What You Don’t Know About Web Site Security

by on December 17, 2012

We focus on so many areas of building a business online but seldom do I hear site owners talking about one of the most important aspects: site security.  Protecting your digital assets, your customers, your reputation and ultimately your business is vitally important.

Let me start by dispelling some commons myths:

  1. Your site is not safe just because you keep your FTP info well guarded.  Hackers don’t necessarily need a username and password to get into your site.
  2. SSL (secure socket layer) does not protect your site from hacking.  It is only a source of encryption to pass secure data, like credit card numbers. It makes no guarantee as to how data is stored.
  3. Hosts do not offer adequate protection as part of standard hosting. Hosts have a hard time maintaining security – not because they are incompetent, but because they can’t regulate and control what errors site owners make in loading files and scripts to the server.  Site owners make their servers vulnerable.  They do the best they can, but there is so much more you can do on your own to protect your site, your business and your revenue.

My goal is not to terrify site owners – but it is to scare them just enough to take action and ensure their security.

My site was hacked 3 times.  I lost leads, I lost revenue and I lost a lot of money in cleaning up the mess.  I know for a fact that proactive prevention is a lot cheaper than cleaning up after a malicious attack.

I am no security expert, but I have connected with a brilliant one that has been kind enough to share his expertise with me.   He actually offers a free report on this site (http://www.saswebsecurity.com/).  For more in-depth information on security issues, I suggest you grab his free report right away!

So now, let’s get down to it.  My interview with Adam Palmer, from SAS Web Security.

Me: Thanks for taking the time to educate my readers on this important topic.  Can you explain how you get into this business and tell us exactly what you do.

Adam:  My goal is to educate site owners and help them protect themselves.  My philosophy is that understanding risk is the first step in mitigating it.  What I do sounds a little weird but trust me it works.  I ethically hack websites!

<insert Adam’s laughter at my stunned silence>

Adam: What I mean is I try to attack the site (without doing any actual harm) to find all the security flaws and holes that malicious hackers will expose.  I do this with the client’s consent and after they’ve been fully informed on my plans.  Once I am done with the attack, I provide them with an in-depth summary of all security holes I found.  They can give it to their web team to fix or they can choose to hire me to fix it.

Me:  Wow, that is really cool.  How did you get into that?

Adam: I have spent over 9 years developing applications and working in various web languages and I realized how little the average web site own or application owner really knows about security.  I saw the devastating effects of these malicious attacks and realized I had the knowledge to help people and fill what I consider to be a big gap in this industry.  I don’t see enough security information being shared with site owners.

Me:  What is the one message you want to get across to site owners?

Adam:  Honestly?  That they are no where near as secure as they think they are. And it’s really true, they invest in so many areas of growing their business but they don’t invest in keeping it secure.  More often than not the development team are focused on client satisfaction, and pay no attention to the security implications of their work.  The costs to prevent attacks are significantly cheaper than the cost to clean up after an attack.  I just want site owners to be aware.  They may choose to ingore the information and remain at risk – but at least it’ll be a willful decision and they weren’t uninformed.

Me:  Is there anything site owners can tell their web team to ensure they are more secure?

Adam:  I outlined it all in my free report.  I suggest people download it, read it and share it with their development team.  There are 2 levels of proactive prevention.  One is to just ensure the developers are practicing safe work on the server and not making mistakes that increase the security threats.  The other level is the actual “ethical hack” that I talked about before.  That is the best way to get the most thorough security analysis.

Me: What are some of the most common threats site owners face?

Adam:  SQL injection is one of the most damaging and most common attacks that exists against web systems. It is an attack directly against a web site as opposed to an attack against the users browsing that site. Cross site scripting or ‘XSS’ is an attack against one or more users browsing a site (as opposed to the server itself).   There are so many others, but those are 2 of the most common and damaging.

Me: What does this actually mean though?

Adam: Over 75% of all sites have critical security flaws. By critical we’re talking about the ability for an attacker to download a site’s entire database, modify the database, upload malware on to the site, or attack users that visit the site. This can obviously have devastating consequences.

Me: Wow. What are the best ways to prevent such attacks?

Adam: Ideally, programmers would all be security trained and would write strong and secure code from the start. Unfortunately, that doesn’t always happen. A lot of programmers are either entirely unaware of security considerations, or believe that their code is more secure than it actually is. All site owners get reliable security scanning, if for no other reason than to establish their current level of security. From there, any weaknesses found can be explained and discussed, and a resolution put in place.

After talking to Adam I have a much better understanding of site security and honestly, I am shocked that sites are so vulnerable.  I’m also shocked that more people aren’t talking about this.  I hope to get the conversation started and help site owners ensure the safety and security of their website (and business).  It’s important that I mention, I not receive any compensation for recommending Adam’s services and I have nothing to gain.  I spend so much time trying to educate people on SEO and copywriting, I thought I should spend a little time ensuring you are aware of the security risks out there and even more importantly ensuring that you know there are specific things you can do to ensure your site is more secure.  Download Adam’s free report and learn a little more about what he does here: http://www.saswebsecurity.com/



{ 1 comment… read it below or add one }

Adela Earlington December 18, 2012 at 8:19 am

This is quite an eye opener. I didn’t know it has this many risks to this but I feel like I can still fix it with the tips you included in the article. Great job on this one.

Reply

Comment Guidelines: The comment form must be filled in with an actual name. This blog is actively moderated, and comments with keyword names will be deleted. We reserve the right to edit or delete any comments using keywords, spam or splog-like URLs, or suspicious information in the comment form.


Linking Guidelines: We welcome links that encourage and continue conversation, such as links to related blog pages. If you've written about (or read elsewhere) the article topic and feel the piece would enhance ours, please, do share. Again, this blog is actively moderated. If we come across a link we don't feel enhances the conversation, we'll simply unlink it.

Leave a Comment

{ 105 trackbacks }

  • Jahnelle Pittman

    What You Don’t Know About Web Site Security: We focus on so many areas of building a business onli... http://t.co/Nka3DxFq via @level343

  • Ana Hoffman

    What You Don’t Know About Web Site Security http://t.co/QOdAcJmU via @SEOCopy

  • David Harry

    RT @SEOcopy What You Don’t Know About Web Site Security http://t.co/WhNUJGK1

  • SNC Geek On Call

    RT @SEOcopy What You Don’t Know About Web Site Security http://t.co/K3CRnxjs

  • DC Web Designers

    What You Don’t Know About Web Site Security http://t.co/IzodJ3zh #dc #seo

  • Ganpat Shinde

    What You Don’t Know About Web Site Security: Categories:Online MarketingOtherTags: HackedWe focus on so many are... http://t.co/8l6VWOAJ

  • Affordable SEO

    What You Don’t Know About Web Site Security http://t.co/IzodJ3zh #dc #seo

  • Jaheed

    What You Don’t Know About Web Site Security: Categories:Online MarketingOtherTags: HackedWe focus on so many are... http://t.co/WaAuMwRY

  • Web 2.0 Updates

    What You Don’t Know About Web Site Security http://t.co/wZJ6TSoU

  • BuyBestBacklinks

    What You Don’t Know About Web Site Security http://t.co/gzAm9icX

  • WebMarketing Group

    RT @SEOcopy What You Don’t Know About Web Site Security http://t.co/cYhgnkuF @netcentral

  • Laura-Lee Walker

    What You Don’t Know About Web Site Security http://t.co/h9VTCidx via @level343

  • Jimmy Hovey

    What You Don’t Know About Web Site Security http://t.co/UMqsuHoB via @SEOcopy

  • Misty D. Waters

    What You Don’t Know About Web Site Security http://t.co/FYrB3vB4 via @SEOcopy

  • MRCI Technology

    Securing Your Website and Preventing Malicious Attacks http://t.co/xJkPFpyB

  • MRCI Technology

    Securing Your Website and Preventing Malicious Attacks http://t.co/xJkPFpyB

  • Bonnie Burns

    Securing Your Website and Preventing Malicious Attacks http://t.co/ZuTlV0Ce #seo #security #ecombuffet

  • Bonnie Burns

    Securing Your Website and Preventing Malicious Attacks http://t.co/l2ZR2UzM #seo #security #ecombuffet

  • Bonnie Burns

    Securing Your Website and Preventing Malicious Attacks http://t.co/yVWgPuhg by #Ecombuffet

  • Bonnie Burns

    Securing Your Website and Preventing Malicious Attacks http://t.co/BJLBgi8g by #Ecombuffet

  • Bonnie Burns

    Securing Your Website and Preventing Malicious Attacks.Dispelling some commons myths http://t.co/ZuTlV0Ce #ecombuffet #security

  • Bonnie Burns

    Securing Your Website and Preventing Malicious Attacks.Dispelling some commons myths http://t.co/l2ZR2UzM #ecombuffet #security

  • Abel Pardo Fernández

    What You Don’t Know About Web Site Security http://t.co/G3pTcavo via @SEOcopy

  • Donna Fontenot

    Securing Your Website and Preventing Malicious Attacks http://t.co/nFu6ha2K

  • Ronak Shah

    Securing Your Website and Preventing Malicious Attacks http://t.co/nFu6ha2K

  • Marck V.

    What You Don’t Know About Web Site Security http://t.co/CWXmPmCk via @SEOcopy

  • Level-343 Team

    Our 400th fresh squeezed post - What You Don’t Know About Web Site Security - http://t.co/G3RqX485 | Welcome to reality...thanks @EcomBuffet

  • Level-343 Team

    Our 400th fresh squeezed post - What You Don’t Know About Web Site Security - http://t.co/G3RqX485 | Welcome to reality...thanks @EcomBuffet

  • Katy Schamberger

    What You Don’t Know About Web Site Security http://t.co/FFHelwjh via @SEOcopy

  • Gabriella Sannino

    Our 400th fresh squeezed post - What You Don’t Know About Web Site Security - http://t.co/j3KsopON | Welcome to reality... :) #shithappens

  • AndresPRCo ★★★

    Our 400th fresh squeezed post - What You Don’t Know About Web Site Security - http://t.co/j3KsopON | Welcome to reality... :) #shithappens

  • AndresPRCo ★★★

    RT @SEOcopy: Our 400th fresh squeezed post - What You Don’t Know About Web Site Security - http://t.co/bcoMhw7K | Welcome to reality... ...

  • Brenda Chapman

    What You Don’t Know About Web Site Security http://t.co/iMb5mL0w via @SEOcopy

  • Sue Cooper

    What You Don’t Know About Web Site Security - http://t.co/2RTl43iw

  • Level-343 Team

    What You Don’t Know About Web Site Security - Categories:Online MarketingOtherTags: HackedWe focus on so many areas ... http://t.co/V9rItieO

  • Sheree Van Vreede

    What You Don’t Know About Web Site Security http://t.co/LjzB2lEs via @SEOcopy

  • Shelly Kramer

    What You Don’t Know About Web Site Security http://t.co/kHTt5hR1 via @SEOcopy

  • Bonnie Burns

    What You Don’t Know About Web Site Security http://t.co/kHTt5hR1 via @SEOcopy

  • Bonnie Burns

    RT @ShellyKramer: What You Don’t Know About Web Site Security http://t.co/xDIplrFQ via @SEOcopy

  • Sylvia

    What You Don’t Know About Web Site Security http://t.co/kHTt5hR1 via @SEOcopy

  • Jim Dougherty

    What You Don’t Know About Web Site Security http://t.co/o2YPM13S via @level343

  • DemandCon

    What You Don’t Know About Web Site Security http://t.co/E0VjsD0I via @SEOcopy

  • Michelle Mangen

    What You Don’t Know About Web Site Security http://t.co/nhePlbek via @SEOcopy

  • Bonnie Burns

    Securing Your Website and Preventing Malicious Attacks by #Ecombuffet http://t.co/YH7wXBaB via @level343

  • Bonnie Burns

    Securing Your Website and Preventing Malicious Attacks by #Ecombuffet http://t.co/YH7wXBaB via @level343

  • Bonnie Burns

    Securing Your Website and Preventing Malicious Attacks by #Ecombuffet http://t.co/puXINPQz via @level343

  • Bonnie Burns

    Securing Your Website and Preventing Malicious Attacks by #Ecombuffet http://t.co/puXINPQz via @level343

  • Amy Vernon

    What You Don’t Know About Web Site Security http://t.co/R6nJaMEq via @SEOcopy

  • Thomas Petty

    What You Don’t Know About Web Site Security - http://t.co/ZuUIpTRk

  • rhythm7a

    What You Don’t Know About Web Site Security http://t.co/R6nJaMEq via @SEOcopy

  • Bonnie Burns

    Securing Your Website and Preventing Malicious Attacks. Dispelling some commons myths http://t.co/ZuTlV0Ce #ecombuffet #security

  • Bonnie Burns

    Securing Your Website and Preventing Malicious Attacks. Dispelling some commons myths http://t.co/l2ZR2UzM #ecombuffet #security

  • Gerald Weber

    RT @burnsie_seo: Securing Your Website and Preventing Malicious Attacks. Dispelling some commons myths http://t.co/nJJgLg0N #security

  • Blog Monster

    RT @burnsie_seo: Securing Your Website and Preventing Malicious Attacks. Dispelling some commons myths http://t.co/jfALuJ7k #security

  • Jamee Sheikh

    RT @burnsie_seo: Securing Your Website and Preventing Malicious Attacks. Dispelling some commons myths http://t.co/2Wtpruw0 #security

  • Mindy Philips

    What You Don’t Know About Web Site Security http://t.co/5Skrab5d via @SEOcopy

  • Sarah Arrow

    What You Don’t Know About Web Site Security http://t.co/T7pBGfxV via @level343

  • Sarah Arrow

    What You Don’t Know About Web Site Security http://t.co/Mf89n1mH via @level343

  • Glenn Ferrell

    Securing Your Website and Preventing Malicious Attacks via @level343 http://t.co/xMiHKXZM

  • Glenn Ferrell

    Securing Your Website and Preventing Malicious Attacks via @level343 http://t.co/xMiHKXZM

  • Joe Prasad

    What You Don’t Know About Web Site Security http://t.co/tZyrLJtd via @SEOcopy

  • Joe Prasad

    What You Don’t Know About Web Site Security http://t.co/tZyrLJtd via @SEOcopy

  • Lyena Solomon

    Securing Your Website and Preventing Malicious Attacks http://t.co/XHfJ9EVc

  • Crosspoint Creative

    What You Dont Know About Web Site Security - http://t.co/z8nl3vis

  • Nick Maples

    What You Dont Know About Web Site Security - http://t.co/z8nl3vis

  • Paul Morin

    What You Don’t Know About Web Site Security http://t.co/NhtN51JO via @SEOcopy

  • Image abrunden.

    Securing Your Website and Preventing Malicious Attacks http://t.co/PQzP5Pnu via @level343

  • Level-343 Team

    What You Don’t Know About Web Site Security http://t.co/jPus5qjw via @EcomBuffet

  • Jennifer Horowitz

    RT @level343: What You Don’t Know About Web Site Security http://t.co/zdDRZUiv via @EcomBuffet

  • Cindy Ashton

    RT @EcomBuffet: RT @level343: What You Don’t Know About Web Site Security http://t.co/MRyc8nr8 via @EcomBuffet = interesting

  • Bonnie Burns

    RT @level343: What You Don’t Know About Web Site Security http://t.co/zdDRZUiv via @EcomBuffet

  • Bonnie Burns

    RT @level343: What You Don’t Know About Web Site Security http://t.co/zdDRZUiv via @EcomBuffet

  • Bonnie Burns

    RT @EcomBuffet: RT @level343: What You Don’t Know About Web Site Security http://t.co/xDIplrFQ via @EcomBuffet

  • Bonnie Burns

    RT @EcomBuffet: RT @level343: What You Don’t Know About Web Site Security http://t.co/xDIplrFQ via @EcomBuffet

  • Backlink Wizard

    RT @EcomBuffet: RT @level343: What You Don’t Know About Web Site Security http://t.co/xDIplrFQ via @EcomBuffet

  • Backlink Wizard

    RT @EcomBuffet: RT @level343: What You Don’t Know About Web Site Security http://t.co/xDIplrFQ via @EcomBuffet

  • Geoff Livingston

    What You Don’t Know About Web Site Security http://t.co/EWx5uDoG via @level343

  • Big Girl Branding

    What You Don’t Know About Web Site Security http://t.co/0DVPpXUX via @level343

  • AliciaMarie Phillips

    What You Don’t Know About Web Site Security http://t.co/EsopZx0Q via @SEOcopy

  • Wasim Ismail

    Securing Your Website and Preventing Malicious Attacks http://t.co/24uMV8xK via @level343

  • Wasim Ismail

    Securing Your Website and Preventing Malicious Attacks http://t.co/24uMV8xK via @level343

  • Ching Ya

    What You Don’t Know About Web Site Security http://t.co/ohFj4zjX via @SEOcopy

  • Carla Young

    What You Don’t Know About Web Site Security http://t.co/N4vKeqRP via @SEOcopy

  • CarolynNicanderMohr

    What You Don’t Know About Web Site Security http://t.co/uufZYKIF via @level343

  • Shane Barker

    What You Don’t Know About Web Site Security http://t.co/eeJUCwCK via @SEOcopy

  • OutsourceIT

    Knowledge is power when it comes to being secure online. http://t.co/MT2TAe0D

  • Francisco Rosales

    What You Don’t Know About Web Site Security http://t.co/aB5lLPJj via @SEOcopy

  • DJ Thistle

    What You Don’t Know About Web Site Security http://t.co/BjixYckr via @level343

  • Eric Nadeau (Canada)

    What You Don’t Know About Web Site Security http://t.co/BjixYckr via @level343

  • Rajesh Rajput

    RT @sathishisaac: What You Don’t Know About Web Site Security http://t.co/GnyGF3QQ via @SEOcopy

  • Rajesh Rajput

    RT @sathishisaac: What You Don’t Know About Web Site Security http://t.co/GnyGF3QQ via @SEOcopy

  • Rajesh Rajput

    RT @sathishisaac: What You Don’t Know About Web Site Security http://t.co/GnyGF3QQ via @SEOcopy

  • Rajesh Rajput

    RT @sathishisaac: What You Don’t Know About Web Site Security http://t.co/GnyGF3QQ via @SEOcopy

  • Rajesh Rajput

    RT @sathishisaac: What You Don’t Know About Web Site Security http://t.co/GnyGF3QQ via @SEOcopy

  • Steve Hughes

    What You Don’t Know About Web Site Security http://t.co/RSDg5XFU via @level343

  • Level-343 Team

    RT @sbhsbh: What You Don’t Know About Web Site Security http://t.co/jPus5qjw | Thanks :)

  • Level-343 Team

    RT @sbhsbh: What You Don’t Know About Web Site Security http://t.co/jPus5qjw | Thanks :)

  • DialMe

    Securing Your Website and Preventing Malicious Attacks http://t.co/ZxXG4ntq via @level343

  • DialMe

    Securing Your Website and Preventing Malicious Attacks http://t.co/ZxXG4ntq via @level343

  • Bonnie Burns

    Securing Your Website and Preventing Malicious Attacks http://t.co/ZuTlV0Ce #seo #security #ecombuffet

  • Bonnie Burns

    Securing Your Website and Preventing Malicious Attacks http://t.co/l2ZR2UzM #seo #security #ecombuffet

  • Bonnie Burns

    Securing Your Website and Preventing Malicious Attacks http://t.co/ZuTlV0Ce #seo #security #ecombuffet

  • Bonnie Burns

    Securing Your Website and Preventing Malicious Attacks http://t.co/l2ZR2UzM #seo #security #ecombuffet

  • Bonnie Burns

    Securing Your Website and Preventing Malicious Attacks http://t.co/ZuTlV0Ce #seo #security #ecombuffet

  • Bonnie Burns

    Securing Your Website and Preventing Malicious Attacks http://t.co/l2ZR2UzM #seo #security #ecombuffet