Developing Your Website with Security in Mind

Websites and web applications have a widening “window of exposure” that has led to numerous major breaches in recent years. From the Equifax scandal that lost 143 million individual’s personal data to the eBay hack that lost enormous amounts of payment information, data breaches have become commonplace.

The reason: most sites and applications are attacked 50 times a day according to a Sitelock study. The focus of these attacks is no longer about defacement, but rather the data that these companies possess. While major companies as those listed above receive lots of attention for their deficiencies, everyday small organizations face the same threats.  

Without taking into account major overhauls in the design and development of their sites and applications, these companies remain extremely vulnerable. Service provider Verizon found that 30 percent of breaches on its network were due to simple deficiencies that could be easily manipulated to steal personal data.

Security should be a top priority when creating any site or application. Here are several important things to consider when building a digital platform:

1. Keep the site up to date. Whether your site uses CMS system like WordPress or a custom application, security holes are most often found in older versions and are easy to exploit. Create a policy to check for updates on a regular basis.
2. Pages that are primarily built from user content such as those with large comment sections are extremely vulnerable to cross-site scripting, where a hacker injects malicious JavaScript into the page. From this submission, the hacker can change content, steal user account information, or take control of user accounts. Make sure your developers have taken steps to prevent cross-site scripting.
3. Allowing users to upload files and documents also creates more risk. Any file uploaded, no matter how innocent, can contain scripts that can infiltrate a site or server. Limit file uploads to only the file types you want to support. In addition, renaming the file can help limit your potential exposure.
4. HTTPS is a security protocol that guarantees users are entering a server that they expect. It is promoted by Google who gives a boost in search rankings if a company chooses to use this platform. Make sure your site or application has a SSL certificate installed and forces traffic over HTTPS. You can check your site at whynopadlock.com.
5. Finally, for E-commerce sites, setting alerts for fraudulent purchasing behavior can prevent further data corruption. By picking out multiple and suspicious transactions from the same address, or orders by the same person with different cards, these retailers avoid data breaches.

×

Subscribe to Our Newsletter

If you made it this far, you should sign up for our monthly newsletter. Get our latest articles and insights delivered each month.

First Name*

Last Name*

Email*