Ignorance is not bliss, especially when it comes to web security

Unfortunately, far too many website owners follow the "out-of-site-out-of-mind" strategy of assuring website security. But there are a lot of hackers out there working diligently to get into websites to cause harm. And it doesn't have to be a large company website, either. They're just as happy wreaking havoc on small to medium sized businesses.

At Kirk website design & development company, we take website security very seriously. Here are some of the things we are fighting everyday and how we do it:

SQL Injection

If you don't like shots, you really won't like an SQL injection to your website. SQL injection attacks are caused by someone who uses your web form field or URL parameter to gain access to or manipulate your database. When you use standard Transact SQL it is easy for you to unknowingly insert this rogue code into your query that could be used to change tables, get information and delete data. At Kirk website design & development we prevent this by always using parameterized queries, most web languages have this feature. Make sure your website design agency does the same.

Stay up-to-date on software updates

Many of our clients use content management systems and other third-party software. When that's the case Kirk website design & development makes sure to quickly apply any security code updates from third party software vendors. If your website design agency isn't doing this, shame on them.

Double-cross cross-site scripting

Cross-site scripting is when an attacker tries to pass JavaScript or other scripting code into a web form. They then use the script to run malicious code for visitors to your site. At Kirk website design & development we prevent this by checking the data being submitted and encode or strip out any HTML. This is something every website design agency should be doing.

Error message TMI

Too much information in an error message can give hackers something they can use. For example, if you have a login form on your site you should never use an error message that specifies whether they got the username or the password wrong. That's the same as telling a hacker they got it half right. If a hacker tries a brute force attack to get a username and password and the error message gives away when one of the fields are correct then the attacker knows he or she has one of the fields right and can concentrate on the other field.

Server side validation/form validation

At Kirk website design & development we also do validation on both the browser and server side. The browser can catch simple failures like mandatory fields that are empty and whether you have accidently entered text into a numbers only field. These can bypassed, however, so you should make sure you check for this validation and deeper validation on the server side. Failing to do so could lead to malicious code or scripting code being inserted into the database or could cause undesirable results on your website.

Every website design agency should be doing all of the above. If you're not sure yours is, ask them. Next month, we,ll give you five more tips for keeping your website safe from harm.

Kirk Communications BlogKirk Communications on YouTubeKirk Communications on FacebookKirk Communications on Twitter