How to test web site security

This 'how to test web site security' article is supplied by Web Site Security, where you can find more information about how to test web site security.

Website Security Considerations - An Understanding



An unfortunate fact is that there are lots of ways in which website security can be compromised. Security hazards are ever present which might affect Web servers and LANs (local area networks) where Web sites reside, even by the regular use of a Web browser.

Web Masters face the flak when dealing with the critical challenges. As soon as a Web server is set up at a site, a window is made in the local area network through which anyone using the Internet can look. Naturally, on the whole website visitors look at no more than what they are supposed to look at, but a few make an effort to discover areas of the site which aren't designed to be observable by the world. Dishonest visitors intend to do more than only look; they make an effort to undo the window and creep inside. The harm they may inflict might be mere vandalism, for instance changing the website's home page with their own that could say or show absolutely anything, or it might be burglary, such as appropriating a customers or orders list.

It's difficult to avoid the likelihood that intricate computer software includes bugs. Regardless of how methodically it's tested, there exists by and large a particular order of events or user actions, even though it may be rare, which brings about a fault. Software bugs cause gaps in system security. A Web server is intricate software which may quite possibly contain a security crack.

It is not merely the intricacy of a Web server which may instigate a problem, but also its open architecture. Consider a CGI script as an example. A CGI script may be processed at the server in response to a remote request from a client. This might be a request from an application or even the click of a button in a browser. If the CGI script includes a bug, there may be a danger of a security breach.

Network Administrators also have to handle problems from Web servers on account of the risk they pose to the security of the local area network. Though there ought to be no unauthorised intrusions, access must be given to web site visitors. This means that access to the network has to be regulated. The Administrator therefore needs to perform a delicate balancing act. Even the most sturdy firewall can be breached if the Web server is configured poorly. Concomitant with this constraint, normal use of the web site can be unachievable if the firewall is configured poorly. Arriving at a model resolution is even more difficult if an intranet is an element of the system. Typically, the Web server then needs to be configured to distinguish and validate domains and user groups, which are liable to have differing permission levels and access rights.

Tip: For ideas regarding a detailed aspect of web site security, for example "how to test web site security", look for the full phrase on the Internet.

Nearly everybody using a browser to surf the Internet suppose that they really are doing so incognito and in safety. It is not the case. Web browsers may execute autonomous programs on the user's computer which are hosted by a website. Modern browsers display a caution and ask consent to execute these kinds of programs. Known commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, might easily leave a virus or other dangerous software on the browser user's machine. After it's in the system it can cause all kinds of havoc and can be extremely hard to eliminate.

This is also a concern for Network Administrators. Web browsers present a path for possibly malicious software to permeate all the way through the local area network's firewall. Once it is in the network, the harm it could cause can vary from covertly stealing sensitive information to wanton carnage.

Aside from the issues to do with active content, just surfing the Web leaves a trail of the user's activities in the browser's history. This could be utilised by websites and installed software programs to establish an exact profile of the user's behavior and interests. Despite the fact that this might be frowned upon as an invasion of privacy by some people, it can be positively effective by displaying germane content immediately, thus relieving the user of the task of trying to find it.

Privacy is a subject that concerns not only browser users but also Web Masters and Network Administrators in the actual transmission of data via the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Internet. When it was formed, security was not the most influential feature of its design. Both network and Internet transmissions should therefore not be thought of as as automatically private. Any time the browser on a local machine downloads a confidential document from the remote Web server, or the browser user fills in a form with confidential data and clicks the 'Submit' button, the transmitted information could be intercepted without authorization.

To find out more about 'how to test web site security', visit website-security.biz.