Website Security: How a Website Developer Can and Can’t Help
The talk over what has to be one of the most publicized computer hacks ever — that of Sony Pictures Entertainment by North Korea (If you by chance haven’t read about this, catch-up here) has quieted down, but it raises a valuable question about website vulnerability that every company must address.
We recently asked Citrus Studios’ website developer Steve Rifkin about how web programmers can keep client’s websites secure. Here’s what he said:
There is no silver bullet as it’s not always the website developer that makes something secure. Without getting too technical, the best possible outcome for making any software secure is to follow the best practices for that software. These include security updates and working within the specification of any API documentation provided. We try to stick with open source frameworks because that provides the added benefit of being technically supported by the many people who release their work to the public. These releases include security patches and are critical in keeping systems secure. We also adhere to the integration methods for these frameworks and avoid any “hacks” to get what we need done without introducing loopholes.