Webform and websites

Contents

Webform and websites#

Problem#

Hosting a webform on the internet is a complex problem due to all security threads.

When deploying a webform on a site you will be sure to be very vulnerable for a risk that is mentioned in the OWASP Top Ten. And mitigating these risks is often not so simple.

Internet technology is constantly evolving and requires deep technical knowledge. And the most important danger is: The many possible cyber security threats when hosting a web form that require complex measurements to mitigate!

Hosting a form on the internet means you must:

  1. Deal with spammers and automatic bots.

  2. Cyber Security: Hosting a web form makes every site a bit more vulnerable.

  3. Have a software maintenance process that deals with security and privacy

  4. Make sure your form will be shown correctly on all devices and with all thinkable browsers.

  5. Deal with vulnerabilities. Hosting a web form makes you vulnerable for data gathered. To safeguard trusted emails and other data should give you a headache. Data leakage must be prevented at all times.

Solution#

There is not one single solution that is the holy grail when dealing with a webform. Depending on your specific context, many solutions exist.

Simple solutions are:

  1. Do not use a web form. Never ever. Let our potential customers contact you by email or plain old telephone. Too often a simple contact web form does not give extra value. An interested customer will call or email you.

  2. Use a hosted solution. Think of a Google web form or even better a hosted FOSS solution which takes care of the must do security measurements. Most complicated cyber security aspects on network security level are then handled by people who should have the expertise for this.

  3. Use a proven battle tested FOSS solution. However the truth is: Hosting a web form means you will be continuously fighting spammers and hackers. Even if network security is managed by your hosting provider, receiving mail bombs is still possible.

  4. DIY or buy a custom made solution. Note most custom solutions will not release you from all cyber and privacy misery that can occur!

The more input fields you have in a webform the harder it will be to mitigate all threads. In all cases simple means to avoid dealing with large file uploads. But the truth is: Sometimes you must! And easy reusable solutions for these patterns are not often not yet shared in as FOSS solution building blocks.

Contents