Web site security assessment

This 'web site security assessment' article is supplied by Web Site Security, where you can find more information about web site security assessment.

Web Site Security Concerns - An Assessment



It's unfortunate, but there are several ways in which web site security can be circumvented. For example, security dangers lurk insidiously which impinge on Web servers and LANs (local area networks) where Websites reside, even by the regular use of a Web browser.

Web Masters are in the front line when handling the gravest risks. As soon as a Web server is set up at a site, a porthole appears in the local area network through which anyone who is using the Internet can look. Naturally, most website visitors see no more than what they're meant to see, but a minority attempt to locate parts of the site that aren't designed to be perceptible to the rest of the world. Fraudulent visitors aim to go further than merely look; they make an effort to unfasten the window and sneak through it. The damage intruders could cause might be mere vandalism, for example replacing the web site's home page with theirs that might say or show anything, or else it could be theft, like appropriating a contacts or sales database.

It is hard to elude the probability that complicated computer software contains bugs. Regardless of how carefully it is tested, there does exist as a rule a certain pattern of events or user actions, though it might take place on the odd occasion, which leads to a fault. Computer software bugs create breaches in system security. A Web server is complicated software which may very easily include a security hole.

It's not just the intricacy of a Web server that can produce a glitch, but also its open architecture. Think about a CGI script as an illustration. A CGI script may be processed at the server in reply to a remote call from a client. This might be a request from an application or even the click of a button in a browser. If the CGI script includes a bug, there is a danger of a security breach.

Network Administrators also have to face problems from Web servers as a consequence of the threat they pose to the security of the local area network. Despite the fact that there should be no unauthorised intrusions, access has to be given to web site visitors. This means that access to the network must be regulated. The Administrator therefore needs to perform a delicate balancing act. Even the most robust firewall may be undermined if the Web server is configured poorly. Bearing that in mind, normal use of the web site may be unattainable if the firewall is configured poorly. Attaining a perfect solution is still more difficult if an intranet is an element of the system. Typically, the Web server then must be configured to recognise and verify domains and user groups, which are apt to have varying permission levels and access privileges.

Suggestion: For ideas regarding a certain side of web site security, for example "web site security assessment", search for the complete expression on the Web.

The majority of people using a browser to surf the Internet suppose that they're doing it in secret and safely. This is not the case. Web browsers can process self-contained programs on the user's machine that are hosted by a website. Modern browsers show a warning and request authorisation to run these kinds of programs. Well-known generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily deposit a virus or other dangerous software on the browser user's machine. Once it is in the system it can wreak all kinds of damage and can be extremely stubborn to eliminate.

This is also a worry for Network Administrators. Web browsers supply a means for potentially malicious software to seep all the way through the local area network's firewall. As soon as it is in the network, the damage it could inflict can vary from stealthily appropriating confidential data to wilful destruction.

Apart from the concerns in re active content, just browsing the Internet leaves a trail of the user's activities in the browser's history. This can be utilized by web sites and installed programs to determine an exact report of the user's behaviour and interests. Though this may be considered an invasion of privacy by some people, it can be positively effective by showing appropriate subject matter immediately, thus exonerating the user of the chore of looking for it.

Privacy is a question that concerns not just browser users but also Web Masters and Network Administrators during the actual transmission of data by means of the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Internet. When it was formed, security was not the most essential feature of its design. Both network and Internet transmissions should therefore not be considered as necessarily private. Each time the browser on a local machine downloads a private file from the remote Web server, or the browser user completes a form with confidential information and clicks the 'Submit' button, the transmitted data might be intercepted without authorization.

To find out more about 'web site security assessment', visit website-security.biz.