Is YOUR Website Vulnerable?

Posted by on Apr 11, 2018 in Blog, Web Security

website securityIf you read IT and web security news, then you know this is happening thousands of times each day, all over the world, but especially in the U.S. and Canada where our consumers are considered big, fat targets and our overall web security is notoriously weak.

This article in shows just another incident that few will hear about, but if you have a website, you really do need to pay attention to this one.

Here’s why – This business created a ride-sharing app intended to increase safety and security for women rideshare drivers and riders, yet unwittingly created the exact opposite – a security nightmare for women!

And, as has been the case over and over in millions of these incidents, only AFTER discovery (which generally happens only after a hack and customers have been harmed) does the website owner finally take security seriously and hire a company to do penetration testing and website security hardening.

Here’s what you need to know –

  1. Your web developer/designer is unlikely to be sufficiently knowledgeable  about web security
    • Even if they claim otherwise!
  2. If your website lets users input personal data, that data is probably vulnerable, VERY vulnerable

If you’re going to use a web developer who doesn’t also specialize in web security and web penetration testing, then ALSO hire someone for this purpose.

The quote ends by saying, “..including data security is vital..”, but such thinking is part of the problem causing developers to think they’ve done their job when they “include” input filtering functions.  Web security must be part of the foundation of your website – not something you add later or “include”.

I can do a web penetration test on most small business websites for just $99.  That includes reports to indicate strengths and / or weaknesses of your website.   This would include automated and manual testing and inspection.

If you’re using a good framework like WordPress, CodeIgniter or Yii2, you’re off to a good start, but it’s likely you have a bit more web security work to do.

Fixing your website security vulnerabilities can often be done for between $100 and $300.  Hosting on a secure server with SSL/TLS with an administrator who keeps a close eye on your server log files is another good step – and a service we offer (secure, managed hosting) from just $20/mo!

The owner of a Toronto ride-sharing app created to increase safety and security for women drivers and riders has suspended its services after being told that its user data was vulnerable to a breach. The Toronto Star reports that DriveHer was told by a security researcher that its software left women who signed up for it vulnerable to having personal information — such as names, home addresses, driver’s licences and insurance slips — exposed. The owner of the service said a third-party security firm is doing a penetration test on the app to review its security while the app is being fixed. The incident is a reminder to app creators that including data security is vital when building a solution.