There are millions of website attacks every day, 95% of which are automated and opportunistic. In this insightful interview, Kristina Romero speaks with the Master of Security, Dre Armeda about website security risks and precautions. Throughout the interview, Kristina gets the low-down on what we, as website developers and consultants need to be aware of (and implement) to ensure our clients are protected as best as possible from attacks.
Also, tune in to discover the one key plugin Dre uses and why he uses it.
Plus, just what is a “Soup Kitchen Server?”
Dre’s passion for security and educating people about risk and prevention clearly translates in his delivery of information and strategies in his discussion with Kristina.
This is an opportunity for us to increase the longevity of our client relationship. We can help them grow their site and increase the return on their initial investment through on going work. Dre sees a website as a living organism that actually comes to life the moment it goes into production. It’s therefore part of your role to encourage the growth and productivity of that living organism. There’s more to it than making it, handing it over and leaving it.
As a consultant you need to be all over – People, Processes and Technology.
You need to make sure that you have controls in place by implementing specific processes. Doing things like:
Dre suggests using tools to help you do this in layers. Like the layers of an onion, if one gets peeled away, there’s another layer under it, protecting the centre.
Basically, make sure everything is segmented to protect the client against infection and reinfection.
“Soup Kitchen Servers”
Dre coined this term to describe a server that has everything, including the kitchen sink contained in it. The server has no segmentation, which puts it at huge risk of cross contamination – whether it’s vulnerable or not. Beware of the Soup Kitchen Server!
Finally, you have a responsibility to your client to have an agreement in place around website security. Discuss this important element of the build in the early stages of your engagement and make sure they fully understand the significance. “Delineate responsibilities through expectation management,” says Dre.
Be sure to download Dre’s free security checklist below. While you’re there, drop us a comment. Let us know if you’ve had any nightmare experiences with clients and website attacks. You won’t be the Lone Ranger!