Software and Web Application
Design and Development

Home > Security and Privacy

Security

Security is clearly a major concern for websites, and a policy of 'Defense in Depth' utilizing a range of different strategies is recommended, to avoid relying solely on any one approach.

Application architecture should be planned with security in mind from the outset with firewalls used to delineate security zones with different access privileges. Encryption and secure communication can be employed when necessary aand authentication and validation where required. Any input from users should always be filtered to prevent unauthorised access.

Webmasters must be aware of the latest security vulnerabilities and their fixes. Regular updating will help minimize risk.

Privacy Issues

Clients who pass on private information must be able to do so confident that this information will be kept safe and only used as intended. A clear Privacy Policy should outline what information is kept and how it will be used so that trust is maintained with users.

The adoption of a computer-readable protocol in addition to human-readable privacy document can enhance usability. Clients define their own privacy preferences which are compared to the company policy, and are alerted to any discrepancies between the two.

The most widely supported current protocol is P3P.