Tag Archives: web
What Is Good Web Design?
Anyone can design a website. There are plenty of templates, freeware and online instructions that allow anyone with access to a PC and a bit of free time to try their hand at web design. But once you start putting a website together you begin to realise that there is far more to good web design than first meets the eye. Simply putting a couple of pictures up with some text that may contain a few random keywords is not going to see your site powering its way up the Google rankings. So what are the vital ingredients for good web design?
Content, content, content
For many years, the established web design practice was to put together a site first and then create the content to fit the ‘gaps’ left over. Now, because of the emphasis placed on original content by the search engines, good web design incorporates killer content right from the start. There’s no point having a website that looks pretty if the information contained is totally irrelevant, poorly written or just plain wrong. So good web design has to take into account both the visual elements and how the content works with that to create a website that’s pleasing to the eye and delivers on its promise of being interesting, informative and engaging.
Pointing the way
Good web design has to have a ‘plan’ – a roadmap that guides the visitor around the site and works towards an end goal. That end goal could be heading towards the checkout on an ecommerce site or signing up for a newsletter, subscribing to a blog or other interactive processes. Clear, concise signposts that encourage a visitor to explore the site in more depth can prevent them from ‘bouncing’ to a competitor’s site before they have completed their ‘mission’ – namely to buy your product or answering your call to action.
Speaking of which
What is a ‘call to action’? Is it an important part of good web page design? The simple answer is yes, it’s a vital component of good site design, particularly for a business site. A call to action can be something as simple as ‘click here for more details on our latest special offer’ (always include a ‘tempter’ to encourage them to click the link) or it can be more subtle, gently leading the visitor through the site towards the end goal. A strong call to action encourages visitors to interact with the site more pro-actively than just reading a block of text or looking at a picture.
Is a website ever ‘finished’?
Web design is an ongoing process. It’s never ‘finished’ but is always a ‘work in progress’. Sitting back and hoping that your ‘completed’ website is going to continually climb up the Google rankings and keep pulling in new customers is a misnomer. Unlike traditional printed marketing materials, a website is an organic thing that continues to grow and develop with your business. As your business expands, so should your website. Good web page design continually tweaks, updates, refreshes and renews, encouraging visitors to return regularly and to build up a relationship with your site. Interesting sites get linked to, and those juicy inbound links in turn encourage the search engine ‘bots to sniff you out and push you up the rankings. And all of this happens organically on the foundation of good web design.
If you’re determined to grow your business online and want to know more about what makes up good web design, talk to an agency with a proven track record in producing effective web page design concepts for businesses online.
How could Web application (in)security affect me?
Nearly 55 percent of all vulnerability disclosures in 2008 affected web applications.
Web applications have become the major hunting grounds for cyber criminals who quite rightly view them as low hanging fruit. Just as building new motorways improves access for traditional burglars and car thieves, web applications internet accessibility literally delivers them to the hackers doors.
For some time now, cyber crime has simply been another arm of organised crime. And organised crime is pouring a substantial portion of its vast resources into cyber crime … because the return on investment is very high.
Organised crime goes to great lengths to get its hands on any information and the more confidential it is, the better. Once theyve hacked into an application, they can either make use of it themselves or sell it on to others. They can also take control of the various resources such as servers and databases that house that information and turn a profit from that as well.
Having gained control of your computing power by exploiting vulnerabilities and adding code to your application, they add your power to their existing haul and create botnets a global network of robots reporting to their master command-and-control node which can be directed to attack other organisations, or sold to other criminals who, once they hold enough power, can orchestrate denial of service attacks.
No longer is it enough for these criminals to boast of their hacking prowess; these days its all about the money. Given that a properly engineered denial of service attack is powerful enough to bring down pretty much any global multi-national corporation or, in fact, any small country and take them off-line for the duration, this is not about bragging rights, its extortion. It is money-motivated from start to finish.
Because all information and all computing power is grist to the mill for the criminals, no company is too small and certainly no company is too big to be targeted. And as the security in large enterprises is often no better than small entities, size is truly no barrier to the criminals.
And no business can afford the consequences of a security breach. At the very least, mismanaging confidential information almost always leads to reputational damage. Reputational damage leads to departure of existing clients as well as difficulty attracting new business a situation that can go on for many years. There are obvious bottom line implications to those consequences; in the most extreme cases, businesses can go under.
According to IBMs X-Force 2009 Mid-Year Trend and Risk Report, the predominant risks to web applications are from cross-site scripting, SQL injection and file include vulnerabilities.
Cross-site scripting vulnerabilities occur when web applications do not properly validate user input, thus allowing criminals to embed their own script into a page the user is visiting. This script can steal confidential information or exploit existing vulnerabilities in the users web browser. Cross-site scripting vulnerabilities are typically exploited in phishing attacks by sending users a malicious link to a page in a legitimate domain name via email. The criminals get high returns because users trust the familiar domain name they are visiting and thus trust the links (created by the criminals) therein.
SQL injection vulnerabilities are also about improperly validated user input, but in this case that input includes SQL statements that are executed by a database, giving attackers access to that database to read, delete and modify sensitive information (like credit card data) as well as embedding code into the database allowing attacks against other visitors to the web site.
File-include vulnerabilities occur when the application is forced to execute code from a non-validated remote source, allowing criminals to take over the web application remotely. This category includes some denial-of-service attacks as well as techniques that allow criminals direct access to files, directories, user information and other components of the web application.
Facilitating all these kinds of attacks is the fact that many web sites contain some code to support various features and functions which inadvertently introduces vulnerabilities.
Russian roulette, anyone?
How could Web application (in)security affect me?
Nearly 55 percent of all vulnerability disclosures in 2008 affected web applications.
Web applications have become the major hunting grounds for cyber criminals who quite rightly view them as low hanging fruit. Just as building new motorways improves access for traditional burglars and car thieves, web applications internet accessibility literally delivers them to the hackers doors.
For some time now, cyber crime has simply been another arm of organised crime. And organised crime is pouring a substantial portion of its vast resources into cyber crime … because the return on investment is very high.
Organised crime goes to great lengths to get its hands on any information and the more confidential it is, the better. Once theyve hacked into an application, they can either make use of it themselves or sell it on to others. They can also take control of the various resources such as servers and databases that house that information and turn a profit from that as well.
Having gained control of your computing power by exploiting vulnerabilities and adding code to your application, they add your power to their existing haul and create botnets a global network of robots reporting to their master command-and-control node which can be directed to attack other organisations, or sold to other criminals who, once they hold enough power, can orchestrate denial of service attacks.
No longer is it enough for these criminals to boast of their hacking prowess; these days its all about the money. Given that a properly engineered denial of service attack is powerful enough to bring down pretty much any global multi-national corporation or, in fact, any small country and take them off-line for the duration, this is not about bragging rights, its extortion. It is money-motivated from start to finish.
Because all information and all computing power is grist to the mill for the criminals, no company is too small and certainly no company is too big to be targeted. And as the security in large enterprises is often no better than small entities, size is truly no barrier to the criminals.
And no business can afford the consequences of a security breach. At the very least, mismanaging confidential information almost always leads to reputational damage. Reputational damage leads to departure of existing clients as well as difficulty attracting new business a situation that can go on for many years. There are obvious bottom line implications to those consequences; in the most extreme cases, businesses can go under.
According to IBMs X-Force 2009 Mid-Year Trend and Risk Report, the predominant risks to web applications are from cross-site scripting, SQL injection and file include vulnerabilities.
Cross-site scripting vulnerabilities occur when web applications do not properly validate user input, thus allowing criminals to embed their own script into a page the user is visiting. This script can steal confidential information or exploit existing vulnerabilities in the users web browser. Cross-site scripting vulnerabilities are typically exploited in phishing attacks by sending users a malicious link to a page in a legitimate domain name via email. The criminals get high returns because users trust the familiar domain name they are visiting and thus trust the links (created by the criminals) therein.
SQL injection vulnerabilities are also about improperly validated user input, but in this case that input includes SQL statements that are executed by a database, giving attackers access to that database to read, delete and modify sensitive information (like credit card data) as well as embedding code into the database allowing attacks against other visitors to the web site.
File-include vulnerabilities occur when the application is forced to execute code from a non-validated remote source, allowing criminals to take over the web application remotely. This category includes some denial-of-service attacks as well as techniques that allow criminals direct access to files, directories, user information and other components of the web application.
Facilitating all these kinds of attacks is the fact that many web sites contain some code to support various features and functions which inadvertently introduces vulnerabilities.
Russian roulette, anyone?