Running a website is not easy from the standpoint of security and privacy. All web publishers are making a delicate balance between cost and security technologies, the more cyber defense ready the site, the higher the cost of running them. Any web developers worth his salt knows very well that TLS certificate is mandatory to have in order to gain “trust” from users. As long as the website captures the attention of users, the more attractive the website to cybercriminals.
In this article we provide simple things that even a neophyte web security master may implement to lessen the attack surface of a website:
Until now, HTTP has been the main communication protocol between browsers and servers. However, the number of people who use the Internet on the go is increasing, and the Internet is often used via a low-security wireless LAN connection such as public Wi-Fi. Now, data are transferred from the browser to the server and from the server to the browser. In the meantime, there are concerns about “security issues” such as malicious data being stolen and access IDs being tampered with. That is why “HTTPS” attracted attention. HTTPS uses the communication protocol that encrypts data called SSL (Secure Socket Layer) for the interaction between the browser and the server described above. Currently, Transport Layer Security standardized based on SSL is used as the latest version of SSL, so it may be called SSL/TLS or TLS. By communicating with encryption, it is possible to convert the data going back and forth between the browser and server into a format that is not meaningful to anyone other than the parties. In other words, the third party cannot eavesdrop on the data from the side while the data are sent and received, and only the parties can check the contents of the data.
An acronym which means: Completely Automated Public Turing test to tell Computers and Humans Apart, most users hate this and even us here in thethreatreport.com dislike it as well. CAPTCHA seems like an effective way to slow down access attempt brute-forcing, at the expense of the user’s time. How many times we are greeted with image-matching and reinterpreting characters that are actually unreadable in the first place. As a webmaster, you may wish to implement Captcha on your website, but we recommend you choose a different method. If you wish for high traffic for your side, Captcha is a sure way to disappoint website visitors.
We strongly recommend that backup options provided by the hosting provider to be explored. There is no perfect and absolutely secure hosting provider, however, having no option for backing-up the actual contents of the websites from a hosting provider proves the incompetence of the service provider. Please move your website hosting to a different provider that can offer an excellent backup procedure. An efficient backup system is the only insurance a web security master has in the event of malicious code injection and other exploits. Restoration to normal website functionality in a short period can only be done if there is a backup to fall to in case of technical problems.
We can provide much more complex tips, but that may have to wait as the three items we have enumerated here are fundamental items for a secure website today. The three mentioned items also do not require high cost, which means it is not prohibitive for website owners. Except for Captcha, which really annoys many users, the rest of the list are practical and do not cause any inconvenience for visitors and website admins alike.