Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Worth protecting my website? - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Worth protecting my website?
Hello brothers and sisters :)

I am currently volunteering for a small child protection NGO, and in order to help them with communication I designed this website http://vivegamgodfrey.org

I have no experience in IT and this is my first website, so I was wondering if it is relevant to install some serious security features in it, what do you think? Could we be the target of hackers?

And if so, which features should we include?

Thanks for the attention you gave to this request!
Anonymous

If you're a not-for-profit, maybe reach out to your local security community to see if there might be someone local who might be interested in volunteering to help out with this?
To start with, I'd suggest:
don't have any input fields - these are a great way to leverage attacks such as xss or any kind of injection. inputs can certainly be secured, but they're an easy place to make mistakes, and really should be revisited regularly as new attacks are developed
don't use a CMS such as Drupal, Wordpress and so on - it's a difficult job to keep those secure, especially if you use any CMS plugins in the website
scan the site regularly for simple coding issues - the OWASP ZAP project has a great free tool. Burp is a commonly used commercial production, Netsparker also falls into that category.

That won't get you all the way there, but those 3 things are a decent start ..
Rob VandenBrink

513 Posts
ISC Handler
Thank you very much for your valuable answer and understandable at my basic level of IT!
I will then remove the text forms I included, and scan the website using your website!!
Concerning the volunteering, I will transmit this information to the chairman, as I will be leaving the NGO soon I will not have time to find someone myself

Thank you again for considering my question, I wish you have a very good day!
Anonymous

-
Thank you very much for your valuable answer and understandable at my basic level of IT!
I will then remove the text forms I included, and scan the website using your website!!
Concerning the volunteering, I will transmit this information to the chairman, as I will be leaving the NGO soon I will not have time to find someone myself

Thank you again for considering my question, I wish you have a very good day!
Anonymous

-

Sign Up for Free or Log In to start participating in the conversation!