Menu Close

What security vulnerabilities lie behind your website code

There are over 2 billion websites on the internet today, 10 times the number compared to a decade earlier. Given that your website itself is built with computer text processing software, the written code of your website designers or that of the automated website builder tools will have vulnerabilities. This third part of our info-series lays bare the breadth of risks.


What security vulnerabilities lie behind your website code

The substance of your URL, apart from being the banner of the enterprise’s online presence, is your website itself which is built with computer text processing software components such as HTML (Hypertext Markup Language), CSS (Cascading Style Sheets) and JS (Java Script), along with your written content and other visual assets. 

The act of designing and coding even a static website requires a web developer with proficiency in each of HTML, CSS, and JS

If you have a tailored web application, which is essentially a more dynamic or interactive website built by a dedicated team of developers, you need to make sure to have security requirements that your developers can follow when designing it and writing the relevant code.  Integrated platforms known as Content Management Systems (CMS) automate the building of a website through user interfaces that literally allow you to click and choose pre-designed/coded parts of a website to implement your vision.  You can easily create and publish web pages provided you have purchased a domain name and subscribed to a hosting service. 

A website implemented with or without a CMS provider, needs to be security assessed in the context of either approach:  a site built from the ground up through a web developer coding directly via HTML, CSS, and JS will have inherent vulnerabilities.  A site built in the factory-sense through a CMS will have an additional layer of vulnerabilities relating to the software of the CMS provider. 

There are a variety of website vulnerability scanners

They all attempt to identify website configuration issues relating to the following:  code injection, broken authentication, sensitive data exposure, XML External Entities (XXE), broken access control, security misconfigurations, Cross Site Scripting (XSS), insecure de-serialisation, use of components with known vulnerabilities, and insufficient logging & monitoring. 

A long list of potential issues, indeed, but for the purposes of this part of our info-series, we merely want to give you a sense of the breadth of risks.  Crucially, there are very efficient tools for your administrators to test the code with which your website has been built and they suit all budgets. If your website is more than a static site and has dynamic functions such as web applications, be sure to carry out a web application vulnerability scan or better, a web application penetration test. 

This concludes Part 3 of our info-series on email & website security.  Next week, we bring you Part 4:  Building your own website is easy, but do you routinely update the software?

We hope you enjoy reading our research, designed for professionals who are not IT experts but thirsty for knowledge about the everyday tools to operate a business – your email and website.


On Key

Related Posts



Imagine you own a house and want to add an additional floor. First you have to review and strengthen the foundations. This service builds cybersecurity foundations to facilitate growth in a resilient, timely manner.

This service will also provide the company with a cybersecurity risk assessment and improvement plan but with significantly more support from a senior consultant to help the company embed improvements in a continuous, timely manner


The dreaded car MOT is looming. It’s the unforeseen wear & tear that results in some necessary annual maintenance. Our cybersecurity review will highlight what needs to be done as your engineers.

In addition to the context gathering stage and security footprinting service, a senior consultant will perform a risk assessment to understand the company’s cyber risks and provide recommendations. They will also be available to undertake monthly calls for answering questions, providing guidance and checking on whether risks are reducing.


You’re embarking on a more active lifestyle, chosen to go on a diet and get in shape. Think of this service as the cybersecurity equivalent of the personal trainer, helping you along the way.

After an initial context gathering stage, a junior security consultant will be available once per month to answer questions and provide recommendations based on company goals and activities. A cybersecurity footprinting service will allow the company to continuously monitor its external security posture.

Add Your Heading Text Here

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Add Your Heading Text Here

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.