Web Development

Prioritize Website Security

security headers

Based on the latest Ipsos report, 76% of Malaysians have encountered and been targeted by scams at one point in their lives; records from the National Scam Response Centre (NSRC) reported that over RM1.34 billion was lost to scammers in 2023. 

In today’s digital world, making sure your business website looks nice is not enough. It’s crucial to focus on keeping it safe from online threats. This is why business owners should prioritize security when designing websites and look for web developers who understand the importance of including security features. 

Aiya but my website is just a small company, wont be targeted by hackers and security threats one lah.” 

Is your data and business not worth protecting? 

Everyone is a target in Malaysia’s online fraud frenzy – Jan 2024
Cyber security continues to be a top concern in Malaysia – April 2023
Online scam cases increasing in Malaysia due to low awareness on cyber crime – Sep 2022

Why Security Comes First

A visually appealing website is great, but without robust security measures in place, it’s exposed to potential cyber threats. Here’s why security should be your top priority:

  1. Avoiding Unnecessary Expenses: Investing heavily in your website’s aesthetics is futile if it remains susceptible to malware and hacker invasions. Ensuring strong security measures are in place protects your investment and your site.
  2. Safeguarding Sensitive Information: Implementing effective security protocols is crucial in protecting your customers’ data from unauthorized access.
  3. Earning Trust from Customers: A secure website is fundamental in reassuring visitors that their personal information is safe, fostering trust and loyalty.
  4. Compliance with Legal Standards: Adhering to regulations regarding the handling of customer data is non-negotiable. A secure website is key in meeting these legal requirements.

The Benefits of Security-Focused Web Developers

Web developers who pay attention to security features offer many advantages:
1. Better Defense Against Cyber Threats: These developers can build websites with stronger protections, making it harder for cyber-attacks to succeed.
2. Staying Proactive Against Risks: By including security features from the start, web developers help prevent common vulnerabilities that attackers might exploit.
3. Making Legal Compliance Easier: Web developers who understand security standards can help businesses meet legal requirements more effectively, reducing the risk of costly mistakes.

In essence, it’s not just about how a website looks; it’s about making sure it’s safe from online dangers. Choosing web developers who understand this balance between design and security can provide businesses with a strong and reliable digital presence. 

Get Security Headers enabled

  1. Protect your site from XSS attacks (helps prevent the browser from loading malicious assets).
  2. Defend against clickjacking attacks. Clickjacking is a deceptive technique used by cyber attackers to trick users into clicking on something different from what they see. This is done by placing hidden clickable elements over legitimate content, leading users to unintentionally perform actions they didn’t intend to, such as sharing sensitive information or granting permissions without realizing it. Implementing strong security measures can help protect against clickjacking attacks.
  3. Strengthen Data Protection: They assist in bolstering the security of sensitive data transmitted to and from the website, safeguarding it against unauthorized access and interception.

Security Header Scanner helps to check if a website has security headers and how well they work. This kind of scanner usually looks at the HTTP response headers that a web server sends to see if certain security-related headers are present or not and how they are set up. 

Definition

server This Server header seems to advertise the software being run on the server but you can remove or change this value.
x-xss-protection X-XSS-Protection sets the configuration for the XSS Auditor built into older browsers. The recommended value was “X-XSS-Protection: 1; mode=block” but you should now look at Content Security Policy instead.
x-frame-options X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking.
x-content-type-options X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is “X-Content-Type-Options: nosniff”.
strict-transport-security HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.
content-security-policy Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. Analyse this policy in more detail. You can sign up for a free account on Report URI to collect reports about problems on your site.
referrer-policy Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
permissions-policy Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.