Welcome to WebmasterWorld Guest from 100.25.214.89

Forum Moderators: phranque

Message Too Old, No Replies

Would you pay as a website owner to be made aware that your website is

security,website security

     
1:43 pm on Sep 15, 2015 (gmt 0)

New User

5+ Year Member

joined:Nov 10, 2009
posts: 3
votes: 0


As part of doing research on the possibility of offering security services for small to medium businesses operating online we are posing these questions to you:

1) Would you pay or not if you were contacted by a security researcher explaining that they believe(and can prove with permission) that you have a security hole in your code? The nature of the problem with your website is causing your source code to be leaked to the world. Source code that may or may not contain login details to other services, either FTP,MySQL etc.
2) Considering that website security audits price range from $40 - $10 000 and vary greatly depending on quality of service, how much would you pay if the researcher can prove to access source code of your website and provide a solution to remedy the problem?
3) Do you believe that the popularity of the website would determine the increase in asking price?
2:08 pm on Sept 15, 2015 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 15, 2004
posts:7139
votes: 412


how much would you pay if the researcher can prove to access source code of your website and provide a solution to remedy the problem?

Security penetration "testing" without prior authorisation ..is illegal almost everywhere..

You might want to rethink your business model..

As it stands you are likely to face court / jail time for hacking and or blackmail..

The first potential customer who goes to the police after your contact ( or before if they notice you in their site back end ) will likely result in your wardrobe changing to orange ( or your local jurisdiction's equivalent ) ..and your "friends" and neighbours suddenly becoming exclusively all the same sex as yourself..
3:06 pm on Sept 15, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member topr8 is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 19, 2002
posts:3476
votes: 76


Leosghost you certainly have a way with words! very eloquently put.

@webworxs i think there is a need for security consultants for SME's as they often don't prioritise security, either through unwillingness to spend or sheer ignorance.
finding customers who are willing to pay is the difficult part for all businesses.

i can't really offer a really good way of getting such business as i don't know.
as you know you can search google for tell tale phrases - usually error messages, which indicate potential security holes.
perhaps you could email webmasters with a link to google/bing serps showing the error messages for their sites and explaining that although you haven't actually yet tested example.com, it would seem the site might have security holes and you specialise in plugging and repairing such holes?

as for question (3), although it would seem a more popular website could be made to pay more, if you are looking at establishing a real business that is ongoing, then being seen to have a fair pricing policy is probably a better strategy. eg. the same price for the same work (irrelevant of who the customer is), although bearing in mind that bigger more popular websites may well involve more work than smaller ones ... not all jobs are infact equal.

re question (1) ... for myself personally, cold callers put my back up, and especially so in the case of security etc, to me i smell a rat in such situations. i personally would be inclined to listen to what the caller said and then contact someone else to verify the situation and if it was true to then look for someone to repair it (eg not using the company that contacted me).
8:19 pm on Sept 15, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15648
votes: 798


Would you pay or not if you were contacted by

You're kidding, right? Under what circumstances would anyone ever pay if they were cold-contacted by anyone other than the government, ahem asking for money?

Best-case response: letter goes straight into the recycling bin.
Worst-case response: ... comes not from the recipient but from the relevant law-enforcement body.