By Enindu Alahapperuma on

POSSE: Medium, Mastodon, X (Twitter)

Discussion Website competition

In Sri Lanka, we have, a competition for websites organised annually by the LK Domain Registry. The rules are simple. If you have a website with a .lk domain, you can apply. According to their website, winning websites are judged on creativity, quality of graphic design, artistry, technological expertise, and content quality. They have a full list of criteria on their website. I just prefer not to create a backlink by posting the URL here, you can find it easily.

When you submit your website to, they run tests on it. However, I have doubts about their process because my employer submitted websites several years ago. Surprisingly, instead of checking the websites themselves, the "experts" checked the network and sent a huge list of reports claiming we needed to fix issues to stay in the competition.

I don't know what tool they use today, but back then they clearly used Nessus, a proprietary network vulnerability scanning tool developed by Tenable. So, technically, these "experts" used a network vulnerability scanner to assess "creativity, quality of graphic design, artistry, technological expertise, and content quality." I simply cannot understand how this approach identifies the best website.

Here's a list of vulnerabilities found on one of our websites:

  • DNS server spoofed request amplification DDoS
  • SSL medium strength cipher suites supported (SWEET32)
  • SSL certificate with wrong hostname
  • TLS version 1.0 protocol detection

As you can see, these are common vulnerabilities on most shared servers. Typically, shared server users lack the access needed to fix them. The solutions usually involve moving your website to a dedicated or virtual cloud server, or using a reverse proxy server for caching the origin server, which is a relatively affordable and simple option.

The solution is straightforward, but as mentioned, that's not the real problem. If aims to find the best website based on their criteria, why on earth do they scan the network? Additionally, what purpose do the criteria even serve?

My conclusion: is simply a marketing ploy for web design agencies.

While developers certainly need to adhere to proper standards,'s standards are a joke. They neither reflect the challenges of modern websites nor offer any real solutions. Most web development companies exploit this opportunity to win awards and showcase them to clients with claims like "Hey, see this? We're the best web development agency because we won these awards for our websites!" Unfortunately, since holds no real value, these agencies gain nothing from such awards. As I mentioned, some even dedicate teams to updating websites based on criteria just before the competition. Clients, however, remain unaware of this charade. They don't waste money on random web design agencies; they seek facts, and they perceive as a credible source, not because it is, but because web development companies have conditioned them to believe it is.

I hold no personal grudge against any of these practices. My sole concern is the web design and development industry. These nonsensical competitions do not contribute to progress within the field. Developers need proper standards and guidelines, not self-serving platforms for marketing tactics. Perhaps that was the original intent? If so, then disregard everything I've said.