Share This Post

Startup

What Every Non-Technical Person Should Know About Hacking and Coding

 

A fellow Rodinhooder had an unpleasant experience dealing with web security a few days back. The confusion surrounding the event prompted me to write this post.

Link to the original post: Click Here

1. Hacking is Not What It Sounds Like

No, hacking does not always mean a 20-year-old bespectacled geek entering your server through the back-door of your server on his matrix-like laptop screen. Hacking is not the same as exploiting vulnerabilities. Let me explain:

A prominent educational institute publishes its exam results online. To check your result you need to enter your roll number and press enter. A person was able to extract the results of all the people who appeared for the exam, and posted it in a spreadsheet online. Is this hacking? No. He simply wrote a small computer program that used permutation and combination to fill in all the possible roll numbers, and save the results. Writing such a program isn’t difficult.

He didn’t hack into the system. He simply exploited a lame-ass vulnerability left behind by the incompetent developers. Using a simple captcha (‘enter the letters you see in the image’, remember?) could have prevented this outcome.

So, what is my point? More often that not, hacking means exploiting a simple vulnerability left behind by your web developer.

 

2. Do Not Use Custom-built Solutions

Do you really think that your custom-built content management or e-commerce solution, made by an an Indian IT company whose website looks like it was made in 1995 in a Word Document, is better than than the likes of WordPress and Shopify?

WordPress and Shopify are made by some of the best tech companies in the world. They have engineering talent you can’t find in the best and biggest tech companies of India. Some of their engineers get paid more than the turnover of the IT company you hired. These companies have deep pockets, and are using their best talent to make a product, and polish, and refine it year after year. Can your 6-months-start-to-finish custom made solution outdo them?

You: But these solutions don’t provide the flexibility and options I need

Me: In 9 out of 10 cases, they do. Your IT-service provider won’t tell you that because he knows that he can extort a lot more money out of you by making a stupid solution from a scratch, than implementing WordPress (which, by the way, takes 10 minutes). If you have the right people around you, they will tell you so. WordPress is used by companies like The New York Times, CNN, Forbes, eBay, and TechCrunch. They’re bigger than you.

A popular solution will handle 99% of the security issues for you. Now if you keep your username as admin and password as password, you really can’t blame your solution for that. That’s your 1% to work out.

Some of the best standard solutions:

  • ECommerce: Shopify, Magento and WooCommerce
  • CMS: WordPress and Joomla
  • Support: Zendesk
  • Social Network: Ning
  • Forum: phpBB and vBulletin

3. Do It Yourself

If your code is of secondary importance to your business (e-com, online forum), and you are a non-technical person, you can hire developers (and work closely with them) to take care of this, while you focus on the core competence and your area of expertise.

If the code / technology is of primary importance (booking sites, blogs, web portals, social networks, web apps, mobile apps) you should do it yourself, and then build a team as things grow. If you don’t know how to code, learn it. If you think you don’t have the time to learn, you probably should have stuck with your job.

Three years back, I wanted to make an income tax efiling portal. I was from commerce stream, and had absolutely no knowledge of coding. Fortunately, I was 17 and didn’t have any money, so I couldn’t hire anyone. I taught myself coding, and in the first 3 months, I made a MVP with my rudimentary knowledge. Disappointed, I tore it down, and re-built it from a scratch, taking another 9 months. As I learnt more about web development, I wanted to again build it from a scratch, using superior technology. Fortunately, I didn’t. I moved on to a different project.

I can say with certainty that had I hired someone else to build the portal for me, the end product wouldn’t have turned out half as good as the last iteration of the portal I had made with no prior knowledge of coding.

These IT companies don’t understand your vision, even if they do understand the architecture of your project (which I seriously doubt, though). You can pay them to build your project, but you can’t pay them to love it.

 

4. If You Are Building it From a Scratch, Hire the Right People

You can’t make your website hack-proof, or error-proof. What you can do is achieve a higher level of assurance by working with the right set of people, and writing reliable and scalable code.

For a non-technical person, it can be very difficult to find developers who understand development. Good developers cost a fortune. There are freelancers out there who will work their arse off for $5 an hour, and then there are developers who know their shit and will charge over $300 an hour.

You: So, how to find the right company to handle your project?

Me: I have a few pointers on who to stay away from:

  1. Stay away from cheap and desperate freelancers
  2. Stay away from boutique IT companies
  3. Stay away from companies who use words like outsourcing, SEO, temporary staffing
  4. Stay away from companies with an ugly website (now that would probably rule out all Indian companies)

You: but who do I hire?

Me: I don’t know, really.

Comments

Share This Post

19 Comments

  1. Wonderful post Nishant,

    You seem to have written it at the right moment at least for me. I have a client who has a news website for which he paid a hell lot of money cause the developers built it on custom CMS and I was like wth why didnt you build it on wordpress!?. And there is nothing great about the website also , it sucks actually. When I suggested her to migrate to WordPress he taught I am trying to make money from him. Sometimes,its so difficult to convince some people about these things. 

  2. Apt and Precise.. Very good post..

  3. hi , nice view but still there is much that is needed to include CMS or framework doesn’t mean that your site cant be hacked , everyday there are some vulnerability that are been found at wp , joomla , magento ect , which we need to patch

    the foremost thing is validation , jquery validation , sql validation html validation , server side , ect ,ect , this will show the strength of your website

    you should buy a good server , simple terms have upgraded servers

    and finally web security is not one time thing , this should be understand by website owner with importance of it. i have seen many ppl who doesn’t care and then after some days , months , their website gets attack , and then they blame hacker .

    and let me tell you that there are many good IT Indian companies , just there are several bad ones .

  4. wp has its limitations , if you are building one portal it wont have high value if you built in cms , about e bay , ebay owns magneto , so has built on magneto

  5. I am not saying WP is safe. I amsaying why go for a custom built CMS when there is WordPress. I have seen sites being sold for millions which are built on WordPress trust me. 

  6. Nice 🙂 Concise and to the Point, rest is just a learning curve.

    However these points stick out like a Sore thumb, with reference to the inspirational post you pointed to, that seems to have been a case of a Deal gone Wrong on Payment terms without any Formal Documentation, and maybe a few other factors known to the participants better, (This is how almost all Startups, especially the ones who do not have Technical knowledge start up and later learn and improve) Now That’s another story.

    Great to know you as a Technical person who understand Finance too who was learning code at night & pursuing CA 🙂 This comes out like a First Hand Experience of a freelancer, now looking to setup a Boutique company and making it BIG in the future.

    1. Stay away from cheap and desperate freelancers (Almost all Web design and development Entrepreneurs fall in this Category ?)
    2. Stay away from boutique IT companies (These should be a few Startups, who have managed to find their co-Founders as being non-Tech themselves ? Starting up with STD package deals)
    3. Stay away from companies who use words like outsourcing, SEO, temporary staffing (These are the ones who always are in the Market and connect the Above Two? Some body has to get the work done)
    4. Stay away from companies with an ugly website (now that would probably rule out all Indian companies) (Are you promoting Foreign Web Developers and companies here ?, with the Definition of an “Ugly website” it is personal opinion though, some others may still LIKE it “Application” and “Perception”) You are an Expert on “Beautifying” codes now ain’t you ? Planning to Move Out of India to start your own ?

    Ethical hacking, has its Rightful place in the System as well and there is an Increasing Industry just thriving on this, A lot of Techno Consultants who now have a Knowledge pool and are trying to Nurture the upcoming Generation Future engineers with this Information would know the BASICS where the latest entrants would never even know those parts to start with. There would always be Some who are Rotten Apples, but that gives the Demand for the White “hat”ers. The race is still on.

    As, you ended it correctly 🙂 

    but who do I hire?

    Me: I don’t know, really. 

    If you don’t Fit In, You are Probably Doing the Right thing!!!

    It is all a Question of Trust and Trial, what suits becomes the Norm.

  7. Nobody said WordPress can’t be hacked. It’s just helluva lot more secure than your home built CMS

    WordPress does handle server side validation for you, and so does a theme or plugin bought from a reliable vendor. That’s the best part.
    Relying on client side validation (jQuery) is useless. It’s like leaving the key in the lock.

    1. Stay away from cheap and desperate freelancers (Almost all Web design and development Entrepreneurs fall in this Category ?)

      A very large number of them, yes. Visit freelancer.com or oDesk and sort the vendors in the ascending order of their hourly rate. You’ll get an idea of what I am talking about. I am not trying to undermine what they do – I am trying to say that if you want a reliable and scalable site, stay away from these people.

    2. Stay away from companies who use words like outsourcing, SEO, temporary staffing (These are the ones who always are in the Market and connect the Above Two? Some body has to get the work done)

      SEO, outsourcing, support staff, temp staffing – these area form the bottom of the pyramid, have low barriers to entry and are generally flooded by people who have little idea on what they’re doing. These people are desperate to climb up the value chain and actively seek development work, even if they can’t handle it. These are the kind of people most likely to suggest you to go for a custom made CMS. You wouldn’t want to leave the security of your website in the hands of people who spam forums and comments, and farm links for a living.
      I am also not trying to undermine SEO as a profession.

    3. (Are you promoting Foreign Web Developers and companies here ?, with the Definition of an “Ugly website” it is personal opinion though, some others may still LIKE it “Application” and “Perception”) You are an Expert on “Beautifying” codes now ain’t you ? Planning to Move Out of India to start your own ?

      I have to admit I am somewhat biased here. I don’t think very highly of most Indian developers. I think that the UI and design of site speaks a lot about the people behind it. There are good Indian developers, but they are far too few.
      I have already, sort of, started something of my own. I have done some consulting work in the past, but I don’t do it anymore. And I am not a freelancer looking to start a boutique IT company. I am more of a product-guy. I am not planning to move out of India anytime soon. Great companies can be built out of India too 🙂

  8. Nailing it down now!!!

    Alok Kejriwal a non techie into technology from Socks to Mobile games is the Only Example I can find Quoting for this reason on THIS Forum 🙂

    Product or Service – The Debate continues. 

    Almost ALL TOP IT Companies from OUT of India Have More than 75% (conservative figure) of their TECH staff on the Top Posts from India or Indian Origin so to say.

    Also, they have now found it easier to Setup shop In India to do the same work when done outside it, so even if the Company is not Indian by default, the Work done is coming from them Majority times, so you need to remove the Bias now, I guess!!

    Good Luck!!

  9. Also, they have now found it easier to Setup shop In India to do the same work when done outside it, so even if the Company is not Indian by default, the Work done is coming from them Majority times, so you need to remove the Bias now, I guess!!

    If Indian engineers were paid half as much as their Western counterparts, the Indian IT industry would fall apart.

    This is why Indians dominate services, but not products.

  10. great post!! 😀 Thanks for taking time to put it down.

  11. Hi Nishant,

    I regret this being a public forum, I can’t manifest my true feelings for you after reading this. The post could hv been great, had you ended it at point 2.

    Now lets discuss point 3 & 4.

    First of all, after reading the whole post, the smile I had on my face upto point 2 faded away. You sound like Bill Gates, only difference Bill Gates is very much humble.

    What do you mean by point 3. Someone who is non-tech, using a technology to facilitate his business should first become a IT company, code and design the technology himself and then go for his core business. If everyone start following this rule, there will be only IT companies with no clients and you would be writing another post regarding, IT companies should hire each other. And if he can’t learn coding and still want to be in tech biz, so your suggestion to him is ‘you probably should have stuck with your job.’ Great, I hope everyone gets a mentor like you.

    And yes, IT companies don’t understand the architecture of your project, your requirements… I wonder why these IT companies exist, only for looting bhola bhala entrepreneur! But then you learnt coding for your project, I appreciate it, but what was the end result, you never launched it.

    Point 4. You are talking like those people who blame whole community for terrorism not the terrorist. If one of the freelancers or an IT company is incompetent, it doesn’t mean whole community is. For most of you ‘Stay Away’ points, Darshan has answered appropriately. One last thing, I’d like you to check out the percentage of Indian employees working at top position in Silicon Valley. Many of them return to India and launch their own venture in India. So do you mean, if someone working in AT&T Lab for years and return to India and start a company, even his company is ruled out according to your logic. Check out Mr. Hemant Nerurkar from http://www.mindcraft.in, I can give names of such 20-30 people. You just can’t insult the ability and achievements of Indian IT and non-tech Entrepreneurs. I hope if you are not Bill Gates, at least someone close to his level :p

  12. Did you even read what I wrote?

    And from where the heck did Bill Gates come in? Can’t you think of anyone other name? Your remind me of my 12-year-old self, who, somehow, was able to bring in Bill Gates in every conversation related to computers.

  13. I’d hv used Vinod Dham’s name then I thought you are too influential personality to be compared with small time IT guy like Vinod Dham so I named Bill Gates!

  14. When you can’t come up with a logical, data-backed argument, attack the author, eh?

    I am not completely sure what pissed you off so much, but I am guessing it’s because your work is related to something I criticised in point #3

  15. BOSS, I’m GONNA TAKE CLASSES from you when you join later this month.

    How about conducting this as sessions for therodinhoods.wpengine.com?!

  16. Thanks for the flattering words 🙂

    Will surely think about the session

  17. Hi Nishant,

    Thanks for being pathetic ! (pun intended)
    What you said, is like saying, since you are a muslim, you ought to be a terrorist.

    I don’t think, you even deserve a discussion with me or anyone else in this community. People are simply wasting their time in trying to put some senses into your article.

  18. Great post Nishant !

    I completely agree with you on the “do it yourself ” part. I have seen most of the CEO’s & Project Managers of this so called Web Development companies don’t know a damn thing about coding .They just agree with anything that the client wants just for getting that project without even knowing what the damn thing client wants & when they fail to deliver they start making up all sort of lame excuses to hide their incompetence.

Comments are now closed for this post.

Lost Password

Register