Causes for vulnerabilities

In front of technical knowledge
comes organisation

Go to the menu-list
img alttext

The basics of security

Before throwing a huge list of "to do's" at you, I would like to bring some structure to the matter (because I don't want you to overlook the most obvious reasons for security-breaches).

When you are developing a website, (hopefully) you are educating yourself about how to do it safely and how to implement basic aspects of security. This can be quite complicated at times.

But before diving deep into the technicalities: what about your environment? Are you operating in a safe spot? Have you protected your machine well enough? And what about your house (or your office)?

Gate opening and closing

Keep the gate closed

Not an advertisement, but looks like it

List of possible causes:

Internal causes

External causes

Unknown causes

Mostly the cause of a security-breach becomes known after investigations, but sometimes it doesn't: needless to say that this is a real nightmare. If you do not know what caused it, you can not be sure it doesn't happen again; ofcourse: you can build a new system from scratch to be sure that old unknown vulnerabilties do not exist anymore, but what if the reason was a user with malicious intents? This person might do the same again in a completely new environment.

There has been several databreaches in the past of which until today we do not know what caused them: sensitive information about users of a gambling site, a genealogy website, a health-care system, a people finder, smart-phone applications and more have been compromised in the last few years.

 

Footnotes: