Editor’s note: This is a Guest Post from Oyelaja Adebambo Oyekan, CEO of Cybernator Solutions. The article is aimed at providing tips and advice on how to ensure your website security. If you are a student developer or a newbie developer, you will benefit from this article. The article is also useful to Nigerian companies and organizations that have websites (especially government and their agencies).

The issue of web services and its security flaws has been a long debated issue. Dating far back into the creation of the world wide web itself. This brings us to questions like:

• What is web security?
• Why web security?
• Are there ever secure websites?
• What are the steps towards web security?

What is web security?

There are a lot of definitions to this but I have been able to combine various ones and come out with my own definition for this: Web security is the constant monitoring of a web application or service. I see web security like I see normal day-to-day security. To perfectly secure a material you have to keep constant watch over it and this applies to web security.

To secure your website you have to monitor it frequently. These days, the biggest threat to an organization’s network security comes from its public website and the Web-based applications found there. Unlike internal-only network services such as databases-which can be sealed off from the outside via firewalls-a public website is generally accessible to anyone who wants to view it, making application security an issue.

As networks have become more secure, vulnerabilities in Web applications have inevitably attracted the attention of hackers, both criminal and recreational, who have devised techniques to exploit these holes. In fact, attacks upon the Web application layer now exceed those conducted at the network level, and can have consequences which are just as damaging. So to keep perfect control over your website you have to watch over it often making sure that there are no intrusions and vulnerabilities in it.

Why web security?

This is another question that lingers on the minds of most web users. Take for example you run a social community network. A social community network is a network mostly available on websites like Facebook and Hi5. These are common sites and so I would not go into defining what they are.

If you run a site like this then web security is a RED ALERT issue for you. Running a site like that makes you responsible for communication between people who are not as professional as you are. All they do is use the applications you have provided for them to communicate with. Most of them may want to send detailed and personal data through your network. Now you see why I tick web security as a BIG ISSUE for you. Securing your website should be a major note on your mind because failure to do so leads to compromise of your costumers data. As a service provider, people depend on your services to run their day to day business activities. A flaw from your own service could cause a lot of disruption to their services.

Any secure websites?

My plain answer to that is NO. Because if it can be built, then it can be broken. But you can secure your website and network to a certain level that makes a breach almost impossible.

7 Steps Towards Website Security

Securing a website and network is not a small task, but on the other hand there is a level to which you can make your web apps more sure. Below are a list of things that you could do to make your web apps more secure.

1. Install server monitoring software: There are a lot of free server monitoring software that can be installed on your web servers. They help you keep track of what goes on in your website while you are away from it.
2. Use a reliable web host: I have been trying some web hosts recently and trying to see what kind of security they offer and I would recommend Hostgator, Godaddy and JoyEnt. Note: All Nigerian web hosts do not host independently.
3. Back up databases and other data often
4. Switch to linux hosting
5. Get a really good developer to build your applications: Most times we go into application design by hiring people who do really great design. But the problem is that these design guys know little about core coding. To build a secure web app would take both a designer and a core developer.
6. Read more about web vulnerabilities
7. Pray Hard: This is the biggest solution. Seriously lets face it: Even Yahoo, Microsoft, Pentagon, NSA, Punch Nigeria, and a lot of these other big companies have been hacked, except for Google perhaps. I wonder how they build their stuff. To keep the bad guys away you need to PRAY HARD!!! You could do fasting too, if your apps mean that much to you. Just kidding…