Some websites use security through obscurity as their main means of protection. This methodology relies on making the vulnerabilities hard to obtain by not making the system’s design known to the general public. As anyone knows, a secret is never a secret for very long. This is bad practice and careless. Concealing a vulnerability will only delay an attacker and not pass any form of security testing. The right approach is to have security as part of the design process of a system.