all the clients i have met face to face on one hand. That is because 90% of my work is obtained through intermediary companies that connect freelancers with clients across the globe. as convenient and helpful as it is to have access to such a large marketplace, it also means I am competing with people of all skill levels across international borders. I need to earn X a month, but my competitor who is also bidding on the same project may require much less due to favourable exchange rates, lower costs of living in their country and other such factors. I often find my bids undercut by ridiculous amounts and of course there is a trade off between expertise and price. These "cheap" bidders are who many will blame for the lax security on your newly built website. "Well, if you had paid a little more you wouldn't have these loop holes". but that is just not the case! with common sense should realise will yield inadequate and insecure programming. Your new website will contain endless amounts of personal data yet you set a budget of $10 Usd an hour for a prospective programmer. Of course you will find someone to work on the project, but the quality of the security will not be top notch and worse possibly below the legal requirements. so you increase the hourly rate to $80 USD. Good, now you can assume that any applicant's abilities will be sufficient to keep your data secure. But how do you truly know? What questions do you ask a potential programmer to check their knowledge of securing data, if you yourself are relying upon them to secure your website properly? audits on their websites and to search for security vulnerabilities. i have come across websites that store passwords in plaintext, websites that do not cleanse or sanitise any user input they pass to a database and websites that allow the uploading of any file type and execution of said files. These websites are not just little hobby websites either, some have been websites with thousands of subscription paying members. on more than one occasion user's email addresses were stored next to a plaintext password, which i am certain if i had tried to use on their email account, the majority would have worked. Worst of all the website owners often have no clue of the gaping holes in their websites or the consequences of such simple mistakes. In their mind they have already paid for someone's expertise and that should have been sufficient to secure their websites data. functionality. however i will always notify them if there are any obvious security holes in their websites I come across while working. To my amazement they will push that under the rug often saying "We can ignore that, please just add the functionality i requested." technical know how, how can you be sure your website is secure? Equally as a website's end user, how can you be sure that the website you just passed your email address and password to are acting responsibly to secure the storage of them? combine multiple languages and technologies, so an accreditation in one does not necessarily cover their disclosure agreements, but they should be able to show something. This will help you to gauge the competency of a developer by asking questions they cannot rehearse and perfect their answers to. if possible hire a prospective developer for a small portion of the project as a test of their ability and your working relationship. creating complex functionality. He worked part time under the guise of King Kreations before and throughout University to pay his fees, but upon graduation decided to commit himself full time. In the two years since then, Max has worked on more than 80 separate projects for individuals up to multinational corporations across all industries and all requirements. http://www.kingkreations.co.uk |