Originally posted to LinkedIn on October 3, 2018
Until recently, most developers, especially in the Enterprise space, have been pretty unfamiliar with the Google Search Console. The Search Console is something marketers use to see how their site is performing from an SEO perspective (SEO being that black art that many developers don't trust or put much thought into, unfortunately). Well, this separation or abdication of responsibility to the Google Gods by developers is over. With the rise and power of Google's Safe Browsing tools, that warn users of malware, unwanted software, and phishing/social engineering, developers must test their sites often and proactively to ensure they don't get on Google's blacklist. If you do, users could be blocked from viewing your site in Firefox and Chrome, for at least 72 hours!
If you are thinking "I protect my site and run penetration tests and that should be enough," you are wrong. Recently, our team has seen several instances where the site received a clean bill of health from scanning tools, only to be dinged by Google. Although Safe Browsing has been around for over 10 years, it does seem that there is more aggressive enforcement going on. There are many false positives too, which means human interpretation is important.
Here is what you need to do to keep your site healthy in the eyes of Google:
- First off, ensure your developers have access to Search Console (where you will be notified of any issues) and are familiar with the interface. They have a new version out now, so it's not that simple to navigate currently. I suggest toggling to the 'old version' for viewing "Security Issues."
- Check your site's status here: https://transparencyreport.google.com/safe-browsing/search
- Run regular OWASP scans as many vulnerabilities found through the scan may overlap with Google's findings. Also, it's just good practice. Find a list of scanners here.
In addition to these reasons, developers should also be paying attention to Mobile Usability and SEO through the console, but at the very least they need to keep your site off the blacklist.