Monthly Archives: October 2013

Developing a Secure Website Using the Latest Technologies

Whilst security overall on the Internet has improved greatly over the past decade, some users are still wary about carrying out particular tasks online – especially where there is a need to enter personal information – and because of this, it is down to web developers and the businesses operating websites to guarantee that they have the right safeguards in place so that customers feel confident with using their website.  Whilst many web developers will be familiar with security measures such as SSL certificates that encrypt the information sent between a visitor’s computer and the server that is hosting the website, these have shown to be vulnerable and indeed recent leaks have proved that the NSA has managed to crack the algorithms behind SSL.  It takes a professional and well-skilled developer to craft a secure website because you need to be confident in the code that you are writing – any holes in the code that lies behind your website could represent potential exploits and access points for hackers.

 

Secure Coding Techniques

During the development of a web application, it is important to observe secure coding techniques so that the end result is one that is close to what you are trying to achieve and so that you won’t end up discovering a number of security holes during the testing process.  Examples of secure coding techniques can include:

 

  • Define security requirements early on – it is always a good idea to define the security requirements of a project early on in its life cycle so that everyone who is contributing towards the effort is able to develop code to the same standard and this will also reduce the chances of scripting needing to be modified to meet these requirements later on in the development process

 

  • Principle of least privilege – if there are processes included in the web application that require escalated privileges, you should endeavour to execute these processes with the least privileges possible and where escalated access is needed, this should be for a minimal amount of time to reduce the opportunities for hackers to exploit any holes in the script and gain access to the server

 

  • Model threats – identify the any potential threats and discuss what you should be doing to circumvent these; some web applications are going to be at a higher risk of attack than others, for example online banking systems, and there are other factors that will affect the types of threat that you will be exposed to including the scripting language used to develop the web application and even the target audience.

 

Security of Scripting Languages and Frameworks

Whilst all scripting languages and frameworks have been created with the intention of providing a solid core around which web applications can be developed, all possess their own characteristics in terms of the support that they offer and the features that are provided as standard.  Some of the security elements of the most popular scripting languages include:

 

  • PHP – overall PHP can be described as being a highly secure platform and this is reflected in the fact that it is used by a number of global companies to power their internal and external websites – the benefit of PHP is that it is an open source platform meaning that if you have your own server, you can make changes to the core of the platform to guarantee yourself that extra bit of security, some of these changes may include turning of error reporting or disabling particular functions such as ‘register_globals’ or ‘magic_quotes’

 

  • ASP.NET – in comparison with PHP, ASP.NET is a closed platform but has close ties with the Windows operating system and because it has been created by Microsoft, you can be guaranteed swift updates when any security holes are discovered – whilst not much can be done to improve the security of ASP.NET yourself, having paid for Windows you would expect commercial platforms to inherently come with a higher level of security than their open source equivalents.

 

As a conclusion, using an up-to-date version of PHP or ASP.NET on a secure server provides a strong basis on which you can develop web applications that will be able to see of most forms of attack.  Observing secure coding practices from the outset of a project will enable you to create a product that will give visitors the confidence they need to use your website and is likely to reduce your overall work load as it reduce the amount of modifications that need to be made once testing has been completed.

 

 

Google’s New Algorithm Update- Hummingbird!

The search giant revealed a new upgrade to its search algorithm which determines how it handles user requests and provides results.

The recent update which is said to be one of the biggest update to the constantly evolving algorithm can be named ‘Hummingbird’ however it has already been rolled out and affects a great amount of search queries.

Google Hummingbird Algorithm Update

At a recent presentation the company did not provide much details about the new update but said that the latest changes are in line with improving results for longer and more detailed search queries.

According to Google the recent changes are essential as users expect a more intuitive and responsive search engine which they can converse with in a natural way. This would mostly be in case when someone is using a Smartphone or other gadgets to use the search function. The new update is better at handling such requests as it is more capable of understanding concepts and co-relate it with others.

The new update is another addition to Google’s recent line of updates which are also named after animal like the Penguin and the Panda. The main aim of the earlier updates was to provide better results by removing spammy sites from the SERPs and giving preference to only high quality websites.

However, most of the search engine optimization experts echoed the same reaction that it was too early to comment on how useful the new update was and it would only be known as one gets to know it better with time.

Have you experienced any changes in you search rankings? What is your opinion about this? Let us know in the comments.