Return to Previous Page
Mitchel Sellers is not only the Founder, CEO, and Director of Development for IowaComputerGurus (ICG), he is also one of its core technical contributors. He has personally managed hundreds of successful website and application projects, served as a technology professor at Des Moines Metropolitan Community College, and become a published author – writing or contributing to hundreds of articles and three industry-standard texts on programming for the Microsoft stack. This list of accomplishments is impressive – elevating him to seven-time Microsoft C# MVP, ASP Insider, Microsoft Certified Professional, and DNN MVP.
Mitch has a deep understanding of software development with a focus on proper architecture standards, performance, stability, compliance, and cost-effectiveness. And he is a recognized authority on building applications and enterprise websites on industry-standard platforms – including ASP.NET, MVC/MVC Core, SQL, Windows, and public clouds (Azure, Amazon AWS). But perhaps what customers remember most is his dedication to great service and support and the ability to communicate effectively with project stakeholders from the datacenter to the executive board room and back again.
When Mitch is not at the computer he is spending time with his family and flying his airplane from his home base in Des Moines, Iowa.
Website design, responsiveness, apps, performance, and cloud are the sexy topics these days. They get a lot of attention and we’ve helped hundreds of customers accomplish each of them. But whenever we are working directly with business customers or in partnership with another developer, we always make sure that website security is in the must-have list. For us, it’s just not an option … it has to be a top priority.
Having those kinds of conversations has become easier over the years. We’ve been writing and “preaching” about website security for years in our blog and through our series of white papers and resource guides. And every time the evening newscast leads with a story about a data breach or hacked website, the need to include security processes and practices in all aspects of website planning and maintenance becomes clearer. Fortunately, DNN is a great platform for implementing website security protocols. But where should you start?
Secure Socket Layer (SSL) is a two-way encryption method that ensures that the site visitor and the website itself are the only ones participating in the conversation. The privacy of this conversation is ensured by a trusted, neutral third party – the Certificate Authority (CA) – that verifies the identity of the website so they can establish a secure, encrypted connection.
We did some research for our SSL implementation white paper a few months ago, and we found that 67% of all active websites do not even implement the most basic levels of encryption. This one fact alone is astounding – especially since Google implemented search penalties for unprotected websites earlier this year. Other large browsers and search companies quickly followed suit.
Key Takeaway: Implementing SSL security is no longer just a solid security best practice, it’s a business and marketing imperative.
SSL Certificates Are Not as Difficult as They Used to Be
Fortunately, acquiring an SSL certificate has become relatively easy. There are dozens of CA companies who can help, including global providers Symantec and VeriSign, among others. In fact, the last few years has seen the rise of open source and community-supported CA projects as well. For example, LetsEncrypt.org is a community-supported CA that provides SSL certificates at no charge. It is sponsored by developers and business owners – people like you and us – and also by some of the biggest tech companies around. Corporate sponsors include Facebook, Google, Shopify, Automatic, Mozilla, and dozens of others – so the service has the kind of backing it needs to remain a great resource.
Once you have acquired your SSL certificate, here’s what you need to do:
Key Takeaway: Acquiring and installing your SLL certificate is not enough. Your site can still be unsecure, incur liability, and suffer search penalties unless you implement security best practices.
We have created a complete set of detailed instructions for each best practice listed above – including code samples – and put them in our white paper, titled “SSL Implementation and Website Security Best Practices.” In addition, it details three more best practices for basic website security beyond SSL. We have made this white paper available as a free resource to the community.
On our IowaComputerGurus white paper page you will find this paper along with several other free guides and white papers covering DNN, DNN EVOQ, ASP.NET, and MVC Core development topics. And as always, if you have any questions or need any help implementing SSL or other website security protocols … just ask. We are always happy to help.