Cybersecurity challenges continue to be an evolving for website designers and developers. Everyday, hackers create new malware strains and perform sophisticated attacks that can devastate client websites.
SiteLock is promoting Cybersecurity Awareness Month and as a web designer or developer, it is imperative that you understand your role in the security of your clients’ websites. Many people assume that you are handling every aspect of the site, including its protection. Because of this, you must take action and understand how to provide that security.
Web design and development can be lucrative careers, however it comes with a great deal of risk and uncertainty. Customers rely on designers and developers to not only design a beautiful and functional website, but also to protect it. Unfortunately, this means that as a designer or developer, you may be held responsible, fair or not, for damages caused by hackers on websites that you created.
When Alpine Bank was breached in 2015, the web developer was held responsible for more than $150,000 in damages. According to court documents, the web developer did not maintain the website, install basic anti-malware software, install critical software patches, or encrypt customer information.
In another case, a web development and hosting company, Graphics Online, in Australia was forced to liquidate their entire business. The company had incurred over $100,000 in costs to remediate damage from cyberattacks and purchase software to further protect itself and its customers. Unfortunately, the developer was unable to recover the costs and had to refer customers to other providers.
A recent study shows a disquieting 86 percent of applications written in PHP contain at least one cross-site scripting (XSS) vulnerability and 56 percent have at least one SQLi vulnerability. Both XSS and SQLi can cause significant damage to websites and are listed in the Open Web Application Security Project (OWASP)’s Top 10 most critical web application security risks.
Hackers exploit XSS vulnerabilities in order to send malicious code to an unsuspecting user. According to OWASP, XSS attacks are a type of injection in which malicious scripts are injected into trusted websites. When customers visit these websites the malicious code can access sensitive information that is shared by the user with the website. This information can then be used to hijack user sessions or to deface visitor websites.
SQL injection occurs when attackers insert or “inject” input data into a website allowing them access to an entire website database. This includes reading sensitive data, modifying or deleting website files and corrupting the website itself. For website owners, this can result in stolen and/or sold customer and visitor information. The website could also be shut down entirely.
These vulnerabilities lie in the website code and can be patched by developers who know where to look for them. However, this requires constant monitoring. Using tools that automatically identify these vulnerabilities can dramatically improve the timeline for fixing the issue and reducing damage to the website.
You can protect your customers and their websites by taking a proactive approach. Finding a partner that can help you monitor the growing list of cyberthreats and stay on top of them will ensure this. Integrate malware scanning and a web application firewall into your development and design plans so that you can monitor your clients’ websites for potential vulnerabilities and protect them from future cyberattacks.
Learn more about the SiteLock and how we help web designers and developers protect their clients, and ensure a strong and trusted relationship with them.