Secure Web Development and Marketing - Coursework Example

Secure Web Development and Marketing Secure Web Development Introduction The process of coming up with a secure web application requires one to address a complex set of security issues (Cross, 2007). In order for designers and developers to come up with the most secure and hack-resilient web applications, they have to build them with security in mind. They, therefore, need be considerate of particular secure design guidelines and concepts that include input validation, authentication, cryptography, and session management. Other concepts are parameter manipulation, sensitive data, auditing and logging. These aspects are essential in secure web design, and if ignored will result in a compromise of the security of the site. Developed criteria Security is of the utmost importance when building web applications. One would employ a criterion that would first ensure that the passwords used are of sufficient length. They should not contain elements of a weak password such as ordinary dictionary names. The next step the criteria would be to evaluate the encryption technique used. A good encryption is that whose ciphertext cannot be decrypted to obtain the original text or message. One would therefore employ SHA-2 as the encryption algorithm. The network hosting the web application needs to be secure. Thus, the criterion would employ network intrusion devices to identify any weaknesses on the firewalls. One would use firewalls that apply port-based security. Hence, full access to the network is granted only after the user has been authenticated. The criterion would make use of demilitarized zones (DMZ) in the design of the system hosting the web application. These zones limit the access of attackers to the central servers and prevent cross-site request forgery (CSRF).The criterion will also ensure that the web application uses the secure hypertext protocol (HTTPS). It is important to make proper use of Web API through role-based security to authenticate users, who should disable javascript in their browsers. Advantages and disadvantages of the criteria developed The above criteria, if employed, would result in a secure web development process as it uses various software engineering techniques. It shows how these methods can be beneficial in keeping the website secure. For example, the advantage of using a secure password is that it is difficult to hack. The strength of the password increases when special characters are included, and both numbers and keyboard characters used. The disadvantage with this, however, is that strong, lengthy passwords are hard to remember, and they may end up being written down, making them prone to attackers. The criterion advocates for the use of a strong encryption algorithm. This technique makes it tough for a hacker to carry out an attack. Even if the attacker can intercept the traffic on the website, trying to decode its message would be difficult. The port-based security in the firewalls limits access to the central servers, and anyone without the right credentials cannot access the network devices related to the web application. An attacker would, therefore, not manage to launch an attack through the use of these devices. The use of DMZs further limits access to the core devices that host the network. Evaluation of the criteria developed The criterion ensures that the web application process is secure. It employs stringent measures regarding authentication and authorization, making the resulting web application accessible only to the right users. It also provides a way to ensure that any network traffic to and from the website cannot be compromised even when man-in-the-middle attacks are executed. The criterion also ensures that the networks directly associated with the website are designed in such a way that their security would be extremely difficult to compromise. This criteria proposes a framework that is very secure, and limitations would only arise from the people using it. Case study of the attack on eBay Hackers used cross-site scripting to carry out an attack on eBay users. This technique enabled them to input a malicious code on eBay’s website that redirected users to a fraudulent site (Latest eBay, 2014). Through the use of javascript, the attackers were able to trick users into submitting their credentials to the attackers. These details were later used to access eBay’s customer database. This attack on eBay shows flaws in the security of the website. The criteria developed outlines the guidelines necessary to build a secure website from the beginning. Thus, any weaknesses detected along the way can be addressed before the website is launched. eBay’s case shows that the website’s vulnerabilities were not thoroughly analyzed before hosting it, and continuous monitoring of the website’s activity was also not done. The criteria developed employs use of network intrusion devices that would have easily detected the malicious activity of the attackers. eBay was not aware of the attack until they were alerted by consumers. The criteria described above also urges users to disable javascript in their browsers. This move would have prevented the attackers from gaining access to their login credentials that were later used to hack the customer database. Marketing Introduction Once a website has been created, the next step is to attract new, qualified traffic. There is a variety of marketing strategies that one would apply to achieve this traffic. They can be broadly classified as search engine strategies, the use of social media, linking strategies and mass email strategies (Potts, 2007). Paid advertising can also be implemented. Search engine optimization increases the website’s visibility in ‘organic’ or ‘natural’ search results. Linking strategies drive additional traffic to your from other sites. As such, the search engines consider your site most relevant according to the number of outside links it has. Proposed criteria The best way to market a website would be based on the following criteria. They would use keyword phrases to optimize the website pages. These key phrases would be a short description of what each page contains. If they are hyperlinked by the search engines, they convey as much information as possible to the reader. One would also make the website part of the social media community by having social accounts. Through these accounts, one would provide direct links to the site, generating awareness and increasing the website’s traffic (Page, 2012). Traditional strategies can also be applied, and include having the website’s URL on literature, cards, flyers, coupons, and stationery. Emails can be used as a marketing tool since people need to be engaged multiple times. One would structure the website’s content in a way that makes it more attractive. Owners can advertise the site through AdWords and TV advertisements. They would also use the linking strategy to raise the page rank among other related sites. Since links from trusted and popular sites help to raise a website’s page rank, one would submit the site to key directories. Such include the free Open Directory Project (Page, 2012). Advantages and disadvantages of the developed criteria The criteria described above has a very stable framework, and its implementation is likely to yield positive results. Through the search engine optimization (SEO), the website’s visibility and relevance to the searched topic are improved. It will, thus, be among the top websites related to the search. By hyperlinking the title of the pages, the information becomes more provocative to the reader, and they are more inclined to visit the site. The criterion also employs the use of linking strategies. This in turn helps raise the page rank of the website amongst similar sites. The criterion lists it among key directories, and both the quality and quantity of the incoming links are of high stature. Thus, the rank of the page is improved. Many people share articles and other information around the globe through the use of social media. It is thus very economical in terms of cost, and at the same time very efficient. The criterion also employs use of emails to market the website. Thus, you can keep the subscribers up to date on new products and opportunities. It is a great way to reach out to consumers, but if the emails become too frequent, they risk being termed as spam (Potts, 2007). Evaluation of the developed criteria The criterion developed is stable and very flexible. It can be tailored to match the needs of any form of website. This criterion addresses various ways through which a website’s existence can be brought to the attention of people without causing any discomfort to any person. It also explores advertising techniques that can be employed at both the local and international levels, with some methods being very economical as is the case with social media. It also brings to the attention of the website administrator the techniques they would employ in relation to search engines to improve the visibility of the website. Case study A real world example of a website that has gone to extreme ends in ensuring that its visibility is always among the top is www.gsmarena.com. This website majors on information about mobile devices. It lists their prices, key strengths, and other relevant information that the reader may be interested in. This website has made use of search engine optimization techniques to a significant level that most times it tops the search results whenever a person searches about a particular mobile device. Its approach to the idea of using key phrases to increase the visibility of a website is so advanced that it beats even that applied by the parent companies of the mobile devices it advertises. This success proves just how powerful search engine optimization and linking strategies can be when used to market a website. The site also makes use of the social media platform and is active in writing blogs, making it a preferred choice to those with an interest in news and technology surrounding the mobile industry. By doing so, it ensures that it remains relevant and popular among its followers. References Cross, M. (2007). Developers guide to web application security. Rockland, MA: Syngress Pub. Latest eBay flaw is a rookie mistake for a website. (n.d.). Retrieved May 6, 2015, from http://www.pcworld.com/article/2241305/latest-ebay-flaw-is-a-rookie-mistake-for-a-website.html Potts, K. (2007). Web design and marketing solutions for business websites. Berkeley, CA: Friends of Ed ; Page, R. (2012). Website optimization: An hour a day. Hoboken, NJ: John Wiley & Sons. Read More