Website security (& ethical hacking)

Do you value your business?

It amazes me how many coders have no idea about website security. Customers pay for so called professionals to code entire online businesses for them and yet, so many sites are left completely vulnerable to hackers.

Photo by JC Gellidon on Unsplash

What can happen to your website and business online if it’s not secure?

There are many ways to ‘attack’ a website. The most easiest is of course to try and guess the username and password from as administrative log in page. It’s quite suprising how many people will user a username of ‘admin’ and then the password as something entirely insecure (such as the site name or indeed the word ‘password’). This is a fundamental error of course.

Would you open a high street shop, and when you go home at night leave the keys in the door?

Website security matters

Vulnerability is not just usernames and passwords

Because of the complex interactions that modern website carry out with images, data, and databases, bad coding (very commonly seen) leaves highly vulnerable ‘entry’ points for malicious users to interact with your site, you databases, and indeed your server in ways that you never intended. These consequences can lead to you losing all your data and as a consequence – your entire business. This can and will happen within seconds the moment a hacker/malicious finds an entry point into your site.

How to secure your website and your data

It takes a skilled coder to write code that prevents malicious users from damaging your online business. Furthermore, it take a person who understands hacking, who understands how to ‘break’ websites, to be able to understand how and where websites are vulnerable.

To know how to secure a website, you need to know how to break a website

Ethical Hacking

“Ethical Hacking” is a a term used to describe people who understand hacking in order to understand how to prevent hacking. With clients I will generally demonstrate some live hacking on their sites to show what can happen because their code is vulnerable/badly conceived and coded. This is done in order for the client to understand who serious various problems are on their website.

The client is then left with the choice of whether they wish to leave their site vulnerable for malicious users to exploit their business, or to get code re-written/fixed in order that is cannot happen again.