Re: Website security

From: Ish Sookun <ish_at_hacklog.in>
Date: Thu, 9 Apr 2015 13:26:56 +0400

On Thu, Apr 9, 2015 at 11:05 AM, S Moonesamy <sm+mu_at_elandsys.com> wrote:

> Hi Ish,
> At 23:24 08-04-2015, Ish Sookun wrote:
>
>> Now, what happens if a web developer leaves the application's "error log"
>> inside a public directory? A similar situation exist at MIPA[1] and
>> onlyrent.mu.
>>
>
> From http://www.onlyrent.mu/contact/
>
> "This is the sidebar widget area. Please go to WP-Admin > Appearance >
> Widgets
> to drag and drop your preferred widgets in this area."
>
> Did you drag and drop your preferred widgets in there? :-)
>

​A lot of website designers do nothing more than just installing a CMS
(WordPress, Joomla etc) and putting a purchased/downloaded theme. Those
themes usually have several dependencies which are typically plugins (not
developed by WordPress team). The issue with some web agencies is that they
install, put the logo and deliver. I guess with the high competition & low
prices that is all they would do. However, we discussed on this ML before
that security is a minimum that should be advised to the customer. Looking
at the state of several websites in Mauritius, security has not been given
attention by web agencies.​

I visited some friends while they participated in last year's
WebCup[1][2][3]. They used web frameworks and build upon some libraries.
The winning team apparently bought an HTML template on the Internet :-) To
me that was a blunder as the judges could not identify glitches in simple
HTML code.


> The level of web site security in Mauritius is very poor. There isn't a
> lot of interest in trying to fix the security issues.
>

​Yes.​

[1]
https://swaniyah14.wordpress.com/tag/webcup-sultansofweb-web-technology-superhero
[2] http://blog.nirvan.pagooah.com/articles/webcup-2013-mauritius
[3] http://www.yashvinblogs.com/webcup-2013-maurice

​Regards,​

-- 
​Ish Sookun
- Geek by birth, Linux by choice.
- I blog at HACKLOG.in.
https://twitter.com/IshSookun ^^ Do you tweet?
Received on Thu Apr 09 2015 - 09:26:56 PST

This archive was generated by hypermail 2.3.0 : Thu Apr 09 2015 - 09:36:02 PST