Security is something that is important when the public has the ability to access the services. The ability for people to penetrate a network is dummy proof and my grand ma could do it with guidance. I do not want to show someone how to do this. The reason is because that will just increase the amount of people trying to penetrate the network.
My personal goal is to increase perception and help teach people to lock the doors to your servers. The problem is IT needs to approve a reason to spend the money. Identify specific security failure and risk help to justify securing your computer infrastructure. It is easy to justify a few thousand dollars expense if you are not the next target with a average of 4 million dollar cost due to a hack.
Cross site scripting error
import proper password storage
– default password (ask you vendor and verify this is not used)
– security gardening steps
lack of vpn and firewall
legal requirements based on jurisdiction
If any of the above security check fail you need to get a security audit and resolve the security failers right away. Treat the failure as a warning and assume you have additional issues. The failure is the bird in the coal mine. Each day you wait to fix the issue is another day you can be attacked. Each day is another oppurtiny for your company finance and data to be attacked. Fix your security and focus on security for all new development.