Thuiswinkel.org want online shops to check on sql-injection and xss leaks with the help of ready-made tools. Within two to three weeks the tests are completed. Then it would also prove what the requirements are for the web shops must meet.
Thuiswinkel.org, the organisation behind the eponymous hallmark for webshops, wants its members by external parties to test the security of their websites. On the basis of which is determined or a web shop, the label can be retained. Director Wijnand Jongen stresses that it is not certain that the ready-made tools before to actually be used, because the members of the measure still must approve.
The intention is that the current requirements of affiliated merchants at least have to meet, such as a ssl certificate, to be complemented with security requirements. The requirements include some basic security measures against sql injection and cross site scripting. The precise terms and conditions for the time being not fixed, because that is the sole care-intensive’. “A concept must as soon as possible ready for release, expected within two to three weeks”, let the Boy prompted, know.
Thuiswinkels that are unsafe prove and over a number of weeks to the final requirements, run the risk of been suspended or even be expelled. Although a part of the consumers think that a shop with the mark is safe, no need to do that according to the Boy not to be so. He calls it ‘impossible’ to web shops as safe to call. “The requirements change all the time. Within a short time, there may be other vulnerabilities.”
Besides the security requirements, wants, Thuiswinkel.org together with security experts also a wiki with the warnings publish. These will include guidelines to minimize personal information of customers, such as medical data. This hopes to be the organization to say that ‘awareness’ in its members to create.
The measures follow after the discovery by a 17-year-old student last week. He was in two days time, vulnerabilities in 160 shops with the home Shopping.org-certificate. The vulnerabilities found were mainly cross site scripting leak, where cookies could be traced and malicious code could be executed. Among other things Baby-Dump.nl and Kabeltje.com bleaching vulnerabilities, contain.