At echodevelopment.io, we take security seriously, and we understand the importance of protecting our clients' applications from vulnerabilities like SQL injection. Our team of developers follow best practices to ensure that all applications are properly secured, including implementing measures to prevent SQL injection attacks. We use techniques like parameterized queries to ensure that user input is properly validated and sanitized before being used in a database query. We also stay up-to-date with the latest software updates to ensure that any vulnerabilities are patched as soon as possible. By partnering with echodevelopment.io, you can trust that your application will be secure and protected from SQL injection attacks.
Today, we will discuss one of the most famous examples of SQL injection, Bobby Tables.
Bobby Tables is a character in the webcomic xkcd. In the comic, Bobby is a student who tries to insert his name into a database but inadvertently causes a SQL injection attack. Bobby's last name is "'); DROP TABLE students;-- " and he enters it into a web form with the intent of causing mischief. The web form is not properly secured, and Bobby's name is injected as SQL code, causing the database to execute the code and potentially expose sensitive data.
This comic may seem like a light-hearted joke, but it highlights a serious problem that developers face. SQL injection is a type of attack where an attacker inserts malicious SQL code into a web application's input fields to manipulate the database's behaviour. Attackers can use SQL injection to gain access to sensitive information or even take control of a website.
So, how can we protect our applications from SQL injection attacks? The first step is to understand how SQL injection works. It happens when an application does not properly sanitize user input, which allows an attacker to inject SQL code into a database query. To prevent SQL injection attacks, we need to properly validate and sanitize user input.
One common technique for preventing SQL injection is using parameterized queries. In this method, placeholders are used for user input, and the input is bound to the placeholder before executing the query. This ensures that the input is properly sanitized and prevents SQL injection attacks.
It's also important to regularly update your application's software components, including libraries and frameworks, to ensure that any vulnerabilities are patched as soon as possible.
In conclusion, SQL injection is a serious vulnerability that can cause significant harm to an application's security. The Bobby Tables comic may seem like a humorous anecdote, but it serves as a reminder to developers to properly sanitize user input and protect their applications from SQL injection attacks. By understanding how SQL injection works and using techniques like parameterized queries, we can prevent SQL injection attacks and keep our applications secure.
Want to know more? Why not get in touch?
Multifactor authentication (MFA) is a security measure that requires users to provide two or more forms of identification before accessing a system or application. MFA is becoming increasingly important as cyber threats continue to evolve and become more sophisticated. In this blog post, we will discuss the importance of MFA and why it is a crucial aspect of modern cybersecurity.
One of the main benefits of MFA is that it greatly reduces the risk of unauthorized access. Passwords, while still widely used, can be easily compromised through phishing attacks, social engineering, or simple guessing. By requiring multiple forms of identification, MFA makes it much more difficult for hackers to gain access to sensitive information.
Another advantage of MFA is that it helps to ensure that the person accessing the system or application is who they claim to be. This is especially important for sensitive information such as financial data or personal information. By requiring multiple forms of identification, MFA helps to ensure that only authorized individuals have access to this information.
MFA also helps to protect against account takeover attacks. These attacks occur when a hacker gains access to a user's account and uses it to steal sensitive information or commit fraud. By requiring multiple forms of identification, MFA helps to ensure that only the legitimate user has access to the account.
In addition to these benefits, MFA is also becoming a regulatory requirement for many industries. The healthcare industry, for example, is subject to strict regulations regarding the protection of personal health information (PHI). MFA is a requirement for protecting PHI as outlined by HIPAA regulations.
In conclusion, multifactor authentication is an essential aspect of modern cybersecurity. It greatly reduces the risk of unauthorized access, helps to ensure that only authorized individuals have access to sensitive information, and helps to protect against account takeover attacks. As the threat landscape continues to evolve, the use of MFA will become increasingly important for organizations of all sizes.
This is why echoDevelopment always set these up, along with proper Password policies. If you would like to discuss your current system, or a new one, with the security and log on please Get In Touch
Process mapping, is a planning and management process that shows and describes a workflow. It shows a series of events that create an end product. That end product can be a physical item or a piece of software, or even your organisational chart.
They can be know by different titles like, flowchart, process flowchart, functional flowchart, process model, workflow diagram and a number more.
They are detailed, showing who or what is involved at every single small stage. They can be used for every business, from single employee to larger organisations, where they can show where improvements or automation can be found.
Finding improvements and efficiency with in a business is the main reason for creating you process map. In the process of completing the map, you can give an insight to process, they help the team come up with new ideas for improvements, they can increase communication, and provide a finished document that can be provided to new starters. By identifying the boundaries of the process, where responsibilities and ownership is and define effective measures or metrics. During the process you can see potential bottlenecks, repetition and holdups.
Process mapping, will give an a business a much better understanding of a process they use. You can not cover everything in a business with one process map. Some can be linked, but they will never cover an entire businesses flow. This can be broken down in to the many parts of a business, such as Finance, Sales, Purchasing, Accounting etc.
Highlighting waste can streamline work processes and enhances the understanding of the business. You can communicate the details of the process rather than just writing instructions.
Process maps are used to:
Process maps can give time savings and simplify projects as:
When echoDevelopment are looking at a system, whether it is a brand new one or for a new feature, we need to understand the process you want to achieve. Just asking for a system to send an email, does not give us enough information to provide a working service.
With a new system, it is a massive benefit to have that process completed. Whether you do this yourself, or if you ask us to come in and help with it. Understanding the process or processes you wish to change, improve or automate, allows us to work out how we are going to code and build your system.
If you have multiple different applications, doing parts of a process, having these planned out, will allow us to see where the connections are required. Knowing the responsible people for each part can show automations and improvements.
We will ask questions like:
If you are considering a new, bespoke software solution, have you created you process map? Would you like a view point? Why not give us a call for some insight?
Over recent years there has been a movement to pay monthly, or subscription models for most things. IT support and cyber security, TV services at home and more have moved to this as vehicles did many years ago.
Microsoft pioneered this for software with Microsoft 365. Your software is kept up to date all the time, development is always on going and there are improvements to moving to the latest version with out having to place an order, or laying out a large sum of money.
The service is predominantly for cloud based software as well. Where the software can be accessed from a web browser. This means its easily accessible and is easier to deliver from a vendor point of view. If there is a technical issue, its covered for you and you don’t need an in house IT department to deal with it. In the bespoke software world, such as here at echoDevelopment, we also offer support contracts for extra development or supporrt.
With having this support included, you can achieve more integration, improved security and extra customisation.
By using a SaaS solution from echoDevelopment, it can provide more flexibility and savings, especially when compared to an off the shelf product. You can have everything you require and the system work the way you want it to. It can be as complex or as simple as you want to be. Plus you have competent technical support at the end of the phone and email - we don't outsource!
But lets take a bigger deep dive into SaaS!
It is a model of Software delivery, where a software developer builds applications, mainly in a Cloud Computing environment, and delivers them to their clients via the World Wide Web. The software can be accessed by any device with an internet connection and browser.
As with other cloud offerings, SaaS gives businesses the chance to change their market place whilst having a fair pricing model for their software.
Some of the pros with a SaaS from echoDevelopment are:
Run the service from anywhere with an internet connection and a browser
There is less need for equipment updates, for installation or need for licensing management. At echoDevelopment, we offer our SaaS solutions as a fully managed service.
There are no large upfront development costs, and the investment from SaaS is flexible to suit needs. This also helps facilitate ongoing changes as business requirements evolve.
You don't have to manage the infrastructure or worry about scaling, we handle this for you!
We store all data in the UK and have a comprehensive backup policy, so you can rest assured knowing that your data is fully protected.
Every business has different analytics they want to monitor, with something bespoke, you tell us what you want and we'll build it.
The software is kept up to date with best security practices and patching to fight of any issues before they happen. But if you do run into a problem, you can rest assured knowing you have us at the other end of the phone.
It may seem to odd, but the biggest pro to SaaS is also the con - you need an internet connection. So as long as you have a good connection, you will be able to access it. Stuck in the depths of a valley with no signal and you wont. But with the growing availability of 4G and 5G, plus better Fibre, broadband and Wi-Fi, this is less of a problem.
The other cons are:
Some suppliers will take full control of development. We make sure to maintain communication with our clients to keep them well informed and to make sure that we head in the direction they want.
Some suppliers will provide a single SaaS for multiple clients. We don't really do this, we build a SaaS for a single client, which ensures they have full control over any changes they want.
Depending on server hosts, some servers may be slower. We use AWS servers which boast blisteringly fast speeds. We also ensure that we remain as responsive as possible to ensure our clients remain satisfied with our service delivery.
While the software is kept secure, a client should take strict measures with sensitive data. We are delighted to hold an ISO 9001 & ISO 27001 certification to demonstrate our commitment to Quality and Information Security.
Want to know more? Why not get in touch?
Our main programming language is PHP. And there has been a rise in the number of different languages around. Others have become more popular, such as Python, as they are easy to pick up and deploy.
But that said, over three quarters of all web systems are powered by PHP!
PHP is a backend programming language, executed on a server, which sends dynamic content to the end-user. You can run the language on just about all Operating systems, from Windows to Linux. PHP is a scripting language most suited to web based development and it has pros on every angle.
When developing a system, there is a high skill level for any programmer/coder that comes with a knowledge base and time. Then there is the licensing and purchase of the frameworks, plugins and software to do the development. PHP is open source so the investment is lower, with higher level of community sharing and knowledge.
As PHP has been around a while, it has a huge library of functionalities and can work with a massive range of plugins. It also works with most databases, such as MySQL, Postgres, MongoDB, etc. This means that PHP can be built to work with your existing databases, rather than needing to install something entirely new.
PHP can be relatively easy to use and learn, because there is really comprehensive documentation, support communities and information around. Once you have the basics, it is then about being able to make it yours.
As a developer, It's important to continually learn and develop your skills. Doing this lets you create better systems and provide the best service to your clients.
Changing the language a system is built on is expensive! It can be a complete rebuild which is like knocking your house down and digging up the foundations, to start again. So having an experienced developer that can use PHP, means you can upgrade and edit every time PHP introduces new features.
We have mentioned it before, but it’s the community. In this community there are developers and corporate sponsors, and its used by 90% of the top 1million sites across the internet, including Facebook and Wikipedia. Along side this, WordPress, the worlds go to for websites is built on PHP.
PHP is going nowhere, whilst there is air to breathe, there will be PHP online. You can find developers to get on with projects and who can get straight on with it. With security, performance and growth being at the front of most peoples minds, having a system that can do this is huge - and PHP is the one to do this through.
Let's start with what a password manager is. It is a service, mainly online, that can store all of your passwords and valuable data (such as card details), it can handle your Multi-factor Authentication (MFA/2FA) as well. It uses military grade encryption to protect your data, and creates extremely strong passwords for your accounts, doing the work for you and stopping one of the largest holes in your current security - weak and easy to guess passwords.
All you need to do, is remember one password and authenticate it when you log in. Password managers work on your browser, mobile devices and on your computers. Once logged in, you can set it to automatically fill in the details for you on login pages.
Well that’s simple. The ones built into you web browser only work when you logged in to the browser and there isn't as much protection - they are free for a reason! But password managers a brilliant tool that can increase your security, make it easier to access details and more importantly to manage your business.
When a member of staff leaves, where are they keeping company passwords? Where are they keeping company credit cards details? With a centrally managed Password manager you can access some of the information. You can also create teams to share details, so when a password is changed, it changes everyone's without having to write an email or send a memo. Your IT department can manage it, if you don't have an IT department we can help you with this or talk to your IT Support Account manager.
Up to 4 out of 5 adults are not using a password manager at the moment, and it could be costing you money! Every time you call a software engineer on your bespoke system you could be paying them an hourly rate to fix the issue and to send a reset link, or your wasting time waiting for the email with a password reset link to come in.
What about all of your current passwords? Well as you enter them, they will be judged - that may sound harsh, but the system will look to see if it meets the criteria it works to. If they don’t, or they match another in the manager, it will notify you.
The password manager itself cannot access the details or data itself, as the data is encrypted as it leaves your device. Its called zero-knowledge and means you are working at the right end of security.
Pick one that fits your business, they can start from £3 per user per month, don’t go cheap or free.
Make sure the plan you pick has the features you're wanting from a Password Manager, such as Emergency Access.
As you setup your account, you'll need to create a master password. This is the only password that you have to remember - make sure complex enough to make it difficult for others to guess, but that you can remember. But don’t use the same one as another of your accounts.
Make sure you setup Emergency Access. If you forget your password or are unable to login, predefined people can make the request and after a period of time, they'll be granted that access. Make sure the waiting period is long enough that you can block any unauthorised requests. Remember, if you forget your password and don't have Emergency Access setup, that's it, you're locked out unless you have a centrally managed one with an IT Support company, who will have some access to change it for you.
Once you're set up, you can download and install the software to your devices. You can find download links on your password manager's website, or in the device store, for any other devices you may want to use it on. If your password manager offers a browser extension, install it - it will make auto-filling your passwords on sites much easier.
After that, you'll need to add your current passwords. A lot password managers offer simple ways to import your passwords from various locations, such as your browser or a spreadsheet. If you don’t have this you can do it manually.
Once your passwords are in, you're set. As long as you are logged into your password manager, it will offer to auto fill your information as you visit the sites and services you use. It will also offer to save new, secure login details as you create new accounts – increasing your online security.
Our preference is LastPass, but others are available such as 1Password and Keeper. Why not give us a call for some FREE advice on what to do?
Credit
Mobile website vector created by pch.vector - www.freepik.com
Web security vector created by storyset - www.freepik.com
Russell IT Solutions Ltd started almost a decade ago when our MD Stephen, was made redundant from his family's ISO Consultancy Business. Even though Stephen can fix computers, manage servers and occasionally sort out printer issues, his passion has always been coding. Especially building systems that make businesses more efficient and compliant.
When creating the business, the name Russell IT Solutions was chosen, businesses that had used our skills knew who we were and what we did, so it made sense. However, as we have spread our wings and grown, some potential clients, and those around us have noticed the similarity to IT support and IT managed Service providers. We needed to separate ourselves. So the only thing to change is the name.
What does the name mean? That’s easy!
echo
A command that outputs the strings that are passed to it as arguments. It is a command available in various operating system shells and typically used in shell scripts and batch files to output status text to the screen or a computer file, or as a source part of a pipeline.
That’s the technical explanation which means lots to us. But think of it as a command that allows a message to be repeated on screen. It is like printing in code, when saying hello world we actually write echo 'Hello World';
Development
Development is about delivering a proper product and maintaining it.
Development encompasses the processes of creating a complete package to the pleasure and satisfaction of end users. This feeds directly in to what drives us.
The font is indicative of what we see when are developing systems. It provides clarity in viewing unlike some other texts. Having the connection to the code also shows more of what we do.
The {Braces} are used to allow the code know that it is a action that needs to be executed (similar to a 'do' command - maybe Stephens Wife needs to use these braces when asking for the rubbish to be taken out!)
If you have ever mistakenly opened the code in Chrome, you may have seen it this colourful. The blue and red we are using is what we use in Visual Studio Code (VSC).
The red is also a great reminder of the legacy we leave and means the colours in the new office don’t need to change. Even the RAM in Stephens PC are red!
The highlights are symbolic of the highlighting in code that is used for finding repeated elements. We are human and mistakes happen. Finding an error using highlights means we can solve issues quickly, as highlighting a variable will highlight it everywhere else on the page.
Rebranding was not an easy decision, but we embrace change. Being in Development means we are always maintaining systems and making improvements. We can offer new and improve solutions to our clients, finding new ways to do things. But after nearly a decade we need to make sure people understood what it is we do. We don’t fix PCs when they are slow (we have a partner for that), we don’t build websites (we have partners for that). What we do, is write business systems that make our clients lives easier while protecting our clients from Cyber Crime.
The final things to change are our telephone number, which we have made generic. As our clients know we can operate with clients across the globe, so being tied to a location doesn’t make sense. Then there is the change of email address/domain, which just fits the name.
We would love to know your thoughts. Follow us on LinkedIn and Facebook, and leave us a message to say how great this all looks.
Got questions about what we do? Then get in touch now.
