Web site security audit

This 'web site security audit' article is supplied by Web Site Security, where you can find more information about web site security audit.

Web Site Security Issues - An Understanding



It's unfortunate, but there are a lot of ways in which website security can be compromised. Security hazards lurk insidiously that impinge on Web servers and LANs (local area networks) on which Web sites reside, even by the natural use of a Web browser.

Web Masters come under fire when dealing with the gravest risks. As soon as a Web server is installed at a site, a porthole materializes in the local area network through which anyone who is using the Internet can peer. Naturally, for the most part website visitors look at no more than what they're meant to look at, but a minority make an effort to discover areas of the site which are not designed to be perceptible to the general public. Fraudulent visitors desire to go further than just look; they make an effort to unlock the window and slither through it. The damage intruders could cause might be sheer vandalism, such as substituting the website's home page with their own which could say or display anything, or else it could be theft, like gaining possession of a customers or sales database.

It is difficult to evade the probability that convoluted software contains bugs. Regardless of how systematically it's tested, there will be typically some combination of events or user actions, although it may arise seldom, that leads to a failure. Software bugs give rise to breaches in system security. A Web server is involved software that may very possibly include a security weakness.

It's not just the intricacy of a Web server which can trigger a glitch, but also its open architecture. Think about a CGI script as an example. A CGI script can be executed at the server in answer to a remote request from a client. This could be a request from an application or even the click of a button in a browser. If the CGI script includes a bug, there will be a danger of a security violation.

Network Administrators also have to face problems from Web servers due to the threat they pose to the security of the local area network. Although there ought to be no unauthorised intrusions, access must be granted to web site visitors. This means that access to the network should be controlled. The Administrator therefore must perform a delicate balancing act. Even the most sturdy firewall can be compromised if the Web server is configured badly. Concomitant with this constraint, normal use of the web site may be not possible if the firewall is configured poorly. Arriving at a model solution is still more complicated if an intranet is an element of the system. Typically, the Web server in that case needs to be configured to distinguish and verify domains and user groups, which are liable to have varying permission levels and access privileges.

Tip: For information with reference to an individual facet of website security, such as "web site security audit", search for the complete phrase on the Internet.

The majority of people using a browser to surf the Net think that they really are doing it anonymously and in safety. It is not so. Web browsers are able to execute self-contained programs on the user's computer that are located on a web site. Modern browsers show a caution and ask consent to execute those programs. Described generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, might easily inject a virus or other hazardous software on the browser user's computer. When it's in the system it can wreak all kinds of havoc and may be exceedingly stubborn to remove.

This is also a worry for Network Administrators. Web browsers afford a means for possibly malicious software to permeate all the way through the local area network's firewall. As soon as it is in the system, the damage it might inflict can go from clandestinely gaining possession of private information to meaningless destruction.

Aside from the problems to do with active content, simply browsing the Internet records a trail of the user's activities in the browser's history. This may be utilised by websites and installed software programs to create a precise report of the user's behavior and preferences. Although this might be unacceptable as an invasion of privacy by some people, it can be constructive by providing related subject matter straight away, thus exonerating the user of the job of looking for it.

Secrecy is a problem that worries not just browser users but also Web Masters and Network Administrators during the actual transmission of data by means of the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Internet. When it was created, security wasn't the principal aspect of its blueprint. Both network and Internet transmissions should therefore not be thought of as as essentially confidential. Every time the browser on a local machine downloads a sensitive file from the remote Web server, or the browser user fills out a form with personal information and clicks the 'Submit' button, the transmitted information could be intercepted without authorisation.

To find out more about 'web site security audit', visit website-security.biz.