How to sell website security to customers

Written on 16 August, 2013 by Sarah Cripps
Categories: Web Design | Tags: security, software, website

Making a website or web application secure is of paramount importance, yet many customers are completely unaware of the threats out there. Whether it’s through sloppy coding or the latest zero-day exploits, there are many ways for a business to be compromised through their own website. These tips will help you get the message across and show your customers how your website security products can save their business.

Software versions

Keeping up to date with the versions of your hosting software is key to managing new security holes and exploits. Exploits are regularly discovered in all manner of software, and updating to new stable versions ensures you get the latest security fixes. Managing this process and checking existing software versions can be a timesaver and a reassurance for your customers.

File permissions

Often during the development and deployment of a website or application, file permissions are changed or left open for convenience. If permissions aren’t locked down when you go into production, the website may be vulnerable to attack. Simple checks and standardised permission templates can make this an easy win.

Encryption

Login screens, admin systems and any transactional or secure content should be handled over HTTPS, yet many customers don’t realise the issue. An entire site may be compromised by a hacker sniffing login information when unencrypted, and pointing out this vector of attack may also give you an avenue to promote SSL certificate products.

Validation and form security

Data and form validation are major culprits when it comes to websites being compromised.  If validation isn’t handled properly then exploits like SQL injection attacks can wreak havoc on a site or allow a hacker easy access to your information. Some customers and even their web developers may be unaware of this issue, or may have missed fixing it in some part of the site, giving you the opportunity to introduce SQL injection testing, malware detection and similar products. This is also a key area in which customers may not have the ability or the resources to create a solution themselves.

Backend security

Websites and applications often contain a backend that requires users to log in. This backend (often found through several common and well known URLs) needs to be properly secure but is often overlooked. Your website security services should make a point of this awareness and cover the entirety of any administrative system in its checks.

If you highlight these issues and their exposure in the media, you bring to light many issues that your customers may not have been aware of in the first place. Make this awareness part of your sales process and your website security products will be seen as indispensable to your customers.