Top 4 Bad Habits Web Developers Need To Forget
Laziness when it comes to updating
Be it the CMS (Content Management System), or the underlying MariaDB version that runs at the back-end, web developers need to end the habit of not updating the components of the website’s back-end. This is especially true when it comes to the extensions of the CMS, as they need to be updated as well to fix security bugs. It is unfortunate that some web developers will only take notice of the old version in the event a bad news such as a bug or an exploit is discovered in the software stack. Refuse from becoming a potential victim of security issues, by keeping the software stack up-to-date, the client’s brand will be heavily damaged if the website experience a security breach in the future.
Use of Unencrypted pages
With the popularity of letsencrypt.org, it is no longer an alibi for web developers to create a HTTP-only/unencrypted website. With the letsencrypt.org project, anyone can have a valid digital certificate acceptable by mainstream browsers without spending a dime. The Let’s Encrypt project states: “We give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can. We do this because we want to create a more secure and privacy-respecting Web.” Yes for HTTPS everywhere, it is no longer acceptable to have a site on HTTP-only mode, as modern versions of browsers will automatically label the site as ‘not secure’ by default, discouraging traffic to the site as people don’t see a green padlock on their address bar.
The Unimportance of Web Application Firewall
Allowing weak authentication procedure
There are still some web developers that never impose password complexity requirements for the site they develop for their clients. Passwords such as Password123, OpenSesame, P@$$w0rd and qwerty should never be allowed in the system. A simple policy of increasing the password complexity, such as more randomness can help prevent brute force attacks from being successful.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.