Re: Website security

From: Loganaden Velvindron <loganaden_at_gmail.com>
Date: Thu, 9 Apr 2015 19:02:38 +0000

On Thu, Apr 9, 2015 at 5:46 PM, S Moonesamy <sm+mu_at_elandsys.com> wrote:
> Hi Ish,
>
> Congratulations on your appointment to the ICT Advisory Council. :-)
>
> At 02:26 09-04-2015, Ish Sookun wrote:
>>
>> A lot of website designers do nothing more than just installing a CMS
>> (WordPress, Joomla etc) and putting a purchased/downloaded theme. Those
>> themes usually have several dependencies which are typically plugins (not
>> developed by WordPress team). The issue with some web agencies is that they
>> install, put the logo and deliver. I guess with the high competition & low
>> prices that is all they would do. However, we discussed on this ML before
>> that security is a minimum that should be advised to the customer. Looking
>> at the state of several websites in Mauritius, security has not been given
>> attention by web agencies.
>

I dealt with those issues when i was doing freelance work. They don't
consider it as a security risk, until the client finds out that the
website has been compromised, and threatens to cancel the project.
Then you will see the web agencies scramble to put resources into
security work.

Another case is when a website that brings in money through
e-commerce. Think about a transaction every 5 minutes. If you have 1
hour downtime, you end up with losing money, which is bad.

In my experience, web agencies do not react until the security problem
has already happened.

Managers need to know that when they develop websites without good
sysadmins who can deal with security problems, they are taking huge
risks. the Internet has become a hostile place.



-- 
This message is strictly personal and the opinions expressed do not
represent those of my employers, either past or present.
Received on Thu Apr 09 2015 - 19:02:51 PST

This archive was generated by hypermail 2.3.0 : Thu Apr 09 2015 - 19:09:01 PST