403 Web Security

A casual review of information found on the Web indicates the fact that a vast majority of Web sites are unsecured and easily breached by even unsophisticated hackers. Most of these sites had either no intention of being secure (no effort was put into security development or testing), the owners were lulled into a false sense of security because communication between the server and the user was encrypted (i.e., SSL) or casual login/password sequences were added. With little or no awareness of security requirements or a desire to implement basic security protection, it should be expected that, as found, almost all sites are open to security breaches.

To compound concerns over security, or the lack thereof, it can also be said that the majority of web designers and developers know little or nothing about building secure sites. Couple this with the fact that, when software testing is included in the overall development process of building a web site, the staff doing the testing is likely just as unaware of security as the development staff.

WDDinc is in the rare position of being staffed by developers who not only are at the top of their field in software development fundamentals but also share a passion for securing Web-based applications against hackers and security breaches. Our long standing involvement in Software Quality Assurance and first hand creation of very secure Web-based applications demands a mindset that places Web security at the top of our development efforts, not as an afterthought.

Web-based security is not just about logins and encryption, it’s protection against a huge number of security attacks, each of which can render your Web site useless, or worse, compromise the underlying data that you and your customers expect to remain private.

Web security development and testing is not for the faint of heart; it’s complex work where a poor implementation can cost your company more than you might be willing to pay.