SafetyDetectives spoke with Dennis Maina, founder of DentriceDev Solutions, about what motivated him to start his company, the cybersecurity challenges that he faces while developing websites and apps, and the necessary steps to recover a hacked website.
Can you talk about your journey and how you started in IT and
development?
My progress was slow and steady because I was also improving other parts
of my life that have helped me become a better person and ultimately a
better developer. Now that I am a Software Engineer, I get to work with
amazing teams from all over the world. To wake up every day knowing that
I get to do what I love is what has kept me motivated along the way.
Unlike many Tech Gurus who “started coding” when they were 5, I only
knew about the computer world and the infinite possibilities it holds
while I was searching for a course to do for my degree. That’s when I
stumbled upon the Software Engineering course, not knowing what it
entailed but decided to give it a shot. Having no prior experience with
code, I felt lost and didn’t understand the value of the concepts of
algorithms and computer designs/systems. It felt as though the program
was geared toward people who already knew how to code.
After two years when I finally had a grasp of these concepts and had a
working coding knowledge in web design, I decided to launch a web design
company and invited a few classmates to join me in the development work
part-time as a side hustle.
Getting the first client was the biggest hustle having no proven track
record and having strong companies to compete with yet with minimal
knowledge. When we finally landed our first client (Gendynasty(not in
business now)), they gave us hope by giving us a chance to show what we
can do. We delivered an amazing website and they ended up referring
other clients to us.
And that marked the beginning of an amazing adventure of exploring the
limits of technology. And with that, DentriceDev Solutions was born.
What motivated you to start DentriceDev Solutions?
The idea of creating something from the ground up has always resonated
well with me.
At the start, DentriceDev Solutions was created to earn extra money as a
sophomore to handle the crazy university tuition and expenditures.
What are some of that main services that DentriceDev Solutions
offers?
DentriceDev Solutions offers services ranging from;
- Web Application development.
- Mobile Application development.
- Digital Marketing
- Server Management.
- website maintenance.
- IT Consultancy.
- Search Engine Optimization.
- Outsourcing Services.
What are some of the cybersecurity challenges that your team faces
when building websites and mobile apps?
When building websites with forms, we’re always careful in handling
user-submitted data and make sure it undergoes proper sanitation to
prevent SQL injection attacks.
Another general challenge is that of an insider attack where an employee
with malicious intent can expose confidential data to an unintended
audience. To handle this we make sure our ACL gives each user minimal
permissions to only perform what they are supposed to do.
When it comes to mobile apps, one of the greatest threats is reverse
engineering, especially subscription-based systems when an attacker can
reverse engineer to figure out a way to bypass the measures in place.
another issue is insecure communication which is often overlooked when a
developer sees some communication as unimportant and fails to encrypt
it, then it turns out in hindsight that it was important after all.
In general, DDoS attacks are the most common type of attacks that we
face daily. Despite setting up throttling in our API endpoints, we
advise our clients to pay for services like Cloudflare to add a layer of
protection against such attacks or host their entire application
back-end on AWS and set up WAF and Shield Advanced to protect their
systems.
What are some of the best tools to secure a website from hackers?
The most critical tool is writing clean and secure code. And since no
code is purely unbreakable, external tools come into play.
Some of the tools we utilize include Cloudflare and AWS. These come in
handy while protecting against DDoS attacks.
How can a small business owner reclaim a website that has been
hacked?
- The first step would be to inform your hosting provider about the
incident. In most cases, the hosting provider will be able to know how
to fix the problem much better than you. - Take the site offline. Next, you should take the website offline to
analyze the damage and the affected pages. This will give you a better
chance of finding where the intruders got into the system and removing
their malicious code. - Assess the damage. If your site holds sensitive customer data, make
assess the damage to know what has been compromised to take the
appropriate steps in recovering and securing the data better. - Identify the vulnerability. You’ll need to identify the vulnerability
and patch it before bringing your site back up online. - Server cleanup. After all is done, it’s essential to clean up the
server to remove and correct damage to the file system that might have
been caused, restore backups that were created before the site was
compromised, and do software updates.
From an online security perspective, is it better to use a platform such as WordPress, which has built-in security and plugins, or a custom-built website?
A custom-built website has better security than WordPress.
When using WordPress, there’s a better chance that most or some of the
plugins your website is using are vulnerable to an attack or have been
placed strategically by an attacker masquerading as legit work.
Also, WordPress uses MD5 to hash sensitive data, which is one of the
weakest algorithms to break from an attacker.