Sixth of eight decks written to provide overview guidance of the way the web works for small to medium sized enterprises who are considering commissioning a web site for the first time. This deck introduces the idea that a web site is "not just for Christmas" and once set live, arguably, the work begins. Search engine optimisation (SEO) and cookie management and some of their associated legal issues are introduced
1. The Organisation As A System
The Performance Organisers
Structured Coherent Design
The Performance Organisers
Commissioning a Web Site
Part Six – Now you have a site, how do
you use it?
The introduction slide deck video can be downloaded here
This slide deck can be downloaded from:
http://www.jitsoftware.co.uk/training/websitecse/webexploit.pptx
The preceding video on web page writing can be downloaded
here
3. The Performance Organisers
About the Author:
• Allen Woods, recently retired.
• Ex British Army (1971 – 1995) Taught Arctic Warfare, Several Years
On Operations, Funded Himself through College to Study IT
• Chartered Member of the British Computer Society for 20 years
• Member of the Chartered Status Interview Panel for BCS
• In 2010, Finalist of UK “Developer Of The Year” Competition for HSIS
• Primarily Employed in UK Defence Supply Chain and Logistics IT
since 1995 until 2019
• Credits: MoD Health and Safety Information System, Various Internal
to Defence P&G Portals, CATMIS, IQB Oversight to Defence Voyager
Programme IM Transformation
• Home Domain: http://www.jitsoftware.co.uk/portal/
Commissioning a Web Site – Now how do you use it?
5. The Performance Organisers
Your Organisation Boundary
The Organisation Boundary
Client 1
Client 3
Client 2
Server room
Internet Service Provider
External Client
Technical Legal
Consultancy
Commissioning a Web Site – Writing a Web Page
Content
Manager
7. The Performance Organisers
Security Issues to consider……………………………
?
?
SAAS
And
External Code
<!--#include file=“http://www.anotherdomain/a folder/abitofcode.js" -->
?
?
The seduction of “free” and “simple”
Commissioning a Web Site – Now how do you use it?
SSL/TSL
Certificate
9. The Performance Organisers
Commissioning a Web Site – Now how do you use it?
Security policy should Include:
• IIS Configuration Settings.
• Response Headers (as per securityheaders.com advice)
• Role profiles.
• Web site password policy
• Records of processing activity
• Data Protection Impact Assessment (DPIA)
• Source code back up policy
• And more besides…..
It is reasonable to expect your site developer to be able to advise on
these issues…….
Not forgetting regular reviews
12. The Performance Organisers
Regular cataloguging cycles
Commissioning a Web Site – Now how do you use it?
Not forgetting, that
not everything
crawling the web is
benign..
ISP
Tech Support Content
Manager
14. The Performance Organisers
Commissioning a Web Site – Now how do you use it?
Some Observations
• There isn’t just one search engine………
• Some key web promotion capabilities are not search
engines anyway
• Search Engine Optimisation is now closely aligned as
part of business models to “cost per click” type
advertising
• “cost per click” tends to mean the more you can pay, the
more frequently your site will appear in search results
• Search for “SEO Techniques”
• SEO does not come “out of the box”, it requires work.
• Many SEO techniques require traffic sharing as part of
the deal….. Don’t forget liabilities of accountability.
15. The Performance Organisers
Commissioning a Web Site – Now how do you use it?
Optimise your content to facilitate cataloguing
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Hello World Baasic Page</title>
<style type="text/css">
.tabletitle {
font-family:Arial, Helvetica, sans-serif;
font-size: 24px;
color:#006;
height: 26;
font-style: normal;
font-weight: bold;
text-align: center;
}
</style>
<script language="JavaScript" type="text/JavaScript">
function showalert(){
alert("You clicked the text");
}
</script>
</head>
<body>
<span class="tabletitle" onclick="showalert()">Hello World. we've added a bit of code
now! Click the text</span>
</body>
</html>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="description" content="A sample Hello World web page to illustrate
some of the factors to consider when building a simple web site">
<meta name="robots" content="noindex, nofollow">
<meta name="revisit-after" content="30 days">
<meta name="copyright" content="All site content copyright The Performance
Organisers">
<meta name="keywords" content="separate, keywords, and phrases, with a comma">
17. The Performance Organisers
“Cookies” are small files or browser specific database
entries which are stored on a user's computer. They
are designed to hold a modest amount of data specific
to a particular client and website, and can be accessed
either by the web server or the client computer. This
allows the server to deliver a page tailored to a
particular user, or the page itself can contain some
script which is aware of the data in the cookie and so is
able to carry information from one visit to the website
(or related site) to the next.
Commissioning a Web Site – Now how do you use it?
Cookies what are they?
18. The Performance Organisers
A cookie is basically a string of text characters not
longer than 4 KB. Cookies are set in name=value pairs,
separated by semi-colons. For example, a cookie might
be a string like the following:
"theme=blue; max-age=60; path=/;
domain=thesitewizard.com"
Commissioning a Web Site – Now how do you use it?
Cookies how are they written?
19. The Performance Organisers
Extending the organisation boundary.. Controller/Processor
Relationships
?
?
SAAS
And
External Code
<!--#include file=“http://www.anotherdomain/a folder/abitofcode.js" -->
?
?
The seduction of “free” and “simple”
Commissioning a Web Site – Now how do you use it?
Cookies and the organisation boundary
20. The Performance Organisers
Commissioning a Web Site – Now how do you use it?
Cookies where are they stored?
To find out where cookies are stored you will need to
consult your browser documentation.
If you run or use more than one browser, then there is
likely to be more than one cookie location
Anything else?
Cookies can be used to provide a means to share
information by multiples of organisations.
21. The Performance Organisers
The Use of Cookies is governed by legislation. The Privacy
and Electronic Comminication Regulations. With, for the
UK, Information Commissioner advice and guidance on
cookie use available here. The PECR is going to be
replaced by ePrivacy Regulation (ePR)
Commissioning a Web Site – Now how do you use it?
<!--#include file=“http://www.anotherdomain/a folder/abitofcode.js" -->
The operating principle is one of consent. But consent per
use of each cookie. Bear in mind that some components
and SAAS applications may drop any number of cookies,
for any period of time… Regardless of your privacy
statements
Cookies and the Law…..
22. The Performance Organisers
If you do not need them
after careful
consideration, do not use
them.
Commissioning a Web Site – Now how do you use it?
Cookies and their use… Advice…
25. The Performance Organisers
A Case study.. Live but unnamed web site
Commissioning a Web Site – Now how do you use it?
26. The Performance Organisers
Commissioning a Web Site – Now how do you use it?
<!--#include file=“http://www.anotherdomain/a folder/abitofcode.js" -->
Internet Service Provider
Possible Routing……
27. The Performance Organisers
Commissioning a Web Site – Now how do you use it?
Just “Google Analytics”…
Your sensitive visitor details are being tracked by Google…….
28. The Performance Organisers
Commissioning a Web Site – Now how do you use it?
So.. An Alternative?
No cookies, no external code, no third party components hosted
by another domain
The Portal
29. The Performance Organisers
Commissioning a Web Site – Now how do you use it?
OK – How do I monitor all this?
Some free to use tools:
F12 – View Source (or browser equivalent)
Baycloud
Security Headers
Web Page Testing
OWASP
Security tools
The EU Information Providers Guide
There will be many more…………………….
Its your risk, your responsibility. Take advice
30. The Performance Organisers
Reading List:
Commissioning a Web Site – Now how do you use it?
The Personal Trainer IIS 8 Administration
Learn Search Engine Optimisation
The EU Information Providers Guide
The French Data Protection Authority (CNIL)
The UK Data Protection Authority (ICO)
The European Information Security Summit
UK National Cyber Security Centre
31. The Performance Organisers
Commissioning a Web Site – Now how do you use it?
Monitor and Manage:
License terms
Terms and Conditions of Use – Particularly Liabilities and Indemnification
Nature of service delivery – who is processing what?
Nature of monitoring – Beacons, cookies, bots
Transfer of data – PII, other sensitive data
Contract terms – BCR’s, possible need for European “presence”.
Change control
Site ranking
Content
And more besides……
A web site is not just for Christmas
32. http://www.jitsoftware.co.uk
Tel: +44 07780 568449
Email: allenwoods@jit-software.com
Skype: apw808
The Performance Organisers
Commissioning a Web Site – Now how do you use it?