Told your site is secure ? Think again...

phenomlab

Here’s another common occurrence that pushes all the wrong buttons with me. Those so called “website developers” who insist that everything is nice and secure, when it isn’t. During a FOC investigation for a friend who’s website has recently gone live, I see this

Why are companies and design houses doing this ? Why are they allowed to get away with it ? Small businesses cannot afford dedicated security personnel, therefore, I help where I can. If a design company cannot even perform the basic steps to secure a website against something as simple as an insecure and (virtually) obsolete cipher, then what else have they missed ? Judging by the screenshot, several items. The certificate isn’t much better either

achevez

my take is that they probably have a bunch of templates from all the work they have done. Security is not the priority, but functionality and looks. So.. copy and paste, and change the layout

phenomlab

achevez Exactly that - it’s nothing more than laziness in my view. It really doesn’t take that much effort ! I’m going to post an article I wrote a while back about securing WordPress to help bolster this message.

phenomlab

Here’s the link https://discuss.infosecforge.io/d/535-how-to-secure-wordpress-properly

Dave_Howe

Everything there is due to an outdated underlying engine, not the website itself.
but, that said….

phenomlab

Dave_Howe Love this strip….so true

phenomlab

Dave_Howe A cross post of https://discuss.infosecforge.io/d/338-how-much-of-the-cybersecurity-talent-shortage-is-self-inflicted/8 perhaps ? 🙂

Dave_Howe

phenomlab Just a broadly applicable message 🙂

phenomlab

Dave_Howe I can get behind that