all the clients i have met face to face on one hand. That is because 90% of my
work is obtained through intermediary companies that connect freelancers
with clients across the globe. as convenient and helpful as it is to have access
to such a large marketplace, it also means I am competing with people
of all skill levels across international borders. I need to earn
X a month, but my competitor who is also bidding on the
same project may require much less due to favourable
exchange rates, lower costs of living in their country
and other such factors. I often find my bids undercut
by ridiculous amounts and of course there is a
trade off between expertise and price. These
"cheap" bidders are who many will blame for the
lax security on your newly built website. "Well, if
you had paid a little more you wouldn't have these
loop holes". but that is just not the case!
with common sense should realise will yield
inadequate and insecure programming. Your new
website will contain endless amounts of personal data
yet you set a budget of $10 Usd an hour for a prospective
programmer. Of course you will find someone to work on the
project, but the quality of the security will not be top notch and worse
possibly below the legal requirements. so you increase the hourly rate to $80
USD. Good, now you can assume that any applicant's abilities will be sufficient
to keep your data secure. But how do you truly know? What questions do
you ask a potential programmer to check their knowledge of securing data, if
you yourself are relying upon them to secure your website properly?
audits on their websites and to search for security vulnerabilities. i have
come across websites that store passwords in plaintext, websites that do
not cleanse or sanitise any user input they pass to a database and websites
that allow the uploading of any file type and execution of said files. These
websites are not just little hobby websites either, some have been websites
with thousands of subscription paying members. on more than one occasion
user's email addresses were stored next to a plaintext password, which i am
certain if i had tried to use on their email account, the majority would have
worked. Worst of all the website owners often have no clue of the gaping
holes in their websites or the consequences of such simple mistakes. In their
mind they have already paid for someone's expertise and that should have
been sufficient to secure their websites data.
functionality. however i will always notify them if there are any obvious
security holes in their websites I come across while working. To my
amazement they will push that under the rug often saying "We can ignore
that, please just add the functionality i requested."
technical know how, how can you be sure your website is secure? Equally as
a website's end user, how can you be sure that the website you just passed
your email address and password to are acting responsibly to secure the
storage of them?
combine multiple languages and technologies, so an
accreditation in one does not necessarily cover their
disclosure agreements, but they should be able to show something.
This will help you to gauge the competency of a developer by asking
questions they cannot rehearse and perfect their answers to.
if possible hire a prospective developer for a small portion of the
project as a test of their ability and your working relationship.
creating complex functionality. He worked part time under the guise of King Kreations
before and throughout University to pay his fees, but upon graduation decided to commit
himself full time. In the two years since then, Max has worked on more than 80 separate
projects for individuals up to multinational corporations across all industries and all
requirements. http://www.kingkreations.co.uk