Always interesting to see how others approach a launch. This got me thinking, though. Would it be useful/fun to crowd source launch checklists? Maybe something where people could submit their list and then everyone votes items up/down. I think it'd be cool to have a definitive list that was voted on by hackers everywhere. Sort of a faux industry standard checklist.
This is the basic premise behind a site I made a few months ago. a checklist wiki where you can find a checklist that will probably include things you hadn't thought of. It is up at todowiki.com. There are very few things there right now, and wiki-spam is rampant, but I'm trying.
* The description tag may be used to display along with a page's title.
* Neither description nor keywords meta tag have much impact for SEO.
Personally, I don't use the keyword meta tag and I may or may not use the description meta tag.
Somewhere out there, there is a search engine that still uses keyword tags for something significant, but I doubt that search engine is Bing (which now powers itself and US/Canada Yahoo).
Yes. Google will (sometimes?) display what you put into <meta name="description" content="here" /> as abstract on the search results page. This makes it very easy to optimise what people see on there instead of making Google guess what to show.
If necessary? Seriously? You are trying to tell me that you are not convinced that someone who should do all of the other steps listed might not need to worry about security?
The level of security knowledge required to do decent penetration testing is a relatively rare skill and therefore often necessitates bringing in a third party which can skew the cost/benefit quite badly.
You're often much better off saying that your site has a certain level of security because it's built in default thing X until it grows a bit.
Generally you'll know already if you're in a market or field where penetration testing is absolutely necessary(finance, health, well known brands etc) and it won't be a question.
If you just have a sales website its probably not high on your list of priorities no. Same with anything that doesn't collect data (IE presentation only) or an expensive paid for service with a long sales cycle.
In all of the above cases I would consider security while creating, but I wouldn't do a lengthy pen test while trying to get the product out there. Of course that's also dependent on your target audience.
You are your brand. If your homepage gets turned into a billboard for goat.cx you are owned in more ways than one...
There is really no point in us discussing this further. We have dramatically different assumptions on the importance of security and the value of a company's image/reputation.
I didn't say it wasn't a priority, or that you should leave yourself open to being totally owned, just that executing a pen test against your new website is probably overkill in some situations.
To put things in perspective, think of the following typical situation: Website relaunch for a small company, total budget is $4000, cheapest quote you got for penetration testing is $300. Good luck selling that as a line item to a client whose email password is "123456".
Thank you for the clarification. From the discussion of deployment, development and marketing teams and the TV promo I thought it was aimed at a different demographic.
