The document discusses creating a safe website experience for readers. It provides tips for improving website security posture, including employing defense in depth concepts, prioritizing good administration, recognizing threats from software vulnerabilities, controlling access, registering the website with search engines, and leveraging security professionals. The key message is that website security is an ongoing process of risk reduction, not a single action, and requires ongoing maintenance.

1. Creating a Safe
Website Experience
for Your Readers
A stroll through Website Security
design-bloggers-conference.com
garden-bloggers-conference.com
1

2. design-bloggers-conference.com/garden-
bloggers-conference.com
2
• Co-Founder and CEO at Sucuri, Inc.
• Website Security Professional
• Website Security Blogger
• Business / Management Blogger
• Brazilian Jiu Jitsu (BJJ) Practitioner
Who am I?

3. design-bloggers-conference.com/garden-
bloggers-conference.com
3
Thought Leadership:
•We are at the forefront of security disclosures on the web.
•We have extensive research initiatives and collaborations in place.
•We are committed to providing the required insights to website
owners.
Technical Validation:
•We Mitigate 40 million+ attacks a month.
•Scan over 3 million+ domains a month.
•Respond to 500 + security incidents a day.
•Secure 300,000 + websites like yours.
We secure your site so you don’t have to
Sucuri?

4. design-bloggers-conference.com/garden-
bloggers-conference.com
4
Why worry
about security?
No one cares about
my website

5. design-bloggers-conference.com/garden-
bloggers-conference.com
5
Your website has
value!
Your audience,
your reach,
your influence!

6. design-bloggers-conference.com/garden-
bloggers-conference.com
6
The Security
Landscape
- Malware distribution.
- Email spam.
- Web Server Abuses.
- Phishing Lures.
- Backdoors.

7. design-bloggers-conference.com/garden-
bloggers-conference.com
7

8. design-bloggers-conference.com/garden-
bloggers-conference.com
8
Who is doing this?
- Known as BlackHats.
- Motivated by money.
- Hacktivisim is real
- Everyone is a target.
- Automation is key.
- Targets of
Opportunity

9. design-bloggers-conference.com/garden-
bloggers-conference.com
9
Security
begins with
Good Posture

10. 6 Tips to Improve
Your Security Posture
design-bloggers-conference.com/garden-
bloggers-conference.com
10

11. design-bloggers-conference.com/garden-
bloggers-conference.com
11
Security is about risk reduction, not
risk mitigation.

12. design-bloggers-conference.com/garden-
bloggers-conference.com
12
Security is about risk reduction, not
risk mitigation.
Risk Will Never Be Zero!

13. design-bloggers-conference.com/garden-
bloggers-conference.com
13
1Employ
Defense
in Depth
concepts
Maintenance
Best Practices/
Principles

14. design-bloggers-conference.com/garden-
bloggers-conference.com
14
Security has always been about
People, Processes, and technology.
Somewhere along the way we have
lost sight of this simple fact.

15. design-bloggers-conference.com/garden-
bloggers-conference.com
15

16. design-bloggers-conference.com/garden-
bloggers-conference.com
16
Maintenance

17. design-bloggers-conference.com/garden-
bloggers-conference.com
17
Maintenance
Best Practices/
Principles

18. design-bloggers-conference.com/garden-
bloggers-conference.com
18
2Starts
with Good
administration

19. design-bloggers-conference.com/garden-
bloggers-conference.com
19
They told us getting online would be
easy, it takes 5 minutes to deploy they
said. They were right, they just forgot
to tell you that you have to now
maintain it.

20. design-bloggers-conference.com/garden-
bloggers-conference.com
20
3Threat of
software
vulnerabilities

21. design-bloggers-conference.com/garden-
bloggers-conference.com
21
As content creators we have no
business messing with software
vulnerabilities. We should however
recognize they exist and deploy tools
to help us avoid their exploitation.

22. design-bloggers-conference.com/garden-
bloggers-conference.com
22
4Access control is
often where it
starts

23. design-bloggers-conference.com/garden-
bloggers-conference.com
23
Let’s not forget that we are not as
unique as we believe ourselves to be.
Access mechanisms exist across the
entire website architecture, account
for every point of entry.

24. design-bloggers-conference.com/garden-
bloggers-conference.com
24
5Register
your
website
with search
engines

25. design-bloggers-conference.com/garden-
bloggers-conference.com
25
Search Engine Result Pages (SERP) is
the promised land for us content
creators, protect it at all costs. It takes
months, if not years to build it, and
minutes to lose it.

26. design-bloggers-conference.com/garden-
bloggers-conference.com
26
6Leverage
professionals
when you
can

27. design-bloggers-conference.com/garden-
bloggers-conference.com
27
Managing your online presence is not
a Do It Your (DIY) job. Leverage like-
minded professionals to help you
succeed.

28. design-bloggers-conference.com/garden-
bloggers-conference.com
28
A Quick Recap
- Leverage professionals wen you
can.
- Register with Search Engines.
- Be mindful of software
vulnerabilities.
- Access Control is very important.
- Active Administration sets the
tone.
- Appreciate the value of good

29. design-bloggers-conference.com/garden-
bloggers-conference.com
29
Security is not a singular event or
action, but rather a series of events
and actions. It begins with good
posture and the responsibility begins
and stops with you.

30. design-bloggers-conference.com/garden-
bloggers-conference.com
30
Social connections:
•Twitter: https://twitter.com/perezbox
•Twitter: https://twitter.com/sucuri_security
•Facebook:
https://www.facebook.com/SucuriSec
Read what I write:
•http://blog.sucuri.net
•http://tonyonsecurity.com
•http://perezbox.com
Let’s Socialize