next »

[chienquang]

I'm dealing with one customer, his site is about introducing services but he wants to put "Hacker Trusted Certificate" or something like "Trusted site" on his site.
So, is there anyone who knows about that or had experiences can give give me some suggestions?
Thanks in advanced!

[mrhaw]

http://www.webmasterworld.com/webmaster/3542938.htm

[chienquang]

Thanks for your answer, mrhaw!
That's great topic about the value of "Hacker safe certification", but it hasn't answered my question yet. I want to ask if I can put a "Hacker safe certification" on Modx site, and how.
is there any other suggestions?

[sottwell]

Google, select one, pay them and do the audit.
http://www.mcafeesecure.com/us/
http://www.trust-guard.com/Hacker-Safe-s/42.htm

[pepebe]

Put one of those badges on your site and you are sure to get some serious attention by humble sportsmen proofing you wrong.

If your customer doesn't know it, please tell him that something like a hacker proof site doesn't exist. Period.

Apart from undiscovered exploits and hosting/server related issues, you have to face all kind of other problems, most of them related to stupid users/clients unable to properly manage their passwords and usernames.

Putting a badge like that on your site will sooner of later result in angry visitors/customers/clients disapointed with your claims.

Regards,

pepebe

[sottwell]

Indeed. At best all these do is provide a rather basic known-vulnerability check, such as checking for open ports and such. Anybody who is running a serious web site that needs to protect its data should be either hosting with a provider who already provides such a certificate (which may or may not mean anything at all), or should hire somebody to manage their servers in a secure manner. If you're on shared hosting, there are quite likely at least 200 other sites being hosted on the same server. Who can possibly guarantee that one of them is not doing something stupid that allows access to the whole server? Can you really trust all of your hosting provider's employees not to be selling access to the servers? Or doing something stupid like making a quick-access back door for themselves? It's been known to happen.
http://www.darkreading.com/security/perimeter/showArticle.jhtml?articleID=208803634

[rthrash]

I agree with the above but sometimes it's easier to just check boxes in some circumstances than to try to explain to customers that really aren't technically qualified to otherwise know. The same thing can be said for meta keywords tags in document headers: there's a million other places to extend your efforts, but it's many times just simpler to say, "put them in this box here". One of the security test certs certainly does not harm.