A good reason to blog for your business is to boost your company's reputation. Search engines find your content, and search engine users find you. If your content is compelling, a relationship may be established. Your blog is a chance to make a first impression with a potential customer.
Amid all the buzz of blogs and business, something usually gets short shrift -- application security. The multinational law firm Pinsent Masons maintains an IT and e-commerce issues blog called OUT-LAW.COM, and a recent post takes up this issue.
Citing some statistics and advice from a white paper by computer security system vendor Network Box (free registration required), the post gives some ideas on the scope of the issue and recommendations on what a blogger can do to mitigate the risks, which include potential damage to your company's reputation.
The white paper identifies comment spam and SQL injection as the top threats to a blogging environment.
Comment spam is one of the ways that malicious third parties can abuse the visitor content creation features to your detriment. This was one of the forms of "virtual blight" that Google spam fighter Matt Cutts discussed in his talk from this past Wednesday.
Compendium addresses from several angles:
Cautious parameter validation on the server side provides a first line of defense. The next line is using care in how query strings are formed. Consideration of these points is an integral part of our development process, not an afterthought. Moreover, they are backed up with regular code reviews and continuous refinement of our coding standards.
Unfortunately, bugs are a tough thing to completely eliminate in the real world, so vendors typically have to issue security updates. The Network Box white paper recommends that corporate blog applications be updated when new releases come out.
Here is where relying on sotware as a service, like Compendium Blogware, has a distinct advantage. Instead of tracking when a vendor updates and then going through the process of rolling out the new version to production, the hosted application provider takes care of the updates for you. Here at Compendium, releases are usually pushed out on a weekly basis, so when isues are found, it won't be long before a fix is on the way.
When you base your corporate blogging platform on Compendium Blogware, many of the issues of maintaining a secure blogging environment will be taken out of your "worries" tray. Isn't that a price worth paying?
Amid all the buzz of blogs and business, something usually gets short shrift -- application security. The multinational law firm Pinsent Masons maintains an IT and e-commerce issues blog called OUT-LAW.COM, and a recent post takes up this issue.
Citing some statistics and advice from a white paper by computer security system vendor Network Box (free registration required), the post gives some ideas on the scope of the issue and recommendations on what a blogger can do to mitigate the risks, which include potential damage to your company's reputation.
The white paper identifies comment spam and SQL injection as the top threats to a blogging environment.
Comment spam is one of the ways that malicious third parties can abuse the visitor content creation features to your detriment. This was one of the forms of "virtual blight" that Google spam fighter Matt Cutts discussed in his talk from this past Wednesday.
Compendium addresses from several angles:
- Comment forms require a name and a syntactically valid e-mail address. The comment will be rejected if these form elements are not provided.
- A CAPTCHA must be successfully completed, otherwise the comment will be rejected.
- The text of the comment is stripped of all HTML tags.
- URLs are converted to hyperlinks with the the
rel="nofollow"attribute to prevent spammers from feeding off of your search engine reputation. - Comments must be reviewed and approved by the company's local blog administrator before going live. There is no way for the spammer to bypass this.
Cautious parameter validation on the server side provides a first line of defense. The next line is using care in how query strings are formed. Consideration of these points is an integral part of our development process, not an afterthought. Moreover, they are backed up with regular code reviews and continuous refinement of our coding standards.
Unfortunately, bugs are a tough thing to completely eliminate in the real world, so vendors typically have to issue security updates. The Network Box white paper recommends that corporate blog applications be updated when new releases come out.
Here is where relying on sotware as a service, like Compendium Blogware, has a distinct advantage. Instead of tracking when a vendor updates and then going through the process of rolling out the new version to production, the hosted application provider takes care of the updates for you. Here at Compendium, releases are usually pushed out on a weekly basis, so when isues are found, it won't be long before a fix is on the way.
When you base your corporate blogging platform on Compendium Blogware, many of the issues of maintaining a secure blogging environment will be taken out of your "worries" tray. Isn't that a price worth paying?
Comments for The Importance of Security in Corporate Blogging
Leave a comment