Web site security certification

This 'web site security certification' article is supplied by Web Site Security, where you can find more information about web site security certification.

An Evaluation of Web Site Security Concerns



Alas, there are lots of ways in which website security can be adversely affected. For example, security hazards are ever present that can impinge on Web servers and LANs (local area networks) on which Websites reside, even by the routine use of a Web browser.

Web Masters shoulder the responsibility when handling the gravest risks. As soon as a Web server is set up at a site, a window materialises in the local area network through which anyone on the Internet can peek. Of course, for the most part web site visitors look at only what they're meant to see, but a minority endeavor to find parts of the site which aren't meant to be observable by the public. Malicious visitors mean to go further than only look; they make an attempt to unfasten the window and sneak inside. The damage intruders could inflict might be sheer vandalism, such as replacing the web site's home page with theirs which could say or show anything, or else it might be theft, such as appropriating a customers or sales database.

It's difficult to escape the probability that convoluted computer software contains bugs. No matter how scrupulously it's tested, there does exist by and large some permutation of events or user actions, although it may transpire hardly ever, that creates a failure. Computer software bugs give rise to flaws in system security. A Web server is convoluted software that can quite likely include a security weakness.

It is not just the complexity of a Web server that can cause a problem, but also its open architecture. Consider a CGI script as a case in point. A CGI script may be run at the server in answer to a remote call from a client. It could be a request from a program or even the click of a button in a browser. If the CGI script contains a bug, there will be a risk of a security violation.

Network Administrators also have to tackle problems from Web servers because of the danger they pose to the security of the local area network. Whereas there should be no unauthorized incursions, access has to be given to website visitors. This means that access to the network must be regulated. The Administrator therefore needs to perform a delicate balancing act. Even the most sturdy firewall can be undermined if the Web server is configured poorly. Bearing that in mind, normal use of the web site may be unachievable if the firewall is configured poorly. Finding an ideal solution is yet more tricky if an intranet is a constituent of the system. Typically, the Web server in that case has to be configured to identify and validate domains and user groups, which are likely to have differing permission levels and access rights.

Suggestion: For ideas concerning a specialised viewpoint of website security, such as "web site security certification", look for the complete expression on the Internet.

Almost all people using a browser to surf the Internet suppose that they're doing it namelessly and safely. This is not so. Web browsers can execute autonomous software on the user's computer which are resident on a website. Modern browsers show a warning and ask authorization to run those programs. Known generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, can easily inject a virus or other dangerous software on the browser user's machine. When it is in the system it can inflict all kinds of catastrophe and can be extremely tough to eliminate.

This is also a concern for Network Administrators. Web browsers provide a means for potentially malicious software to filter through the local area network's firewall. When it is in the system, the harm it is able to inflict can vary from furtively appropriating private information to motiveless spoliation.

Besides the matters involving active content, merely surfing the Internet records a trail of the user's activities in the browser's history. This might be used by websites and installed software to determine an exact profile of the user's behaviour and interests. Although this might be thought of as an invasion of privacy by some, it can be useful by displaying appropriate content directly, thus unburdening the user of the chore of searching for it.

Privacy is a question which concerns not only browser users but also Web Masters and Network Administrators during the actual transmission of information via the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Internet. When it was formed, security was not the principal aspect of its design. Both network and Internet transmissions should therefore not be thought of as as essentially confidential. Each time the browser on a local computer downloads a confidential file from the remote Web server, or the browser user fills out a form with confidential information and clicks the 'Submit' button, the transmitted data might be intercepted without authorization.

To find out more about 'web site security certification', visit website-security.biz.