Common website security problems

This 'common website security problems' article is supplied by Web Site Security, where you can find more information about common website security problems.

Web Site Security Issues - An Evaluation



Unfortunately, there are a lot of ways in which website security can be compromised. For example, security hazards exist which might impinge on Web servers and LANs (local area networks) on which Websites are hosted, even by the regular use of a Web browser.

Web Masters are in the front line when handling the major threats. As soon as a Web server is installed at a site, a window appears in the local area network through which anyone using the Internet can peek. Naturally, most website visitors see only what they're meant to see, but a minority attempt to find areas of the site that aren't designed to be perceptible to the rest of the world. Iniquitous visitors wish to do more than simply look; they endeavour to unbolt the window and steal in. The damage they can cause might be mere vandalism, such as replacing the website's home page with their own that might say or display absolutely anything at all, or else it might be burglary, like stealing a contacts or orders list.

It's hard to evade the probability that complicated software has bugs. No matter how scrupulously it is tested, there exists usually some combination of events or user actions, although it might be rare, which will cause an error. Computer software bugs cause flaws in system security. A Web server is complicated software that can very possibly include a security flaw.

It's not merely the complexity of a Web server which can trigger a glitch, but also its open architecture. Think about a CGI script as a case in point. A CGI script may be run at the server in answer to a remote call from a client. This could be a request from a program or even the click of a button in a browser. If the CGI script contains a bug, there will be a possibility of a security breach.

Network Administrators also have to confront problems from Web servers because of the threat they pose to the security of the local area network. Despite the fact that there ought to be no unauthorized incursions, access has to be given to web site visitors. This means that access to the network should be regulated. The Administrator therefore needs to perform a delicate balancing act. Even the most robust firewall may be undermined if the Web server is configured badly. Concomitant with this constraint, normal use of the web site can be not viable if the firewall is configured poorly. Arriving at a perfect resolution is still more difficult if an intranet forms an element of the system. Typically, the Web server then must be configured to recognise and validate domains and user groups, which are liable to have varying permission levels and access privileges.

Suggestion: For ideas as regards a particular side of web site security, for instance "common website security problems", search for the full phrase on the Net.

Nearly everybody using a browser to surf the Web trust that they really are doing so secretly and in safety. This is not so. Web browsers can execute autonomous software programs on the local machine that are resident on a website. Modern browsers display a notice and ask permission to execute these kinds of programs. Described commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily inject a virus or other dangerous software on the browser user's machine. As soon as it's in the system it can wreak all kinds of catastrophe and may be very tough to remove.

This is also a concern for Network Administrators. Web browsers make available a path for potentially malicious software to filter all the way through the local area network's firewall. As soon as it is in the network, the harm it might inflict can extend from stealthily stealing private information to wanton spoliation.

Aside from the matters in re active content, merely surfing the Web leaves a trail of the user's activities in the browser's history. This can be utilised by websites and installed software to determine an exact profile of the user's behaviour and preferences. Although this might be considered an invasion of privacy by some people, it can be positively effective by showing appropriate content straight away, so relieving the user of the job of looking for it.

Secrecy is a topic that worries not just browser users but also Web Masters and Network Administrators during the actual transmission of information via the Internet. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Internet. When it was formed, security was not the principal feature of its blueprint. Both network and Internet transmissions should therefore not be thought of as as necessarily confidential. When the browser on a local machine downloads a private file from the remote Web server, or the browser user completes a form with confidential information and clicks the 'Submit' button, the transmitted information might be intercepted without authorisation.

To find out more about 'common website security problems', visit website-security.biz.