editione1.0.0
Updated October 9, 2023How do attackers tend to get access to these low-hanging fruit websites? The answer usually falls into one of three categories:
Weak credentials for accessing the domain name registration website, website hosting provider, content management platform, or website server itself.
Unpatched website software.
Unnecessary services running on the website server that are not safe.
This chapter assumes that you have either a static website (for just providing information), or you’re hosting an e-commerce site. If your business’s priority is web application software development, or you want more perspectives and applications of security principles, see Part III.
To close these most common gaps, we need to consider who we get help from, where the website is hosted, and what website hosting and software configurations we have available to set up.
While this chapter will go through the steps to take to elevate your website higher up that internet fruit tree, let’s be honest—not all of us are website fanciers or connoisseurs. While it wouldn’t be worth it to outsource management of your email, outsourcing websites are a different story.
A service provider who looks after your website’s security is often responsible for:
Picking and managing the hosting providers and software you need for running a website.