Archive for the ‘HR and Payroll’ category

Dynamics HR, and Talent, recent updates- December 2019

December 7th, 2019

Microsoft will continue investing in operational HR solutions with the erp version with a Dynamics 365 Human Resources to be released early next year on February 3, 2020.

This builds on the current core HR capabilities that are in Dynamics 365 Talent today
. It’s a branding and marketing change for core HR capabilities.
Microsoft will also be incorporating the ‘Ax’ partner adds on from Dynamics partners Four Vision, and Elevate, to further enhance the offering within leave and absence, time and attendance, and benefits administration. These new capabilities will begin rolling out within Dynamics 365 Human Resources in early 2020.

Expected updated licensing.

Microsoft recently announced, via a blog post. the decision to retire the Dynamics 365 Talent: Attract and Dynamics 365 Talent: Onboard apps on February 1, 2022, They will transition Attract and Onboard customers to a solution of their choice. This does not affect those who only use the core Talent module.

To allow time to opt-in, Dynamics 365 customers that are entitled to but are not currently using Attract or Onboard will have until February 3, 2020 to notify Microsoft that they intend to implement Attract and/or Onboard. You can opt- at any point between December 6, 2019 and February 1, 2020. If you are not currently using Attract and/or Onboard and want to opt-in to ensure service availability until February 1, 2022, submit a support ticket before 1 Feb 2020.

Meanwhile Synergy Software Systems continues to implement and support its own GCC localised HR and Payroll module built inside both Dynamics Ax 2012 and Dynamics 365 , and proven with around 50 company implementations.

Windows Server 2008 and 2008 R2 support will end January 14, 2020- ask Synergy Software Systems about options.

November 16th, 2019

On January 14, 2020, support for Windows Server 2008 and 2008 R2 will end. Only 2 months away
That means the end of regular security updates.

Don’t let your infrastructure and applications go unprotected.

We’re here to help you migrate to current versions for greater security, performance and innovation.
009714 3365589

Enhanced HA and DR benefits for SQL Server Sofware Assurance from 1 November.

November 5th, 2019

The enhanced benefits to SQL licensing for high availability and disaster recovery that are listed below are now applicable to all releases of SQL Server for a customer with SQL Server licenses with Software Assurance. The updated benefits will be available in the next refresh of the Microsoft Licensing Terms.

Business continuity is a key requirement for planning, designing, and implementing any business-critical system. When you bring data into the mix, business continuity becomes mandatory. It’s an insurance policy that one hopes they never have to make a claim against in the foreseeable future. SQL Server brings intelligent performance, availability, and security to Windows, Linux, and containers and can tackle any data workload from BI to AI from online transaction processing (OLTP) to data warehousing. You get mission-critical high availability and disaster recovery features that allow you to implement various topologies to meet your business SLAs.

A customer with SQL Server licenses with Software Assurance has historically benefited from a free passive instance of SQL Server for their high availability configurations. That helps to lower the total cost of ownership (TCO) of an application using SQL Server. Today, this is enhanced for the existing Software Assurance benefits for SQL Server which further helps customers implement a holistic business continuity plan with SQL Server.

Starting Nov 1st, every Software Assurance customer of SQL Server will be able to use three enhanced benefits for any SQL Server release that is still supported by Microsoft:
• Failover servers for high availability – Allows customers to install and run passive SQL Server instances in a separate operating system environment (OSE) or server for high availability on-premises in anticipation of a failover event. Today, Software Assurance customers have one free passive instance for either high availability or DR
• Failover servers for disaster recovery NEW – Allows customers to install and run passive SQL Server instances in a separate OSE or server on-premises for disaster recovery in anticipation of a failover event
• Failover servers for disaster recovery in Azure NEW – Allows customers to install and run passive SQL Server instances in a separate OSE or server for disaster recovery in Azure in anticipation of a failover event

With these new benefits, Software Assurance customers can implement hybrid disaster recovery plans with SQL Server using features like Always On Availability Groups without incurring additional licensing costs for the passive replicas.

A setup can use SQL Server running on an Azure Virtual Machine that utilizes 12 cores as a disaster recovery replica for an on-premises SQL Server deployment using 12 cores. In the past, you would need to license 12 cores of SQL Server for the on-premises and the Azure Virtual Machine deployment. The new benefit offers passive replica benefits running on an Azure Virtual Machine. Now a customer need to only license 12 cores of SQL Server running on-premises as long as the disaster recovery criteria for the passive replica on Azure Virtual Machine is met.

If, the primary. or the active replica. uses 12 cores hosting two virtual machines and the topology has two secondary replicas: one sync replica for high availability supporting automatic failovers and one asynchronous replica for disaster recovery without automatic failover then . the number of SQL Server core licenses required to operate this topology will be only 12 cores as opposed to 24 cores in the past.

These high availability and disaster recovery benefits will be applicable to all releases of SQL Server. In addition to the high availability and disaster recovery benefits, the following operations are allowed on the passive replicas:
• Database consistency checks
• Log backups
• Full backups
• Monitoring resource usage data

SQL Server 2019 also provides a number of improvements for availability, performance, and security along with new capabilities like the integration of HDFS and Apache Spark™ with the SQL Server database engine.

SnapLogic iPasS integration as a service – from Synergy Software Systems.

October 20th, 2019

Business Intelligence Managers/Analysts, Data/ETL Engineers, and Information/Data Architects are tasked with empowering business users to make use of
data to drive smart decisions and innovations. Data-driven initiatives can be challenging considering the explosion of data volumes due to the proliferation of sensors, IoT, and mobile computing.

Moreover, a growing number of groups within the business want access to fresh data.

To fully harness their data, organizations must also have a cloud strategy for their digital transformation efforts, namely to migrate data from
on-premises environments to the cloud. Considering the tremendous business value of unlocking that data, it’s imperative to prioritize and streamline these
data integration and migration projects.

Gone are the days when IT needed hundreds of coders to build extract, transform, load (ETL) solutions and then maintain those by writing more code. Modern integration platforms eliminate the need for custom coding. Now, data integration projects deploy and scale, often as much as ten times faster.

iPaaS platforms ease the pain because they’re designed for flexibility and ease of deployment for any integration project. A drag-and-drop UX coupled with a powerful platform and hundreds of pre-built connectors out of the box.

The connectors are always up-to-date, so the IT organization doesn’t spend an inordinate amount of time maintaining every integration by hand. This saves an incredible amount of time, money, and frustration across the team and projects and greatly reduces risk.

Not all integration platforms are created equal. Some do simple point-to-point cloud app integrations while others transform large and complex data into a data lake for advanced analytics. Some stgill require extensive developer resources to hand-code APIs while others provide self-service, drag-and-drop offerings that can be used by IT and business leaders alike. Some are best for specific tactical projects while others provide a strategic, enterprise-wide platform for multi-year digital transformation projects.

Organizations must address four key steps during the data migration and integration process:
1. Capture data that supports both the known use cases as well as future undefined use cases (think IoT data to support a future machine learning
enabled use case).
2. Conform inbound data to corporate standards to ensure governance, quality, consistency, regulatory compliance, and accuracy for downstream
consumers.
3. Refine data for its eventual downstream application and/or use cases (once its been captured and conformed to corporate standards).
4. Delivery of data needs to be broad and prepared to support future unknown destinations.

For decades, IT has been tasked to manage integration projects by writing tons of custom code. This onerous task is even more complex with the proliferation of SaaS applications, the surge in big data, the emergence of IoT, and the rise of mobile devices. IT’s integration backlog has exploded. Not only is the deployment too much work, but there is a growing cost to maintain all of the integrations.

Deploying a tactical or departmental data warehouse solution should take days, not months. Moreover, enterprise-wide data transformation projects should take months, not years.

The best data integration platforms:
- Support multiple app and data integration use cases across cloud, on-premises, and hybrid deployments
- Offer the flexibility to be used in cloud, hybrid, or on-premises environments, regardless of the execution location
- Provide a self-service user experience aided by AI, machine learning, hundreds of pre-built connectors, and integration pipeline
templates (patterns) resulting in greater user productivity, and faster time-to-integration
- Have an underlying, scalable architecture to grow with evolving data and integration requirements
- Support different data modes such as streaming, event-driven, real-time or batch

The SnapLogic iPaaS offering is functionally rich and well-proven for a variety of use cases. It supports hybrid deployments and provides rich and differentiating features for analytics and big data integration (Hadooplex). Clients score SnapLogic as above average for cloud characteristics, functional completeness, ease of use and ability to meet SLAs.” Gartner

SnapLogic is a U.S.-based integration platform company. In mid-2013, it transitioned from a traditional software business to an iPaaS model with the release of the SnapLogic Elastic Integration Platform which provides a large set of native iPaaS capabilities that target the cloud service integration, analytics and big data integration use cases.

The flagship Enterprise Edition features a set of base adapters (Snaps), an unlimited number of connections and unlimited data volume.

Synergy Software Systems has been an Enterprise Solutions Integrator in the GCC since 1991. We are pleased to announce our formal partnership to represent Snap Logic in the MEA region.

Do you need to integrate with Azure? with SAP Data Warehouse Cloud? with Workday? With Odette compliant auto mamufacturers………..?.

To learn more call us on 009714 3365589

SQL Server 2008 and SQL Server 2008 R2 -OUT OF SUPPORT today

July 13th, 2019

SQL Server 2008 and 2008 R2, both of these versions of SQL server go out of extended support with Microsoft today 9th July 2019

Many companies and businesses are still SQL Server 2008 R2 and below. There can be a number of reasons for this, maybe the applications the databases support require an older version of SQL Server, maybe the applications are also coming to the end of life, but the end dates do not match up with the data platform end of support dates.

Sometimes applications are critical to the business and everything works just fine. The business doesn’t want to disrupt the application or introduce any risk by performing a migration to a new version so why change it?

In this situation your data platform is out of support completely. Out of support system attract hackers. Note the previous articles about fines for loss of privacy data to realise how serious this can be

So you should be making plans to migrate your legacy SQL Servers off the unsupported versions. It is likely if you are still on an old database that you are also on an old server and on an old version of Windows. That gives additional risk of failed hard disks, other system vulnerabilities – Meltdown, Spectre? Phishing…….
Investors and insurers are not likely to be sympathetic in such circumstances.

There are many performance and security benefits of upgrade.

If you decide to run on out support software and take the risk associated with running on out of support software. The main advantage of this approach is there is nothing immediate to do. The longer you run on the platform the greater the chances of you encountering a security vulnerability or failing a compliance test.
If anything does go wrong you’ll have no support from Microsoft.
Other software vendors support contracts may also require that you be on a currently supported database

Modernise and upgrade is one of the options that you have available.

You can upgrade your on premises SQL Server or migrate the databases to Azure either as IaaS solution where you run the VM in Azure or even the PaaS Azure SQL database offering

There are number of advantages to upgrading your data platform. You’ll be running your database workloads on an in support data platform, with a long support window. There will likely by new features in the latest and greatest version of SQL Server that you can use to add business value to your application – Availability Groups for example. Also you will likely find people with skills in the later technology, those skills will be more readily available in the jobs market.

There will likely be a different licensing model – the licensing model changed between SQL Server 2008 R2 and SQL Server 2012 – it possible you will have to pay more for you SQL Server licences.

The third option is instead of doing nothing you pay for a custom support agreement. The main advantage here is you can continue to get security updates and therefore potentially remaining compliant. The main disadvantage of this approach is the cost involved, which is typically 75% of the full license costs of the latest version of SQL Server and Windows Server.

Migrate workload to Azure. Microsoft allow SQL Server 2008 and SQL Server R2 VMs running in Azure to have the security updates for free for a further 3 years. So you can migrate your database server to azure and continue to get security updates for free until 2022.

The main advantage of this is you get to keep running the same version of the OS and Data platform, the security updates are free so the cost is minimal \. The disadvantages is you would need to move off premises, if this is not an option for you then you can’t exercise this option and there will still be work in involved in ‘lifting and shifting’ the VM to the cloud.

Whatever you do when support ends for SQL Server 2008 and SQL Server 2008 R2 have a plan

Integration as a Service – ask Synergy Software Systems, Dubai about Snap Logic

July 2nd, 2019

Why do companies like Adobe, AstraZeneca, Box, GameStop, OSN, Verizon, and Wendy’s choose SnapLogic?

They have a problem that many other companies are facing today. On one side, business managers rely more and more on SaaS applications and big data for daily tasks yet IT is responsible for integrating the applications. These business managers need daily access to accurate information but can’t always wait for IT. On the other side, IT is managing multiple projects, including integration requests and is working with far fewer resources. Requests can take weeks or even months to complete and business leaders can’t wait that long, so end up making decisions based on less than perfect data.

The Snaplogic Enterprise Integration Cloud comes with Iris Artificial Intelligence built in. Take away he complexity of dealing with multiple applications, big data, complex APIs, and IoT and abstract it into drag and drop components, all in one platform. SnapLogic’s Iris AI further democratizes the use of data by empowering users from all departments and teams to make data-driven decisions quickly and easily with higher accuracy. Business manager can now do their own analysis with minimal support from IT and make informed, data-backed decisions quickly.

IT people can spend less time building routine integrations and more time helping the business grow. SnapLogic is already helping many businesses with these challenges. GameStop reduced the amount of time it took to build integrations by 83%. Business processes cut across functions and applications. Transform business processes faster and stay focused on managing your business with data-driven insights rather than spend time on writing and maintaining code.

General Electric’s (now Suez Water) employees are 4 times more productive when it came to onboarding partners through its multiple systems.

AstraZeneca has more than 500 users around the world who are performing self-service integrations.

Box has connected 40 applications and is processing more than 15M transactions daily with only 1.5 full-time developers needed to support this volume.

Corporate performance management or Big data analytics from multiple, disparate corporate erp and finance systems, hybrid cloud and on premise integration, migrating to the cloud or to new software versions, IoT, T@A, EAM systems, WMS systems, Payroll systems, there are many integration challenges.

To support your digital transformation call us on 0097143365589

SQL Server 2008 and SQL Server 2008 R2 – end of life July 9, 2019 -ask Synergy Software Systems

June 23rd, 2019

Microsoft has previously announced that SQL Server 2008 and SQL Server 2008 R2 will reach end of life on July 9, 2019.

This means that in less than a month, Microsoft will no longer release regular security updates for the product.

There are several reasons this is important to you.
• Attacks against software products of all types are common and ongoing. With Microsoft SQL being such a prevalent platform, attacks against it are ubiquitous, and it’s important to keep your database platform up-to-date with the latest Microsoft security patches.
• Many compliance requirements dictate that you must be running currently supported software.
• As Microsoft drops support for a product, many third-party applications may also discontinue support for their products running on those platforms.

So, if you are still running SQL Server 2008/2008 R2, then what are your options?

1.Upgrade to a newer version of SQL.
SQL 2019 is in preview release as of this writing, so the current production version of SQL Server is 2017. Its end of life will be October 12, 2027.
Evaluate your applications and databases to make sure they are compatible e.g. Dynamic Ax 2012 is not supported beyond SQL 2016

Plan a migration for either on-premises or cloud. A move to an Azure SQL Database Managed Instance, will not require you to upgrade in the future. By choosing this option, you will also gain access to new features which have appeared in the latest SQL Server versions. However, it only offers subset of SQL features so you need to be sure it will support your application and use.

2.Migrate to Azure to receive three more years of Extended Security Updates for SQL Server 2008/2008 R2. If you need to stay on the same SQL code base for a bit longer, Microsoft will allow you to rehost your SQL 2008 environment in Azure and still provide you with security updates for an extended period. There is no extra cost for the extended updates beyond the standard Azure VM rates.

3.Purchase extended support. Microsoft allows customers with an active Enterprise Agreement and Software Assurance subscription to purchase and receive three years of Extended Security Updates for SQL Server 2008/2008 R2. The annual outlay for the updates is 75% of the full license cost.

4.The least desirable option is to stay where you are and pray. If circumstances prevent you from moving forward now, then at minimum you should:
• Recognize and account for the risk;
•Plan and budget for a transition as soon as possible;
•Re-evaluate your security and tighten it as much as possible.

Microsoft provides guidance for handling the end of support of SQL Server 2008/2008 R2 at https://www.microsoft.com/2008-eos.

Of course, Synergy is ready to help you to evaluate and to progress to the next level. 0097143365589

If you are running newer versions of SQL Server, then here are their End-of-Life dates.
•SQL Server 2012 – July 12, 2022
•SQL Server 2014 – July 9, 2024
•SQL Server 2016 – July 14, 2026
•SQL Server 2017 – October 12, 2027

Windows Server 2008 and 2008 R2, support is coming to an end.

June 23rd, 2019

Sometimes lifecycles end because of age or workload and other times they expire due to vendor support.
In the case of Windows Server 2008 and 2008 R2, Microsoft announced that Extended Support will end on January 14, 2020.

Microsoft provides: Mainstream Support, Extended Support, and Beyond End of Support.

Mainstream Support

Mainstream Support is Microsoft’s first phase of support and lasts five years. It includes the following benefits:
• Incident support (no-charge incident support, paid incident support, support charged on an hourly basis, support for warranty claims)
• Security update support
• Ability to request non-security updates

Extended Support

The Extended Support phase follows Mainstream Support, and also lasts five years. The key features of Extended Support are:
• Paid support
• Security updates at no additional cost
• Ability to request non-security updates (available only via Unified Support, a new model of support that offers comprehensive support that covers your entire organization)
• Microsoft will not accept requests for warranty support, design changes, or new features during the Extended Support phase.

Beyond End of Support

The Beyond End of Support phase is the final phase of the product lifecycle and lasts for three years. Here are the key things to remember.
• Request to change product design and features are not available
• Security updates are available only with the purchase of the Extended Security Update Program for up to three years. This typically costs 75% of the on-premises license cost annually.
• Technical support is provided when you purchase Extended Security Updates and have an active support plan in place on the product that has moved beyond the Extended Support date.

Server 2008 and 2008R2 are moving out of the Extended Support phase on January 14, 2020. From that date on,
non-security updates will no longer be available,
security updates will be available only if you pay for the Extended Security Update Program,
and other vendors will diminish their support of this operating system version.
If you are not prepared, then this will leave your environment open to security holes, application instability, and support restrictions.
If you have not already planned for this then now is the time to get it into your budget for first thing next year.

Sql 2014 Sp2 Update 15

December 15th, 2018

The 15th cumulative update release for SQL Server 2014 SP2 is available for download at the Microsoft Downloads site.
Registration is no longer required to download Cumulative updates.

CU15 KB Article: https://support.microsoft.com/en-us/help/4469137

Microsoft® SQL Server® 2014 SP2 Latest Cumulative Update: https://www.microsoft.com/download/details.aspx?id=53592

Update Center for Microsoft SQL Server: http://technet.microsoft.com/en-US/sqlserver/ff803383.aspx

RPA certifications for Synergy Software Systems, Dubai

November 25th, 2018

I am pleased to announce that following extensive training over recent weeks two of our consultants have already achieved certifications.

If you have an ROA project in mind and need support for your project from a proven, local. UAE partner then please call Synergy Software Systems on 0097143365589

Gitex 2018- See Filehold DMS with Synergy Software Systems

September 30th, 2018

Meet us with Globalis to see how advanced cheque scanners and a modern DMS solution work together.

Talk to us about how repetitive automation can help you match hundreds of thousands of invoices, or to reconcile claims, or to reconcile multiple bank accounts.

Let us show you how easy it is to drillback from any key field in any application, back to the source doument and all related documents in Filehold.

End of life for SQL 2008 and 2008 r2 is only a year away

July 14th, 2018

On July 9, 2019, Microsoft will end Extended Support, for SQL Server 2008 and 2008 R2hich means no more updates or support of any kind, potentially leaving you vulnerable to security and compliance issues.
Some considerations:
That is only a year away. So time to start planning and to get it into your 2019 budget.
What applications are affected? With what new SQL version are they compatible?
Will you need to rebuy licenses? The SQL license cost is now core based and it might prove lot higher than last time so take the time to consider all options.
Should any of your applications move to the cloud?
Should you also look at upgrades to Hardware? Windows, Office, Exchange, or Business finance/erp systems in conjunction with SQL?
Is now the time to review your security solutions?
Are you going to expand, or implement heavy new processes like consolidation, budgeting, BI in then next 2-3 years?
Is your mobile network growing?

There are major enhancements at QL 2016 sp1 so we recommend you should not consider any version lower than that. By next year SQL 2017 will also have settled down.

To discuss options callus o 0097143365589

SQL version – when should you upgrade – ask your Dynamics U.A.E. Partner, Synergy Software Systems

December 23rd, 2017

SQL Server for many years on a two-year release cycle. SQL Server 2017 arrived less than 18 months after SQL Server 2016 became available.

Since 2005 each release of SQL Server brings exciting new features and improvements to existing capabilities. Many organizations are running instances that are several versions of SQL Server behind.

To keep up with the latest SQL Server versions is a challenge, but risks losing mainstream support and missing out on beneficial features. Often database administrators must support multiple versions at once, and consultants face an even greater range of versions across their customers.

Microsoft has not committed to any specific release cadence for ersions of SQL Server. Many clients it seems are still running SQL Server 2008 R2. One reason why companies are hesitant to make the move off 2008 R2 is because of the change to per core licensing. The effort to test and to upgrade is discouraging, but it is best to do this on a planned basis than a reaction to a crisis..

It was a painful experience to upgrade from SQL Server 2000, but the compatibility gap between versions is much narrower once past 2005. To make upgrading easier, provides a tool called The Upgrade Advisor for each new version that will spot issues and provide a chance to resolve them before starting the upgrade process. Virtualization also makes setting up testing environments much simpler and quicker.

With each new version there are enhancements to T-SQL, improved availability and disaster recovery functionality, more security options, and additional ways to get better performance. 2016 service pack 1, was a game change – many previously Enterprise only features were ported down to more affordable editions.

Another consideration is support. It doesn’t take long to reach the end of mainstream support. SQL Server 2008 R2, for example, has been out of mainstream support since 2014. While it’s still in extended support, which will ensure security hotfixes, other support features are available only on a paid basis.

When you look at erp upgrades it makes sense to also review your SQL upgrade plans.

SQL Server 2012 Service Pack 4 (SP4) is available

October 16th, 2017

SQL Server 2012 Service Packs, Service Pack 4 (SP4). This release of SQL 2012 Service Pack has 20+ improvements centered around performance, scalability and diagnostics to enable SQL Server 2012 to perform faster and scale out of the box on modern hardware design.

SQL Server 2012 SP4 includes all the fixes up to and including SQL Server 2012 SP3 CU10

Security security security

September 26th, 2017

You never know when some item that queries or alters data in SQL Server will cause issues.

Bruce Schneier recently commented on FaceID and Bluetooth security, the latter of which has a vulnerability issue. I was amazed to see his piece on infrared camera hacking. A POC on using light to jump air gaps is truly frightening. It seems that truly anywhere that we are processing data, we need to be thinking (see https://arstechnica.com/information-technology/2017/09/attackers-can-use-surveillance-cameras-to-grab-data-from-air-gapped-networks/)

Airborne attacks, unfortunately, provide a number of opportunities for the attacker. First, spreading through the air renders the attack much more contagious, and allows it to spread with minimum effort. Second, it allows the attack to bypass current security measures and remain undetected, as traditional methods do not protect from airborne threats. Airborne attacks can also allow hackers to penetrate secure internal networks which are “air gapped,” meaning they are disconnected from any other network for protection. This can endanger industrial systems, government agencies, and critical infrastructure. With BlueBorne, attackers can gain full control right from the start. Moreover, Bluetooth offers a wider attacker surface than WiFi, almost entirely unexplored by the research community and hence contains far more vulnerabilities

Finally, unlike traditional malware or attacks, the user does not have to click on a link or download a questionable file. No action by the user is necessary to enable the attack.

Fully patched Windows and iOS systems are protected

– the Equifax breach for example must worry everyone who has ever had credit in the USA. (Hackers broke into Equifax’s computer systems in March, which is two months earlier than the company had previously disclosed, according to a Wall Street Journal report.)

The Securities and Exchange Commission said Wednesday that a cyber breach of a filing system it uses may have provided the basis for some illegal trading in 2016. In a statement posted on the SEC’s website, Chairman Jay Clayton said a review of the agency’s cybersecurity risk profile determined that the previously detected “incident” was caused by “a software vulnerability” in its EDGAR filing system (which processes over 1.7 million electronic filings in any given year.) The agency also discovered instances in which its personnel used private, unsecured email accounts to transmit confidential information.

So let me suggest take a good look at your systems and be honest – do you feel safe?

Microsoft has released Microsoft 365, a complete, intelligent solution, including Office 365, Windows 10, and Enterprise Mobility + Security, that empowers everyone to be creative and work together, securely. Watch Satya introduce it.

What about your websites?
Although acts of vandalism such as defacing corporate websites are still commonplace, hackers prefer to gain access to the sensitive data residing on the database server and then to sell the data.

The costs of not giving due attention to your web security are extensive and apart form direct financial burden and inconvenience also risks:
• Loss of customer confidence, trust and reputation with the consequent harm to brand equity
• Negative impact on revenues and profits arising e.g. from falsified transactions, or from
employee downtime
• Website downtime – is in effect the closure of one of the most important sales and marketing channels
especially for an e-business
• Legal battles and related implications from Web application attacks and poor security
measures including fines and damages to be paid to victims.

Web Security Weaknesses
Hackers will attempt to gain access to your database server through any way they can e.g. out of date protocols on a router. Two main targets are :
• Web and database servers.
• Web applications.

Information about such exploits are readily available on the Internet, and many have been reported on this blog previously.

Web Security Scanning
So no surprise that Web security should contain two important components: web and database server security, and web application security.

Addressing web application security is as critical as addressing server security.

Firewalls and similar intrusion detection mechanisms provide little defense against full-scale web
attacks.
Since your website needs to be public, security mechanisms allow public web traffic to
communicate with your web and databases servers (i.e. over port 80).

It is of paramount importance to scan the security of these web assets on the network for possible vulnerabilities. For example, modern database systems (e.g. Microsoft SQL Server, Oracle and MySQL) may be
accessed through specific ports and so anyone can attempt direct connections to the databases to try and bypass the security mechanisms used by the operating system. These ports remain open to allow communication with legitimate traffic and therefore constitute a major vulnerability.

Other weaknesses relate to the database application itself and the use of weak or default passwords by
administrators. Vendors patch their products regularly, and equally regularly find new ways of
attack.

75% of cyber attacks target weaknesses within web applications rather than directly at the
servers. Hackers launch web application attacks on port 80 . Web applications are more open to uncovered vulnerabilities since these are generally custom-built and therefore pass through a lesser degree of
testing than off-the-shelf software.

Some hackers, for example, maliciously inject code within vulnerable web applications to trick users
and redirect them towards phishing sites. This technique is called Cross-Site Scripting (XSS) and may
be used even though the web and database servers contain no vulnerability themselves.

Hence, any web security audit must answer the questions “which elements of our network
infrastructure are open to hack attacks?”,
“which parts of a website are open to hack attacks?”, and “what data can we throw at an application to cause it to perform something it shouldn’t do?”

Ask us about Acunetix and Web Security
Acunetix ensures web site security by automatically checking for SQL Injection, Cross Site Scripting,
and other vulnerabilities. It checks password strength on authentication pages and automatically
audits shopping carts, forms, dynamic content and other web applications. As the scan is being
completed, the software produces detailed reports that pinpoint where vulnerabilities exist