Website Security

What Is Website Security?

Securing your website can be compared with having the best possible alarm system installed into your home along with a 24 hour a day security watchman. The aim of website security is to stop anyone and anything gaining access to private data, from your server, and from your visitors. Essentially you want to create a completely secure and private platform.

How is a website hosting platform secured?

We have put together a list of points to take note of when securing a website below. You are most welcome to take the advice and try it yourself or let us help you set this up correctly. The tasks are intermediate to advanced. If you have no experience with website hosting it would be advisable to rather make use of a professional service.

What we do when securing a domain

If SSL encryption is enabled on your website it does not mean the site is 100% encrypted. Often non-encrypted data is pulled in via an external source or through non-encrypted folders and links. There are various online resources where you can test your SSL and see if the site is completely https or not. Form actions and places where people part with private information will be taking a risk if the site is not completely secured.
SHA1 used to be our only option but with the latest 2048-bit encrypted SHA256 standard, security has moved up a notch. In future the SHA1 standard will fall away as it is not as secure as SHA256. When getting an https setup done, it makes sense to give your visitors the best possible encryption standard there is available.
Once we install a certificate we test & verify that the certificate is valid and trust across all browser platforms. We also setup an automatic renewal process so that the certificate does not fall out of date by accident.
Why do we do this? If a hacker wants to compromise your server it make their task so much easier if they know what server environment the website is running on. By making this information private the attackers can not target the domain with specific known vulnerabilities. We do this this as a standard procedure when securing a domain.
Non-SSL http requests will always be changed to https SSL requests when strict transport security is implemented correctly. This is done to avoid MITM attacks which are possible when non-https information is passed from a secure website.
Cyper suites are considered insecure and are sometimes targeted by attackers. We disable cypher suites to stop any possible vulnerabilities
This ensures that sensitive private cookie information stays private and client side scripts will not be able to access the protected cookie.
Normally a cookie is transmitted in text format, making it very easy for a 3rd party to access the information while in transit. If the cookie data is with a secured format, the data can no longer be collected because of the encryption.
By setting up strict form validation, we eliminate script injections or any other untoward methods. Validation makes sure that you are collecting the right types of data for each input.

Ready to begin?

Fill out our form below along with your contact information and website address. Once you have sent us the info we will call you back shortly to organise a skype meeting or arrange a meeting if you are based in Cape Town to go over any finer details.


© 2017 Addweb. All rights reserved.

Navigation

Social Media