{"id":110,"date":"2005-09-12T00:00:00","date_gmt":"2005-09-12T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2005\/09\/12\/web-security-whats-that\/"},"modified":"2021-12-30T11:36:32","modified_gmt":"2021-12-30T11:36:32","slug":"web-security-whats-that","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2005\/09\/12\/web-security-whats-that\/","title":{"rendered":"Web security &#8211; what&#8217;s that?"},"content":{"rendered":"<p>Many small businesses overlook web site security because they assume that their web site is of no interest to the hacker, particularly if they are processing little or no financial data.  However hackers aren&#8217;t just after credit card details these days &#8211; most small business web sites hold something far more valuable&#8230;  As someone who regularly gets to review the security of web sites I know more than most just how bad security can be.  But don&#8217;t just take my word for it &#8211; a recent study that reviewed 300 well known e-commerce sites found significant flaws in 97% of them.  And these were big budget sites that should have known better.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>From the customer not understanding the relevance of security, through to the web developers not understanding the power of the technologies they are using, it&#8217;s hardly surprising 97% don&#8217;t make the grade.  Ask most small businesses how important web site security might be, and there will be much shrugging of shoulders as they explain that they don&#8217;t handle credit card data so must be safe.<\/p>\n<p>1. More and more criminals are using hacking as a way of committing their crimes in relative safety.  Hacking can no longer be thought of as simple &#8220;vandalism&#8221;, it&#8217;s rapidly turning into a tool of the trade.<br \/>\n2. Identity theft is turning into a more lucrative line of business for many criminals than credit card fraud.  And you&#8217;d be surprised just how many small business web sites collect valuable customer data &#8211; data which could easily be re-used to commit identity fraud.  In one recent example, we reviewed the security of a recruitment company who had just spent a small fortune on a website with sophisticated functionality that allowed the user to manage their &#8220;account details&#8221; online.<\/p>\n<p>Which brings me on to another major cause of poor security &#8211; bad design.  Often naive developers with little experience of &#8220;real world&#8221; applications working to tight budgets often turn to the Internet to get the answers they need &#8211; and end up producing applications riddled with errors, bugs and security loopholes.  And of course hackers are becoming increasingly sophisticated at detecting and exploiting flaws in the very programming that makes up a web site.  And they use that knowledge against unsuspecting businesses with relative ease.<\/p>\n<p>So how should a small business, with a limited budget and even more limited understanding of web technology get a foothold onto the Internet which is relatively safe?<\/p>\n<p>1. Understand the importance of keeping any form of customer data<br \/>\n2. When choosing web developers, remember that you really do get what you pay for.<br \/>\n3. Don&#8217;t be too ambitious<br \/>\n4. Consider buying an off-the-shelf solution<br \/>\n5. Cnsider getting the site independently &#8220;penetration&#8221; tested.  This may be expensive (perhaps 10-20% of the total cost of the site) but will be a fraction of the cost of a real-life break-in.<\/p>\n<p>http:\/\/www.ebcvg.com\/articles.php?id=879<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-110","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/110","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=110"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/110\/revisions"}],"predecessor-version":[{"id":2597,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/110\/revisions\/2597"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=110"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=110"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=110"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}