It’s a sign of the times. In the past month, there has been a rash of high-profile attacks on websites, and in some cases, the social networks that connect to them.

Because of the popularity of using social media to promote content, many companies have gone out their way to make sure that their web and blog content is easily sharable on a variety of social networks. To meet this demand, hundreds of third-party social-sharing apps, widgets, and plugins have sprung up that can be easily installed on any website or blog to share content to Twitter, Facebook, Google+, and so on. And since many of these tools are available for free, they’ve propagated all over the web, from mom-and-pop blogs to corporate websites.

These apps are extremely useful and provide a great service. However, at least one software security firm believes that these types of apps provide amechanism for hackers to infiltrate corporate accounts, social media identities, and more.

We chatted with Fergal Glynn, former web developer, now Director of Marketing for Veracode. He and his company have worked out what they believe is a more secure alternative, and are on a quest to spread the word about it.

Security Begins at Home


Veracode originally contacted Sprout Insights about its new, security-focused social sharing widget, called SmartShare. According to Mr. Glynn, “Veracode is not a vendor or distributor of marketing or social software — we audit and security certify other people’s software.” He says that Veracode ended up developing SmartShare in-house “after an audit of third-party social sharing apps on our own site exposed a number of serious security vulnerabilities.”

“As we dug deeper into our third-party apps, we noticed that on the surface a lot of the code behind these free tools seems innocuous enough,” says Glynn. “But even though these apps are sometimes just a few lines of code, often they’ll make external calls for more code from third-party web servers, over which you have absolutely no control.”

SmartShare, in contrast, is designed to run on the same web server where your company’s web pages reside. Install about 50 lines of code and you’ll have fully functional sharing icons to the major social networks — Twitter, Facebook, LinkedIn and Google+. Veracode believes that SmartShare offers all this with comparatively little risk.

“Even our code is not 100 percent secure, however,” cautions Glynn. “We still have to rely on API calls (web requests) to and from the social networks’ servers but since we’re talking about Google, Facebook, Twitter, and LinkedIn, as opposed to some anonymous and potentially shady third-party services, we are as secure as those trusted networks when it comes to sharing content,” he says.

What Can Companies Do to Protect Themselves?

Fergal says that Veracode is offering SmartShare for free to everyone who’s interested in shoring up some of the more obvious security holes on their websites and blogs. “But this problem is much larger than just social sharing applications,” says Glynn. “Social sharing just happens to be where we saw one of the biggest needs for a more secure solution and it was also one of the places where we could deploy a solution very quickly.”

Mr. Glynn says that any company that suspects its website code and infrastructure to be vulnerable can contact Veracode for an initial consultation about various auditing and remediation options available. Veracode also offers a number of other free security monitoring tools.

How Do Companies Know They Can Trust Veracode?

How Can You Trust Veracode?
If Veracode is offering these code snippets free of charge, how do businesses know they’re not getting malicious code from Veracode itself? “First of all, our code doesn’t make any external server calls for more code,” says Glynn. You just copy it to your web server and make the corresponding adjustments to your webpages where you want the social sharing icons to appear.” With only several dozen lines of code, “it’s easy to see that there’s nothing else going on below the surface,” assures Glynn.

Veracode has an impressive client list that includes government agencies like the FAA and the USDA, as well as Fortune 500 companies such as Cisco and Delta Airlines. It was recently named one of the top 25 most promising companies in America. “This is what we do,” says Glynn. By promoting these free tools along with its security auditing services, says Fergal, “we see an opportunity to help our business, yes — but we’re also helping people and businesses secure the Internet for us all.”

What do you make of all the high-profile hacking that’s been going on lately? Share your thoughts in the comments below

[Image credits: Simon Cocks, gadgetdude]