5 Website Development Tips To Boost Your Business Growth Exponentially
In a nutshell, the role of the web designer is charged with how the web site looks and how visitors “experience” the site. Security has not been a primary concern for most web designers.
In the early days of the web there was little chance for a designer to build a way for visitors to interact with the site they were viewing. The pages consisted of static content comprised of text and images that were served up in HTML. But those days are gone. As the tools used to build websites have evolved, so have the security threats that modern day sites face.
As designers we need to have an understanding of what security threats our work and our websites are vulnerable to and the steps we can take to help protect them from malicious hackers. While security may not be a top priority for us in our project scope, the following concepts should be addressed at some point in every site we build.
Secure Your Workstation
If someone wants to break into your site the first thing they are going to need is a way in. Using malware installed on the designer’s computer the hacker can see when you log into your site’s control panel or FTP into your site. He or she can then capture any usernames and passwords and have full access to your site. Keeping your workstation free of malware is the first thing any designer should do in terms of security. In fact, you should scan your workstation before you change your passwords to make sure that they are not being stolen through a keystroke logger or other spyware.
And while we are on the subject of passwords, make sure that you are using unique passwords; not just complex ones. This helps protect your stuff in the event one password is compromised. If you reuse the same one, it doesn’t matter how complicated it is, the attacker will have it. Know Your Code HTML5, JavaScript, Rails – these are only a few of the languages behind web sites these days. Unfortunately each one, as well as any other language used in web site development, has plenty of vulnerabilities that can be used to compromise a web site.
While many will argue that the web developer is responsible for securing code, the designer can’t hand off the baton so easily. If you are working with HTML5 give the OWASP HTML5 Security Cheat Sheet a look to see just what might be at risk. Using JavaScript for contact forms or any other interactivity? Better know what risks you face.
Of course anyone who works with web sites should be at least familiar with cross-site scripting and how to prevent it.
Giving Up Too Much Information
Web sites are built to provide content to viewers. Sometimes, we offer up too much content though. Browse to the About Us or Management pages of a few web sites and see just how much information they give up about their executives. Usually it’s enough for just about anyone to put together a pretty accurate profile of at least one senior level person.
Not only do web sites leak too much about the people in the organization, they often tell a bit too much about the hardware and applications that run them. Third party web applications like content management systems and shopping carts are notorious for divulging version numbers and other tidbits of information that hackers find useful. Tools like BrowserSpy give up enough information about your site to give any skilled attacker a way to pry into your web site. Error messages are also notorious for giving up a bit more information than you should be comfortable with. When testing your site, make sure that error messages are not displaying information about the operating system or webserver.
Be Careful of Ad Networks
Sites that rely on advertising revenue have a security issue all to themselves, the ads themselves. There are always news stories on the web about ad networks that are serving up malware. And it’s not reserved for smaller ad networks that no one has ever heard of. What happens is an advertiser creates an ad that, when clicked, takes the victim to a site that will exploit their browser, or other software, and install malware onto their computer. Other attacks don’t even require the victim to click on the ad; their computer is infected via a drive-by-download just from the script running the advertisement.
This is usually done without the knowledge of the site serving the ads or the ad network themselves.
Does this mean you, as a web designer, are expected to become an expert in security topics just to stay in the game? Absolutely not; however it would be negligent for anyone who works in any technology field not to have an understanding of the threats in their respective field. Having the knowledge to do just the bare minimum will help keep your sites off the radar of attackers looking for low hanging fruit and will insure that you are providing the best possible service you can to your clients
Read more http://www.webdesign.org/web-site-security-concepts.22295.html
Published on: Mar 03, 2021
No Comments yet! Be the first one to write.