[ Sponsored Links ]

Advertise here »

Web Design Best Practice Guide - The Missing Chapter?

reply to message » post a new message » e-mail to a friend »
Subject:  Web Design Best Practice Guide - The Missing Chapter?
Author:   WebSecurity:   view profile | all posts by this author | add to favourites
Date:   14:16:50 11 June 2007
 
The latest best practice guide Web Design Best Practice Guide has just been published.  The flyer says it includes chapters on 14 key aspects of web design and to help people who work in business and marketing roles, but also "used as a reference guide for web designers".  The Design Patterns, Best Practice Guides and Buyers Guides on e-consultancy.com are invaluable resources since they have distilled so much information into a succinct, legible format.

So I was extremely surprised to see that there was no chapter on Website Security.  There are separate chapters on web analytics, usability and accessibility - all great stuff, but if your customers download some malware such as a Trojan program or virus after visiting your web pages, will they ever come back?  What will happen to your insurance premiums if your insurers discover you have lost customer data through your website.  There is a chapter "The law - is your site legally compliant?" but security is more than just about compliance. 

Security is not just for the techies - it is a core business activity - and that means it's the business of the type of people who use the e-consultancy.com website. Your reputation is everything and in the current climate, website security is set to become the next prime motivator for website investment.  Better website security will help you win new customers and:

  • protect the website’s users,
  • protect your operational data, and
  • protect your reputation.

People who work in business and marketing roles need to understand website security issues so they can create a dialogue with developers, partners, suppliers about the risks and how to mitigate these.

An example: should you have a username and password login form on the home page (and possibly other pages)?  If this guide is to be used by designers (and developers), this type of information is vital right from the initial stages of conceptual design.  It is so much more expensive to start applying security later in a project.

Perhaps e-consultancy.com are planning a separate web security best practice guide?

Colin Watson
Technical Director
Watson Hall Ltd Web application security

By the way, the answer to the example is 'no' according to web security best practice.  The login form should only be located on a single https (secure) page with an address which the user can subsequently recognise as the correct address.
 
« Back to Internet Marketing Forum Previous Thread »
« Back to Internet Marketing Forum Post a new message »
Subscribe for only €299