, you could check out ThreatSentry (http://www.privacyware.com/intrusion_prevention.html) or ServerDefender AI (http://www.port80software.com/products/serverdefender/ ).
I personally use ThreatSentry on all my IIS servers but ServerDefender wasn't out when I was evaluating so I dont know how good that product is. Obviously, these products are NOT a substitute for better coding practices but it is another layer to consider in a defense-in-depth strategy. It also beats doing just scans since scans will tell you have a problem after the fact but a WAF will *help* protect you proactively. - Andy O. ________________________________________ From: Oliver Marshall [mailto:[EMAIL PROTECTED] Sent: Thursday, September 25, 2008 7:19 AM To: NT System Admin Issues Subject: Website security checking service Hi chaps, Can anyone recommend a website checking service that will check websites on a regular basis for security issues and report back ? One of our clients suffered an SQL injection attack this week, and on their new rebuilt server they are keen to get some element of reporting as to when any possible issues may be presented to visitors, or to be made aware as to when flaws are found in the sites. The sites change regularly and multiple teams work on any one site so a site that was once tight-as-a-nut may, the next week, be made in-secure by the action of another team. Olly -- G2 Support Online Backups Email: [EMAIL PROTECTED] Web: http://www.g2support.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
