What You Don’t Know About Web Site Security

We focus on so many areas of building a business online but seldom do I hear site owners talking about one of the most important aspects: site security.  Protecting your digital assets, your customers, your reputation and ultimately your business is vitally important.

Let me start by dispelling some commons myths:

  1. Your site is not safe just because you keep your FTP info well guarded.  Hackers don’t necessarily need a username and password to get into your site.
  2. SSL (secure socket layer) does not protect your site from hacking.  It is only a source of encryption to pass secure data, like credit card numbers. It makes no guarantee as to how data is stored.
  3. Hosts do not offer adequate protection as part of standard hosting. Hosts have a hard time maintaining security – not because they are incompetent, but because they can’t regulate and control what errors site owners make in loading files and scripts to the server.  Site owners make their servers vulnerable.  They do the best they can, but there is so much more you can do on your own to protect your site, your business and your revenue.

My goal is not to terrify site owners – but it is to scare them just enough to take action and ensure their security.

My site was hacked 3 times.  I lost leads, I lost revenue and I lost a lot of money in cleaning up the mess.  I know for a fact that proactive prevention is a lot cheaper than cleaning up after a malicious attack.

I am no security expert, but I have connected with a brilliant one that has been kind enough to share his expertise with me.   He actually offers a free report on this site (http://www.saswebsecurity.com/).  For more in-depth information on security issues, I suggest you grab his free report right away!

So now, let’s get down to it.  My interview with Adam Palmer, from SAS Web Security.

Me: Thanks for taking the time to educate my readers on this important topic.  Can you explain how you get into this business and tell us exactly what you do.

Adam:  My goal is to educate site owners and help them protect themselves.  My philosophy is that understanding risk is the first step in mitigating it.  What I do sounds a little weird but trust me it works.  I ethically hack websites!

<insert Adam’s laughter at my stunned silence>

Adam: What I mean is I try to attack the site (without doing any actual harm) to find all the security flaws and holes that malicious hackers will expose.  I do this with the client’s consent and after they’ve been fully informed on my plans.  Once I am done with the attack, I provide them with an in-depth summary of all security holes I found.  They can give it to their web team to fix or they can choose to hire me to fix it.

Me:  Wow, that is really cool.  How did you get into that?

Adam: I have spent over 9 years developing applications and working in various web languages and I realized how little the average web site own or application owner really knows about security.  I saw the devastating effects of these malicious attacks and realized I had the knowledge to help people and fill what I consider to be a big gap in this industry.  I don’t see enough security information being shared with site owners.

Me:  What is the one message you want to get across to site owners?

Adam:  Honestly?  That they are no where near as secure as they think they are. And it’s really true, they invest in so many areas of growing their business but they don’t invest in keeping it secure.  More often than not the development team are focused on client satisfaction, and pay no attention to the security implications of their work.  The costs to prevent attacks are significantly cheaper than the cost to clean up after an attack.  I just want site owners to be aware.  They may choose to ingore the information and remain at risk – but at least it’ll be a willful decision and they weren’t uninformed.

Me:  Is there anything site owners can tell their web team to ensure they are more secure?

Adam:  I outlined it all in my free report.  I suggest people download it, read it and share it with their development team.  There are 2 levels of proactive prevention.  One is to just ensure the developers are practicing safe work on the server and not making mistakes that increase the security threats.  The other level is the actual “ethical hack” that I talked about before.  That is the best way to get the most thorough security analysis.

Me: What are some of the most common threats site owners face?

Adam:  SQL injection is one of the most damaging and most common attacks that exists against web systems. It is an attack directly against a web site as opposed to an attack against the users browsing that site. Cross site scripting or ‘XSS’ is an attack against one or more users browsing a site (as opposed to the server itself).   There are so many others, but those are 2 of the most common and damaging.

Me: What does this actually mean though?

Adam: Over 75% of all sites have critical security flaws. By critical we’re talking about the ability for an attacker to download a site’s entire database, modify the database, upload malware on to the site, or attack users that visit the site. This can obviously have devastating consequences.

Me: Wow. What are the best ways to prevent such attacks?

Adam: Ideally, programmers would all be security trained and would write strong and secure code from the start. Unfortunately, that doesn’t always happen. A lot of programmers are either entirely unaware of security considerations, or believe that their code is more secure than it actually is. All site owners get reliable security scanning, if for no other reason than to establish their current level of security. From there, any weaknesses found can be explained and discussed, and a resolution put in place.

After talking to Adam I have a much better understanding of site security and honestly, I am shocked that sites are so vulnerable.  I’m also shocked that more people aren’t talking about this.  I hope to get the conversation started and help site owners ensure the safety and security of their website (and business).  It’s important that I mention, I not receive any compensation for recommending Adam’s services and I have nothing to gain.  I spend so much time trying to educate people on SEO and copywriting, I thought I should spend a little time ensuring you are aware of the security risks out there and even more importantly ensuring that you know there are specific things you can do to ensure your site is more secure.  Download Adam’s free report and learn a little more about what he does here: http://www.saswebsecurity.com/

About Jennifer Horowitz

With over 13 years in the industry, Jennifer Horowitz, Director of Marketing for EcomBuffet, has amassed much knowledge and experience and has much to say about all things SEO (marketing, copywriting & social media). Always happy to share with an audience, Jenn is now a regular contributor at Level343.

Comments

  1. This is quite an eye opener. I didn’t know it has this many risks to this but I feel like I can still fix it with the tips you included in the article. Great job on this one.

Trackbacks

  1. Bonnie Burns says:

    Securing Your Website and Preventing Malicious Attacks http://t.co/l2ZR2UzM #seo #security #ecombuffet

  2. Bonnie Burns says:

    Securing Your Website and Preventing Malicious Attacks http://t.co/ZuTlV0Ce #seo #security #ecombuffet

  3. Bonnie Burns says:

    Securing Your Website and Preventing Malicious Attacks http://t.co/l2ZR2UzM #seo #security #ecombuffet

  4. Bonnie Burns says:

    Securing Your Website and Preventing Malicious Attacks http://t.co/ZuTlV0Ce #seo #security #ecombuffet

  5. Bonnie Burns says:

    Securing Your Website and Preventing Malicious Attacks http://t.co/l2ZR2UzM #seo #security #ecombuffet

  6. Bonnie Burns says:

    Securing Your Website and Preventing Malicious Attacks http://t.co/ZuTlV0Ce #seo #security #ecombuffet

  7. DialMe says:

    Securing Your Website and Preventing Malicious Attacks http://t.co/ZxXG4ntq via @level343

  8. DialMe says:

    Securing Your Website and Preventing Malicious Attacks http://t.co/ZxXG4ntq via @level343

  9. RT @sbhsbh: What You Don’t Know About Web Site Security http://t.co/jPus5qjw | Thanks :)

  10. RT @sbhsbh: What You Don’t Know About Web Site Security http://t.co/jPus5qjw | Thanks :)

  11. Steve Hughes says:

    What You Don’t Know About Web Site Security http://t.co/RSDg5XFU via @level343

  12. RT @sathishisaac: What You Don’t Know About Web Site Security http://t.co/GnyGF3QQ via @SEOcopy

  13. RT @sathishisaac: What You Don’t Know About Web Site Security http://t.co/GnyGF3QQ via @SEOcopy

  14. RT @sathishisaac: What You Don’t Know About Web Site Security http://t.co/GnyGF3QQ via @SEOcopy

  15. RT @sathishisaac: What You Don’t Know About Web Site Security http://t.co/GnyGF3QQ via @SEOcopy

  16. RT @sathishisaac: What You Don’t Know About Web Site Security http://t.co/GnyGF3QQ via @SEOcopy

  17. What You Don’t Know About Web Site Security http://t.co/BjixYckr via @level343

  18. DJ Thistle says:

    What You Don’t Know About Web Site Security http://t.co/BjixYckr via @level343

  19. What You Don’t Know About Web Site Security http://t.co/aB5lLPJj via @SEOcopy

  20. OutsourceIT says:

    Knowledge is power when it comes to being secure online. http://t.co/MT2TAe0D

  21. Shane Barker says:

    What You Don’t Know About Web Site Security http://t.co/eeJUCwCK via @SEOcopy

  22. What You Don’t Know About Web Site Security http://t.co/uufZYKIF via @level343

  23. Carla Young says:

    What You Don’t Know About Web Site Security http://t.co/N4vKeqRP via @SEOcopy

  24. Ching Ya says:

    What You Don’t Know About Web Site Security http://t.co/ohFj4zjX via @SEOcopy

  25. Wasim Ismail says:

    Securing Your Website and Preventing Malicious Attacks http://t.co/24uMV8xK via @level343

  26. Wasim Ismail says:

    Securing Your Website and Preventing Malicious Attacks http://t.co/24uMV8xK via @level343

  27. What You Don’t Know About Web Site Security http://t.co/EsopZx0Q via @SEOcopy

  28. What You Don’t Know About Web Site Security http://t.co/0DVPpXUX via @level343

  29. What You Don’t Know About Web Site Security http://t.co/EWx5uDoG via @level343

  30. RT @EcomBuffet: RT @level343: What You Don’t Know About Web Site Security http://t.co/xDIplrFQ via @EcomBuffet

  31. RT @EcomBuffet: RT @level343: What You Don’t Know About Web Site Security http://t.co/xDIplrFQ via @EcomBuffet

  32. Bonnie Burns says:

    RT @EcomBuffet: RT @level343: What You Don’t Know About Web Site Security http://t.co/xDIplrFQ via @EcomBuffet

  33. Bonnie Burns says:

    RT @EcomBuffet: RT @level343: What You Don’t Know About Web Site Security http://t.co/xDIplrFQ via @EcomBuffet

  34. Bonnie Burns says:

    RT @level343: What You Don’t Know About Web Site Security http://t.co/zdDRZUiv via @EcomBuffet

  35. Bonnie Burns says:

    RT @level343: What You Don’t Know About Web Site Security http://t.co/zdDRZUiv via @EcomBuffet

  36. Cindy Ashton says:

    RT @EcomBuffet: RT @level343: What You Don’t Know About Web Site Security http://t.co/MRyc8nr8 via @EcomBuffet = interesting

  37. RT @level343: What You Don’t Know About Web Site Security http://t.co/zdDRZUiv via @EcomBuffet

  38. What You Don’t Know About Web Site Security http://t.co/jPus5qjw via @EcomBuffet

  39. Securing Your Website and Preventing Malicious Attacks http://t.co/PQzP5Pnu via @level343

  40. Paul Morin says:

    What You Don’t Know About Web Site Security http://t.co/NhtN51JO via @SEOcopy

  41. Nick Maples says:

    What You Dont Know About Web Site Security – http://t.co/z8nl3vis

  42. What You Dont Know About Web Site Security – http://t.co/z8nl3vis

  43. Securing Your Website and Preventing Malicious Attacks http://t.co/XHfJ9EVc

  44. Joe Prasad says:

    What You Don’t Know About Web Site Security http://t.co/tZyrLJtd via @SEOcopy

  45. Joe Prasad says:

    What You Don’t Know About Web Site Security http://t.co/tZyrLJtd via @SEOcopy

  46. Securing Your Website and Preventing Malicious Attacks via @level343 http://t.co/xMiHKXZM

  47. Securing Your Website and Preventing Malicious Attacks via @level343 http://t.co/xMiHKXZM

  48. Sarah Arrow says:

    What You Don’t Know About Web Site Security http://t.co/Mf89n1mH via @level343

  49. Sarah Arrow says:

    What You Don’t Know About Web Site Security http://t.co/T7pBGfxV via @level343

  50. What You Don’t Know About Web Site Security http://t.co/5Skrab5d via @SEOcopy

  51. Jamee Sheikh says:

    RT @burnsie_seo: Securing Your Website and Preventing Malicious Attacks. Dispelling some commons myths http://t.co/2Wtpruw0 #security

  52. Blog Monster says:

    RT @burnsie_seo: Securing Your Website and Preventing Malicious Attacks. Dispelling some commons myths http://t.co/jfALuJ7k #security

  53. Gerald Weber says:

    RT @burnsie_seo: Securing Your Website and Preventing Malicious Attacks. Dispelling some commons myths http://t.co/nJJgLg0N #security

  54. Bonnie Burns says:

    Securing Your Website and Preventing Malicious Attacks. Dispelling some commons myths http://t.co/l2ZR2UzM #ecombuffet #security

  55. Bonnie Burns says:

    Securing Your Website and Preventing Malicious Attacks. Dispelling some commons myths http://t.co/ZuTlV0Ce #ecombuffet #security

  56. rhythm7a says:

    What You Don’t Know About Web Site Security http://t.co/R6nJaMEq via @SEOcopy

  57. Thomas Petty says:

    What You Don’t Know About Web Site Security – http://t.co/ZuUIpTRk

  58. Amy Vernon says:

    What You Don’t Know About Web Site Security http://t.co/R6nJaMEq via @SEOcopy

  59. Bonnie Burns says:

    Securing Your Website and Preventing Malicious Attacks by #Ecombuffet http://t.co/puXINPQz via @level343

  60. Bonnie Burns says:

    Securing Your Website and Preventing Malicious Attacks by #Ecombuffet http://t.co/puXINPQz via @level343

  61. Bonnie Burns says:

    Securing Your Website and Preventing Malicious Attacks by #Ecombuffet http://t.co/YH7wXBaB via @level343

  62. Bonnie Burns says:

    Securing Your Website and Preventing Malicious Attacks by #Ecombuffet http://t.co/YH7wXBaB via @level343

  63. What You Don’t Know About Web Site Security http://t.co/nhePlbek via @SEOcopy

  64. DemandCon says:

    What You Don’t Know About Web Site Security http://t.co/E0VjsD0I via @SEOcopy

  65. What You Don’t Know About Web Site Security http://t.co/o2YPM13S via @level343

  66. Sylvia says:

    What You Don’t Know About Web Site Security http://t.co/kHTt5hR1 via @SEOcopy

  67. Bonnie Burns says:

    RT @ShellyKramer: What You Don’t Know About Web Site Security http://t.co/xDIplrFQ via @SEOcopy

  68. Bonnie Burns says:

    What You Don’t Know About Web Site Security http://t.co/kHTt5hR1 via @SEOcopy

  69. What You Don’t Know About Web Site Security http://t.co/kHTt5hR1 via @SEOcopy

  70. What You Don’t Know About Web Site Security http://t.co/LjzB2lEs via @SEOcopy

  71. What You Don’t Know About Web Site Security – Categories:Online MarketingOtherTags: HackedWe focus on so many areas … http://t.co/V9rItieO

  72. Sue Cooper says:

    What You Don’t Know About Web Site Security – http://t.co/2RTl43iw

  73. What You Don’t Know About Web Site Security http://t.co/iMb5mL0w via @SEOcopy

  74. RT @SEOcopy: Our 400th fresh squeezed post – What You Don’t Know About Web Site Security – http://t.co/bcoMhw7K | Welcome to reality… …

  75. Our 400th fresh squeezed post – What You Don’t Know About Web Site Security – http://t.co/j3KsopON | Welcome to reality… :) #shithappens

  76. Our 400th fresh squeezed post – What You Don’t Know About Web Site Security – http://t.co/j3KsopON | Welcome to reality… :) #shithappens

  77. What You Don’t Know About Web Site Security http://t.co/FFHelwjh via @SEOcopy

  78. Our 400th fresh squeezed post – What You Don’t Know About Web Site Security – http://t.co/G3RqX485 | Welcome to reality…thanks @EcomBuffet

  79. Our 400th fresh squeezed post – What You Don’t Know About Web Site Security – http://t.co/G3RqX485 | Welcome to reality…thanks @EcomBuffet

  80. Marck V. says:

    What You Don’t Know About Web Site Security http://t.co/CWXmPmCk via @SEOcopy

  81. Ronak Shah says:

    Securing Your Website and Preventing Malicious Attacks http://t.co/nFu6ha2K

  82. Securing Your Website and Preventing Malicious Attacks http://t.co/nFu6ha2K

  83. What You Don’t Know About Web Site Security http://t.co/G3pTcavo via @SEOcopy

  84. Bonnie Burns says:

    Securing Your Website and Preventing Malicious Attacks.Dispelling some commons myths http://t.co/l2ZR2UzM #ecombuffet #security

  85. Bonnie Burns says:

    Securing Your Website and Preventing Malicious Attacks.Dispelling some commons myths http://t.co/ZuTlV0Ce #ecombuffet #security

  86. Bonnie Burns says:

    Securing Your Website and Preventing Malicious Attacks http://t.co/BJLBgi8g by #Ecombuffet

  87. Bonnie Burns says:

    Securing Your Website and Preventing Malicious Attacks http://t.co/yVWgPuhg by #Ecombuffet

  88. Bonnie Burns says:

    Securing Your Website and Preventing Malicious Attacks http://t.co/l2ZR2UzM #seo #security #ecombuffet

  89. Bonnie Burns says:

    Securing Your Website and Preventing Malicious Attacks http://t.co/ZuTlV0Ce #seo #security #ecombuffet

  90. Securing Your Website and Preventing Malicious Attacks http://t.co/xJkPFpyB

  91. Securing Your Website and Preventing Malicious Attacks http://t.co/xJkPFpyB

  92. What You Don’t Know About Web Site Security http://t.co/FYrB3vB4 via @SEOcopy

  93. Jimmy Hovey says:

    What You Don’t Know About Web Site Security http://t.co/UMqsuHoB via @SEOcopy

  94. What You Don’t Know About Web Site Security http://t.co/h9VTCidx via @level343

  95. RT @SEOcopy What You Don’t Know About Web Site Security http://t.co/cYhgnkuF @netcentral

  96. What You Don’t Know About Web Site Security http://t.co/gzAm9icX

  97. What You Don’t Know About Web Site Security http://t.co/wZJ6TSoU

  98. Jaheed says:

    What You Don’t Know About Web Site Security: Categories:Online MarketingOtherTags: HackedWe focus on so many are… http://t.co/WaAuMwRY

  99. What You Don’t Know About Web Site Security http://t.co/IzodJ3zh #dc #seo

  100. What You Don’t Know About Web Site Security: Categories:Online MarketingOtherTags: HackedWe focus on so many are… http://t.co/8l6VWOAJ

  101. What You Don’t Know About Web Site Security http://t.co/IzodJ3zh #dc #seo

  102. RT @SEOcopy What You Don’t Know About Web Site Security http://t.co/K3CRnxjs

  103. David Harry says:

    RT @SEOcopy What You Don’t Know About Web Site Security http://t.co/WhNUJGK1

  104. Ana Hoffman says:

    What You Don’t Know About Web Site Security http://t.co/QOdAcJmU via @SEOCopy

  105. What You Don’t Know About Web Site Security: We focus on so many areas of building a business onli… http://t.co/Nka3DxFq via @level343

Speak Your Mind

*