Web Security and Ways to Fix It
Friday, January 15th, 2010
One issue that almost always crops up in web development work is the appreciation for web security. It’s probably what defines a good team from a bad team along a continuum from ignoring the security specialist to having complete faith in their advice.
The first take-away from Christian Heilmann’s article on Smashing Magazine titled Web Security: Are You Part of the Problem? is that you need to make sure at least one member of your team is up to speed. Everybody else needs to appreciate the importance of what that person tells them.
The second take-away is that no matter how much the world looks like a rosy cake of graphic design skills in our industry, it isn’t. Its in the marrying of good interface design, graphic design, business acumen and coding skills that make a good website. Unfortunately we’re in a world that tends to judge almost entirely on the superficial 6 seconds after the user arrives on a website – how does it look trumps is it secure? In other words, there is always pressure to make things look good but nobody pressures about writing better code until after you’re butt-shovelled by a Russian spamster or three.
And the third take-away from Christian in this article is to trust nothing – all data needs sanitising before you use it – and that URIs should be treated with similar mistrust. This is where the crappy web person is vastly different from the great web person if you’re out there hiring, employing or getting hold of a freelancer… the crappy person being the one who comes out with phrases like but it works, doesn’t it? How often have you heard that smidgen of cop-out?
Seriously, when it comes to your business and the web professional then you need to know up front before everybody’s credit card information is compromised that the web solution more than works, it works effectively. Securely.
