On Sat, Apr 18, 2015 at 3:32 PM, S Moonesamy <sm+mu_at_elandsys.com> wrote:
> Hello,
> At 05:26 16-04-2015, Sun wrote:
>>
>> Best practices:
>> Check rwx permissions.
>> Keep CMS's updated.
>> Use strong passwords.
>> Use efficient code(so that you don't DOS yourself, been there :P )
>> Keep up with the latest news.
>> Have a backup plan to restore a website if need be.
>> Never stop learning
>> Have a contact channel so that people can report bugs.
>
>
> Thanks for sharing the above.
>
> The topic is about web practices. The problem would be Content Management
> Systems (software) practices as the security issues mentioned on the mailing
> list are mostly related to that type of software.
>
> Nirvan and Nadim mentioned that most web sites (in Mauritius) are
> compromised are they are running outdated Content Management Systems. I
> would rate the skills required to exploit a security issue in some versions
> of Content Management Systems as low. Is it a good idea to install software
> if the software will be running with serious vulnerabilities in a few
> months? I don't think so.
>
That's a problem that I often encounter as well. As time goes by, more
security issues are found in various CMSes. So by the time, you've
moved to another project, the client that you signed off is
vulnerable.
The Internet is a hostile place, and with more countries increasing
their cyber-warfare capabilities, this isn't going to be improve.
I think that we need to raise awareness of the issue with clients that
we work with. I acknowledge that it's a challenge when you work with
various clients and you have to bid the lowest. Sadly, this is true.
If you think in terms of money and customer goodwill lost, is it
really worth it ?
My experience suggest that it's not:
1) Downtime due to crack - loss of money
2) Clients losing trust - This can surprisingly be quite huge, unless
your website is known as google, or youtube. So clients might start
looking elsewhere.
In my experience, it's worth sending the client a proposal once the
project is completed, or close and tell him about the security risks
in terms of money/loss of customer goodwill being potentially at risk,
by charging for "security/reliability updates".
Received on Sat Apr 18 2015 - 16:00:01 PST
This archive was generated by hypermail 2.3.0
: Sat Apr 18 2015 - 16:09:01 PST