Penetration testing, often abbreviated as pen testing, is an essential process to ensure you maintain a safe and secure website. But what exactly does pen testing involve, and how can you rest assured your agency partner is covering all potential vulnerabilities for you?
This article will provide a detailed guide to penetration testing, helping you minimise your security risks and ensure your website is fully protected.
In a recent series of articles published in our resource library, we provided an in-depth explanation of the end-to-end process of building a high-performance, enterprise-grade website. (If you’d like to read that series first before learning about pen testing, you can start here).
After you’ve worked with your agency partner to successfully build your website, you’ll also need to ensure your site is protected from cyber security threats. With that in mind, you should understand the important role that pen testing plays in effective website security and maintenance.
What is Penetration Testing?
Penetration testing is a form of website testing that’s used to identify security vulnerabilities When conducting pen testing on your site, your agency will simulate a range of cyber attacks that could be used by cyber criminals or malicious software (malware).
The purpose of this is to identify security weaknesses within your site and take action to prevent them from being exploited in the real world. This approach goes beyond basic tests, as it doesn’t just list the vulnerabilities, it examines how they could be exploited and helps to prevent that from happening.
Why is it Crucial for an Agency to Conduct Penetration Testing?
Website security is critical in today’s digital business landscape. Cyber security threats have become highly intelligent and sophisticated, now capable of penetrating even the strongest security networks.
For instance, global technology giant Acer was the victim of a cyber security attack that demanded a ransom of $50 million USD in recent years.
The outcomes of a cyber attack on your website could be catastrophic, either through sensitive data being stolen, lengthy losses of business continuity, or even reputational damage.
Remember, your site’s security isn’t just vital to you as a business, it’s also something your clients need assurance with when they agree to work with you. You should be taking as many proactive steps as possible to ensure your security measures are rigorous enough to match high levels of risk.
Covering All Bases for Robust Security (in WordPress)
It’s useful to be conscious of the common security weaknesses and pitfalls cyber criminals typically aim to take advantage of.
Security vulnerabilities can be created when your website is running on outdated versions of your platform, or if something hasn’t been configured or integrated properly. Other common pitfalls include weak authentication measures and insufficient protection from the perspective of your users.
With platforms like WordPress, there are some areas in which less experienced agencies could allow security vulnerabilities to creep in as well. For instance:
- Auto-updates – When your platform’s software is automatically updated, changes in the code can cause new security weaknesses to arise.
- Plugins – Using WordPress plugins from untrustworthy sources, or neglecting to update and maintain your plugins properly, can also cause security issues.
This is one of many reasons why it’s important to work with an experienced agency partner who has proven platform-specific knowledge and expertise. Your agency should know your CMS of choice inside out, and should therefore be well aware of all the most common security pitfalls and targets for cyber attacks.
What Does Effective Penetration Testing Involve?
To conduct pen testing, your agency’s security experts will run through a process that attempts to penetrate your site’s security measures.
This is usually done in stages, as follows:
1 – Planning and Preparation
- Review the results and analysis of any previous tests (if there are any)
- Define the scope of the testing, including which tests will be performed
- Gather all necessary data and information on the system to conduct the testing
- Determine the criteria of success or failure for the tests.
2 – Running the Tests
- Use automated tools to scan for vulnerabilities and identify weaknesses
- Attempt to exploit the identified weaknesses
- Repeat the tests with different types of user roles and permissions
- Measure the outcomes against criteria for success or failure
- Create a report on the outcomes and results of the tests.
3 – Post-Testing
- Review the reports and analyse the results
- Remediate and resolve the vulnerabilities that were able to be exploited
- Re-test the vulnerabilities to ensure remediation was successful.
The Benefits of Thorough Penetration Testing
Working with an agency partner who can support you with ongoing pen testing is a necessary step towards gaining enterprise-grade security for your website.
Technology changes so quickly today. Your platform receives updates regularly, your site is always growing, and cyber criminals are constantly finding new ways to breach your defences and gain access to your data. Penetration testing allows you to keep the pace with new emerging vulnerabilities.
Conducting regular pen testing can also help improve client relationships and create competitive advantages as well. In certain industries, a demonstrable commitment to security will be greatly appreciated by your target audience. This can help to differentiate you from the competition and provide the trust required to attract more prospective clients to work with you.
Website Security is a Never-Ending Battle
While every business with a website faces tremendous security risks today, this is a proven process that can help to minimise that risk and give you the confidence you need in your site’s security.
Any agency partner you work with should have the knowledge and expertise to understand the importance of pen testing, and should insist on making this an integral, ongoing part of your site’s maintenance.
Would you like these insights straight to your mailbox?
- Configured firewall options, IP access lists, and anti-phishing attack technologies
- Full responsibility for rapidly patching OSes and libraries
- Long-term-supported Linux distributions for maximum security.
- Compliance with ISO 27001/PCI-DSS/TIA-942
- A 100% pass-rate for any data centre audits
- 24/7 data centre staffing with experienced engineers and specialist security teams
- Document review services for your external audits
- Bespoke consultancy available if you have any major certification requirements.
- A fully-managed service provided by a team with decades of experience
- Round-the-clock, hands-on assistance, 365 days per year
- Deep technical understanding and expertise
- Proactive support from dedicated engineering teams and account managers
- High-level consultancy, including advice on new projects and technologies.
- 1,920px – This covers most external computer monitor sizes
- 1,366px – This covers most laptop screen sizes
- 992px – This covers most Notebook and iPad devices
- 768px – This covers most other tablet devices
- 375px – This covers most smartphones.
- Keep your design simple and your content succinct
- Prioritise the preferences and best interests of your target audience
- Make your design elements as clear as possible
- Maintain consistency
- Ensure your brand, and your company’s identity, have been accurately represented through the design
- Use power of visual imagery to capture and retain your visitors’ attention
- Make your call-to-action as strong and compelling as possible
- Don’t create anything that interferes with the goals of your UX.
- Perceivable
- Operable
- Understandable
- Robust.
- Use contrast and blank space to make your content easy to perceive
- Use bold colours
- Use font sizes no smaller than 14px for desktop and 13px for mobile across the whole site (although, this does depend on the font you use)
- Use headings and structure correctly to organise content clearly on each page
- Make all your content easy to both see and hear
- Write all your copy in plain, simple language
- Avoid any flashing or blinking imagery or video content
- Write simple, clear, and helpful error messages.
Hosting
20 June, 2023
Enterprise-Grade Web Hosting Explained
The type of hosting environment you select will have a strong influence on the success of your website. It’s important for you to find a secure, scalable web hosting service that you have 100% trust in to deliver high-performance at all times.
To simplify the options available to you, this article will break down the various types of web hosting services, and explore the non-negotiables we believe you should be considering in your criteria when making your decision.
The Fundamentals of Enterprise-Grade Hosting
Some of the most important things to look for with your hosting environment include:
Security – Cyber security is obviously an essential priority, and this should be top of your list of criteria in the current climate.
Performance – Your hosting environment should be set up in a way that makes your site capable of handling large surges of traffic.
Scalability – As your business grows, it’s likely that your site’s audience will grow. You need a hosting provider with the capacity to scale your services seamlessly to meet your needs, both now and in future.
Resilience – It’s important to ensure your hosting infrastructure is robust, and that it can gauruntee you certain performance levels and up-time.
Support – If anything does go wrong, you need to be assured that you have a quick, efficient support service in place to get your site back up and running as soon as possible.
Sustainability – With sustainability a growing priority on the corporate agenda, the carbon footprint of your data centre may be another important factor in your decision.
Option 1 – Shared Hosting Services
Shared hosting services can provide you with a basic secure server for your website. However, as the name suggests, these servers will be shared with a large number of other businesses. You won’t have any dedicated server of your own with shared hosting.
This approach does have some advantages, particularly in the area of cost. These shared hosting environments can cost as little as £1,000 per year. However, the down-sides to this often outweigh that cost benefit.
In many cases, the low cost of shared hosting services can often be reflected in the performance levels. This is because, with such a high volume of websites hosted on the servers, your performance has no protection if other sites are experiencing high volumes of traffic.
It’s also likely that you’ll only have access to limited support services when any issues arise. Many of the shared hosting options will have a ticketing system for support, where you’ll be at the mercy of the number of requests ahead of you in the queue. This could result in your website being ‘down’ during times where it’s business-critical.
Option 2 – Private Servers with Shared Hosting Providers
Most shared hosting providers will offer the option of having your own private server for an extra cost. This is often referred to as a VPS, which stands for virtual private server.
Rather than sharing a server with thousands of other businesses, you’ll only be sharing with a few others. While this is significantly better than the regular shared hosting options, you can still end up facing similar problems with performance and scalability.
This is another cost-effective approach, though, with some improvements over standard shared hosting. If you rely on an agency to set this up for you, they’ll likely put their smaller clients on a shared VPS and give their larger clients their own dedicated servers to minimise any potential problems.
Option 3 – Enterprise-Grade Private Web Hosting
Often the most reliable and trusted approach to take is to have your own dedicated server, which comes with a wide range of additional benefits.
With this option, your website is placed on its own private server in the cloud, managed by a dedicated team of specialists who offer personalised, hands-on support and ongoing optimisation.
Security
Enterprise-grade security should be a core part of the hosting service you choose, regardless of whether it’s private or shared. However, you’ll be guaranteed far greater security, with drastically reduced risk, when you work with a private hosting service.
For instance, a hosting provider should offer robust protection for your site, including:
Of course, compliance and certifications are another crucial aspect of cyber security these days. While some shared hosting providers may have the basic levels of compliance in place, most private hosting services will boast:
Performance
When taking this approach, you’ll receive your own bespoke service and will be provided with a hosting environment tailored to your specific requirements.
This will optimise everything included in your hosting package, from your preferred caching, loading speeds, performance requirements, up-time, and more.
You’ll also be able to set up a content delivery network (CDN) to make your website faster and more readily available to all visitors around the world.
Scalability
Private hosting gives you the capacity and flexibility to scale seamlessly anytime your website’s traffic increases, or if you have peak times for traffic.
This is an intelligent way to future-proof your investment, with the confidence that your website’s performance will be consistently excellent as the size of your audience increases and your site expands. This also applies to situations in which you need to scale unexpectedly due to short-term increases in demand, ensuring business continuity is always maintained on your site.
Resilience
Private hosting providers have guarantees for their resilience, and for your site’s up-time, covering all possible bases. This even counts for unusual scenarios like floods or fires.
It’s wise to look for a provider who offers back-up and disaster recovery services for the maximum resilience.
Back-Ups: Managed back-up services provide you with a tailored regiment, alongside rigorous testing, for guaranteed restorability.
Multi-level back-ups are taken for you, both locally and remotely, to minimise risk. You’ll also be able to choose from a range of replication technology options for your load-balancing and various fail-over scenarios.
Disaster Recovery: Private hosting providers will also use disaster recovery measures, such as geographically-distributed platforms and back-up data centres, providing you with full assurance that your performance and up-time are always maintained.
Your primary hosting platform will be replicated to a disaster-recovery platform, which means that if the primary data centre is ever out of action for a prolonged period of time you can fail-over to the back-up systems.
While the more basic hosting services can take days to recover in similar situations, which could result in losses of business and even reputational damage, disaster recovery can often be done in a matter of minutes with a private hosting environment.
Support and Optimisation
Trust and confidence in your provider’s ability to deliver on your requirements are a vital part of your hosting service.
It’s highly beneficial to take an approach that gives you – or your agency partner – a close working relationship with your hosting provider. Availability and accountability are much greater with a private hosting service than with a shared approach.
A close working relationship provides other advantages as well. For instance, anytime you want to make upgrades to your hosting environment, they can analyse your traffic and identify the best time and date to do that with minimal disruption.
This is all part of collaborating with your agency and hosting provider, so they understand your unique business and tailor your hosting services. This is all done based on the conventions of your target audience and your specific requirements to deliver the best possible service.
In terms of support, private hosting providers will have powerful automation tools to proactively, continuously monitor your environment. That allows them to resolve the majority of issues before they’re able to have an impact on your site.
This can also involve 24/7 custom alerting systems, as well as a fully customisable monitoring portal, and multi-channel systems to alert engineers rapidly in the event of any problems.
In terms of your overall service with an enterprise-grade private hosting provider, you should also expect to gain:
Sustainability
If your business has sustainability as a priority or core cultural value, then this is another reason to opt for a private hosting service. While it’s not impossible to find shared hosting services with carbon-neutral data centres, it’s much less common.
Sustainability is also a key focus for us here at SoBold as an agency. As a result, we’ve worked hard to ensure we have an environmentally-conscious, carbon-neutral service offering.
The Verdict?
Having a fully dedicated, bespoke private server is usually the preferred choice of web hosting services. This is due to the unmatched levels of security, scalability, and performance that come with private hosting providers.
Of course, it’s important to note that this does also come with a higher cost than other options. However, the benefits and trust gained through their strengths in these key areas ensure strong ROI.
Not only do their flexibility and optimisation provide you with a high-performance website set up for success, but enterprise-grade security and resilience will also minimise your risk and save you significant costs in the long-term.
Would you like these insights straight to your mailbox?
Announcement
24 September, 2022
SoBold is an accredited Living Wage employer
SoBold has continued to be an accredited Living Wage Employer and has formally made a commitment to ensure all new and existing staff contracts are renewed at the Living Wage rate as a minimum.
SoBold has been a Living Wage Employer since 2019 and they are committed to ensuring that all staff are treated fairly and remunerated fairly in line with the Living Wage Foundation.
The new Living Wage rates were announced on Thursday 22nd September 2022 and SoBold ensured that all staff pay is in line with this.
SoBold hope to see more agencies within the technology sector follow suit and become accredited.
SoBold Managing Director, Will Newland said:
We are proud of the people that work at SoBold and we truly care about them. Our staff have always been the life blood of our organisation and it is an absolute no brainer for SoBold to be a Living Wage employer.
Would you like these insights straight to your mailbox?
Digital Business
29 March, 2023
Just How Scalable is WordPress?
When looking at content management systems (CMS), scalability refers to the ability to expand and grow your site with more content, capabilities, features, and functionality.
Your CMS is a long-term investment, and its scalability will have a strong influence on whether or not that investment is successful.
“When sustainable business growth is a top strategic objective, you need full confidence that your web presence can seamlessly scale and evolve to support that growth.”
This requires a platform that allows you to quickly and easily create new features and functionality. Ideally, you should be able to do this without having to invest significant time and resources into additional costly development work.
WordPress is One of the Most Scalable Platforms Around
Evidence of WordPress’s great scalability can be found in the fact that almost 45% of the world’s websites are built on the platform. That includes global enterprises such as investment firm Blackstone, research and advisory leader Forrester, the NHS England, and leading pharmaceutical company Hutch Med.
This is because WordPress websites can seamlessly scale as your needs change and your business grows. You can easily add a high volume of new content to your site at speed without compromising on quality.
WordPress is also renowned for how easily you, or your development partner, can build bespoke features and functionality, so your site can keep evolving with new capabilities to support more advanced requirements.
“No matter the size or complexity of your site, WordPress can provide fast, intuitive development capabilities with ongoing growth acting as a natural outcome.”
Using WordPress at Scale
Developing, managing, and maintaining a high-performance website at scale is a complex challenge. For that reason, it’s important to work with an experienced web design and development agency who can enable continual growth and support you through it.
Part of your agency’s services will include configuring your platform, and building your site in the back-end, in a way that encourages long-term scalability. We’ll explain our own approach to this in more detail in the next section. But first, let’s look at some of the fundamental ways to use WordPress at scale:
Bespoke Features and Functionality
If you want to build out your website with new capabilities, WordPress stands above all its competitors thanks to its ability to develop bespoke features that are unique to your site.
WordPress is built on PHP, which is the most popular development language around, as it’s currently used by over three quarters (77.5%) of all websites with a known server-side programming language. With PHP, WordPress has a significant advantage over other CMSs, because it allows you to create virtually anything and integrate it with the platform.
WordPress Plugins
WordPress also comes with a vast range of plugins, which can help with adding to, and enhancing, the existing functionality of your site. Plugins are an essential aspect of WordPress development, but it’s crucial that you only choose the most reputable, tested, and proven plugins.
Your agency partner should be experienced in this plugin selection and use their past experience to recommend the best ones to use for your specific requirements. Your agency partner should also be able to advise you on how plugins will scale with increases in website size or traffic volume to help preserve your site’s performance.
Using plugins that are not regularly updated, or that come from unknown development owners, could harm your site by making it heavier, slowing down your page loading times, and possibly even creating security vulnerabilities.
Using a particularly large number of plugins is another situation that could result in slower loading speeds or other performance issues. Be mindful that use of plugins can reduce the bespoke development time needed to build your site, and the use of too many plugins could cause performance issues. If you find yourself in this situation, it could be an indication that your development partner might actually be taking shortcuts.
The Importance of a Trusted Partner
Whether you’re using plugins or building new bespoke features, your agency will be able to take care of all of these crucial aspects of your development for you. Their support and guidance will ensure you can expand your site freely without running into any technical issues.
Once you have everything you need in place, your agency will then be able to accelerate the speed at which you can scale moving forward. A great agency partner will also provide you with ongoing education and support, allowing you and your team to build your site out easily and efficiently by yourself too, whenever you want or need to.
Taking a More Scalable Approach – Building with Blocks
While many agencies still use a more traditional method of developing sites with WordPress, taking a block-based approach provides even greater opportunities for dynamic scalability.
As an alternative to the time-consuming practice of inputting text and images into a rich text editor in your CMS, the block-based approach allows you to create each page on your site more easily with a set of pre-built components.
Components are blocks of code with pre-defined style and input types. You can use and re-use these components across multiple pages of your site to scale it at a much faster pace. Any time you want to create a high volume of new content, you simply pick your already-built components and place them in the correct positions.
This is an approach that enables virtually limitless growth of your website at speed with a high level of quality and accuracy. Building components that can be reused across your site will also deliver added benefits like increased efficiency and reduced costs. This in turn provides you with more time to focus on developing better services and experiences for your site visitors.
The block-based approach to building websites is another way to make your WordPress platform leaner for better performance as well, because it removes the need for a bloated library of unnecessary plugins and features.
An Enterprise-Grade CMS
Scalability should be a key aspect of your criteria when selecting a CMS to build a website. Rapid growth and flexibility are crucial for your platform of choice.
Despite some still mistakenly thinking it might not be up to the task, you can use WordPress to build large, robust, high-performance sites at speed, and easily adapt them as your requirements change.
This arguably makes WordPress one of – if not the – best CMS options available today. When you look at some of the world’s leading businesses currently using the platform to great success, that argument becomes much easier to appreciate.
Like with any CMS, though, the key to successful scalability is having the support of an experienced, trusted agency partner behind you, ensuring you’re leveraging the platform to its full potential.
Would you like these insights straight to your mailbox?
UI Design
15 May, 2023
What Does Successful User Interface (UI) Design Look like?
As part of our web design series, we recently explained the process we follow when designing the UX of a website. If you’ve not read that already, it will be useful to go and have a look first before reading this article.
A study by Forrester Research has found that a well-designed UI has the potential to increase your website’s conversion rates by up to a 200% while UX design could raise conversion rates by a staggering 400%.
Whether you’re working with a web design and development agency or an independent designer, this process is equally important. Nailing the UI design process is a crucial step towards producing a website that will maximise engagement with your target audience and help you achieve your business goals.
So, let’s take a detailed look at how to run a successful UI design process.
User Interface (UI) Design at a Glance
The UI design process is the creation of the visual design elements of your website. Think about UI as the way in which you convey your brand’s visual identity and bring your UX to life. The UI is there to facilitate the UX.
How Does the UI Design Process Work?
Earlier in the process, we recommend conducting a visual exploration exercise, using mood boards to gain a clear understanding of how your brand will be conveyed and how your website will look and feel.
That visual exploration phase of the project is a pre-cursor to your UI design, as it creates the visual identity of the website, including use of colour, font, blank space, buttons, and more. Some agencies do this as part of the UI phase, but here at SoBold we like to keep it as its own stand-alone phase. You can learn all about the visual exploration phase and how it works here.
After you’ve been through the UX design process, you’ll have approved a set of wireframes, which give you a blueprint of your website’s structure and flow before anything is built properly.
Once you’ve approved those wireframes, then the visual design created with the mood boards will be applied to bring them to life. This is essentially how you create your UI.
Your agency will typically begin with the design of your website’s homepage. Like each phase previously, you can expect this UI design process to be collaborative. Be prepared to have all the stakeholders available to provide feedback to your agency, and work with them to perfect the design when it’s combined with the wireframes.
Once the homepage is approved, your design will then be applied across all the pages of your site. Again, this is an iterative, collaborative process based on feedback and revisions.
Responsive Design Testing
On completion of the desktop designs, your agency partner will work on designing the site across multiple break-points. To ensure your site is responsive across all the most popular devices, the following break-points should be tested as a minimum:
You’ll then reach the exciting part, where your website is fully designed for you to view, test, and play around with. Once you’re happy with the design across the different break-points, your agency partner will be ready to prepare the design for a development handover.
What Does Effective UI Design Involve?
Good UI design is something that should feel seamless and almost invisible to your visitors when they land on your website. The aesthetics and visual style should be simple and engaging, while not distracting from the UX.
These days, you only have a matter of seconds to make a positive impression that can retain your visitors’ attention, so it’s crucial you don’t over-complicate things. But what differentiates good UI from bad UI in practical terms?
Like with UX design, there are some best practices you can follow to ensure your website has an effective, attractive UI.
Follow these guidelines to create a UI that delivers the desired experience for your visitors and supports your website’s strategic objectives:
Check out our related article for seven helpful tips to ensure your website is designed with great usability here for additional guidance.
The Importance of Accessibility
Accessibility is the practice of making technology as easy to use as possible, and fully accessible to everyone. While web accessibility is largely intended to help people with disabilities gain better usage of technology, it’s also much broader than that.
There are people who have difficulty using certain types of, or aspects of, technology who don’t have a disability. For instance, someone with deteriorating eyesight may find it difficult to read small text on a smartphone screen.
It’s also important to ensure your website is as easy to use as possible for the average person as well, because you should always strive to deliver the best possible UX for all your visitors. Accessibility is a key driver of this.
The Web Content Accessibility Guidelines (WCAG), which are used to define what constitutes good accessibility, lists four key principles of web accessibility that should be followed by all websites.
This means your website must be:
Web accessibility is an important topic, so we’ll talk more about that in a separate article. For now, it’s worth noting that any web design and development agency you work with should consider accessibility a top priority when designing the UI of your website. If they don’t, you should challenge them and ask why not.
Here at SoBold, this is built-in to all our design processes. We believe that all technology should be inclusive and equally available to everyone, regardless of their physical ability, location, personal background, or any other factors.
Some design best practices that we’d recommend you always follow to ensure your website is fully accessible, from a UI design perspective, include:
Preparing Your Website for Development
As you can see, UI design is mainly a case of applying the visual design that was created with the mood boards to your UX wireframes with the agreed flow. Good UI is no more than a clean, simple design that accurately represents your brand identity. While it sounds straightforward, it’s important to remember this is just one phase in the holistic, end-to-end process of web design.
To conclude the design process after the UI is complete, your agency will prepare your site’s designs for development. To learn how this process works, understand what to expect, and ensure your own web development process runs smoothly, read our next article in the series here.
Would you like these insights straight to your mailbox?
Company Milestone
28 August, 2017
SoBold has become the exclusive digital partner for Clanwilliam Group
As of September 2017, SoBold has become the exclusive digital partner for Clanwilliam Group.
About Clanwilliam Group: Clanwilliam Group, headquartered in Dublin, Ireland, operate a number of industry leading brands in the private and public healthcare sectors across the Republic of Ireland, the UK, Australia, New Zealand as well as other worldwide locations. Formed in 2014, Clanwilliam has rapidly expanded in size, now with over 15 brands under the Clanwilliam Group umbrella. Clanwilliam is driven to establish itself as a global group of highly synergistic healthcare technology and services businesses.
About SoBold: SoBold Digital Marketing, founded by Managing Director Will Newland in 2014, work with companies and brands deriving from an impressive multitude of sectors including Healthcare, Fitness, Luxury, Hospitality and more. With a growing portfolio of over 80 brands, SoBold has a proven track record of delivering expertly crafted digital marketing solutions to help small and medium sized businesses grow and flourish.
We are delighted to become Clanwilliam Group’s exclusive digital partner. Clanwilliam is rapidly increasing their reach in the Healthcare sector and we at SoBold are proud to work with them to implement a powerful digital strategy.