Tip #2 Web development tips and tricks

Tip #2 in this series touches on the topic of security.  With the latest heartbleed vulnerability within OpenSSL hitting the headlines security it currently at the forefront.  I think it is fair to say that security is not a priority for most web developers: for some it is not even on the radar.  The problem is, that it is way, way too easy, to roll-out a site for a new project, get paid and move on. But, what happens to the site a week, month or a year down the line?  Worse case scenario is the site gets hacked.  Why? Because, it is not being kept up-to-date with the latest security patches and your web developer has moved on.

The simple solution is to keep you platform up-to-date.  Whether it Magento, Symfony, WordPress or Joomla.  It needs to be kept current.  If you were offered a way to improve the security of your house would you take it?  Of course you would.  The same should apply to your website.  Security vulnerabilities are discovered all the time. We should give the framework vendors credit here.  They issue security patches with a high level of speed and efficiency.  The problem you face is getting that security patch installed on your website.  I’d suggest striking a deal with your web designer/agency so they are responsible.  Of course they would expected some recompense for this, but, it shouldn’t be a lot.  Any web designer/agency who will not agree to this are obviously not a good choice to begin with.  Security first!


Security Now – Security, education and coffee

Security_now_podcastSecurity now is a weekly pod-cast fronted by the duo Steve Gibson and Leo Laporte. The pod-cast’s primary topic is security within the IT sector. Each show normally focus’ on a given topic which is chosen by Steve Gibson – the Commander and Chief of all things security. The main subject fits around several regular slots which includes discussions about the latest security events. The pod-cast lasts around 60-90 minutes and is pitched at listeners with a medium to high knowledge within the security area. However, anyone who wants to learn about security will truly benefit from the show as Steve and Leo explain complex subjects in a manner that is very easy to digest.  Although the show is driven by Steve Gibson’s labyrinthian brain, Leo Laporte’s broader knowledge of everything IT brings a fresh edge to Steve’s in-depth crypo-speak.  The two compliment each other and occasionally digress into other areas of interest to the super geek; like books, coffee, nutrition and sci-fi.

The history of the show goes back to 2005 and they have recorded over three-hundred and fifty shows, each of these shows are available at GRC (Gibson Research Company) website.  The latest shows are also published on Leporte’s Twit network  The archive is well worth reviewing, some of the best pod-casts I’d recommend are Episode #325, 323 and 317 which delves into the bowels of how the TCP protocol – the backbone of the Internet.

For more information please visit Twit’s site!  You can even tune into the show as it is broadcast live.