Make security a priority when making a new website!

The Gen-Y has taken over the Internet. They are moving on to Web 2.0. Interaction, sharing and taking part is more important than quality control and security considerations.

The latest addition is Reddit - the link-sharing website where you can promote your own content, and have potentially millions of readers value it. If you are lucky, your story makes it to the top.

These types of sites requires user interaction. Which means they let their visitors type in data in a field, and send it back to their servers. Data can be names, stories, images - just about anything. Users can be anyone with a computer and an e-mail address. Combining anything with anyone spells TROUBLE to most of us.

Child porn, bomb patterns and spam on one side, loads of quality content and interaction on the other side.

The challenge for Web 2.0 sites is to have a high level of interaction, combined with a strickt control on what is going on. Many tools and technics has been developed during the years to ease the workload of a website owner. One of the first things we learned back in the 1990 was to make sure the users who posted data on our systems operated inside a secure scope. We did not allow posting of scripts, code and other malicious content using our forms.

Over the years we have had storms of SQL-injections and exploits crossing the Internet. You would think that in 2007 any website and service would have learned. Perhaps not the smallest kiosk in Siberia, but any Web 2.0 sites should have taken precautions by now.

So a big surprise it was when Reddit showed it had its form all open for any kind of attacks. The malicious content spread fast on the website - after all a spam bot is not that hard to set up and test.

So what can you learn? Make sure that when you are setting up your website - be it a blog, a company promotion site or a Web 2.0 interaction tool - pay attention to security. Many things can easily be taken care of when making the site. Use a professional webdevelopment company. Check their references, and consider hiring a security consultant to test the site before it goes public. Make sure that you understand that it is much easier (and thus cheaper) to cater for security early in the development. To fix a flaw when the site is finished may cost ten-folds of doing it while development.

Got any other stories? Share them!