I’m currently taking a detailed a look at what it means to make a website completely ‘secure’. This is a bit of an unattainable concept really, given that there are so many hackers and spammers out there, and there are so many ways they can cause havoc. However, there are a few basic things that people working on web-based applications can do that will make their website 80-90% secure, and hopefully dissuade all but the most determined intruders.
There are a remarkable number of websites that are completely open to exploitation, and opportunistic hackers and spammers will target these unprotected sites rather than wasting their time trying to get into sites that have some protection, so it makes sense to do at least the basics. A great book I’m using for this is ‘Hacking Exposed: Web Applications‘ by Scambray, Shema and Sima.
I guess this is a bit like looking for a highly thievable car in a car park (perhaps an older model with limited security), and making sure you park alongside it – your car will stand a better chance of being overlooked.
This reminds me of what my friend Ian used to do with his old Opel – he would always leave the glove compartment open when he left it, so any prospective thief would know it wasn’t worth the effort of breaking in – although I don’t think you can really do this with websites, which is a shame, because most of the websites I develop are of astonishingly little interest to anyone!