Web site security evaluation

This 'web site security evaluation' article is supplied by Web Site Security, where you can find more information about web site security evaluation.

Web Site Security Considerations - An Examination



It's unfortunate, but there are many ways in which website security can be undermined. For example, security risks lurk insidiously which affect Web servers and LANs (local area networks) on which Websites reside, even by the routine use of a Web browser.

Web Masters bear the brunt when handling the critical threats. As soon as a Web server is installed at a site, a porthole appears in the local area network through which anyone using the Internet can peer. Of course, as a rule website visitors look at no more than what they're supposed to see, but a small number endeavor to uncover areas of the site which aren't designed to be observable by the rest of the world. Nefarious visitors desire to do other than just look; they make an effort to open the window and creep through it. The harm intruders can inflict might be mere vandalism, such as substituting the website's home page with theirs which might say or display anything at all, or else it might be robbery, like stealing a customers or sales list.

It's difficult to elude the virtual certainty that complex software contains bugs. No matter how comprehensively it's tested, there's by and large a particular pattern of events or user actions, although it may be uncommon, which will cause an error. Software bugs produce gaps in system security. A Web server is complicated software that can very easily include a security defect.

It's not only the intricacy of a Web server that can create a problem, but also its open architecture. Consider a CGI script as a case in point. A CGI script can be run at the server in response to a remote call from a client. It could be a request from a program or even the click of a button in a browser. If the CGI script contains a bug, there will be a risk of a security violation.

Network Administrators also have to cope with problems from Web servers due to the threat they pose to the security of the local area network. Although there ought to be no unauthorized incursions, admission has to be given to web site visitors. This means that access to the network should be controlled. The Administrator therefore must perform a delicate balancing act. Even the most robust firewall may be breached if the Web server is configured poorly. Bearing that in mind, normal use of the web site can be unattainable if the firewall is configured badly. Attaining a perfect solution is still more complicated if an intranet is an element of the system. Commonly, the Web server in that case needs to be configured to recognize and validate domains and user groups, which are likely to have differing permission levels and access privileges.

Suggestion: For information regarding a certain view of website security, such as "web site security evaluation", look for the full expression on the Web.

Nearly everybody using a browser to surf the Net think that they are doing it in secret and in safety. It is not the case. Web browsers can execute autonomous programs on the client machine which are resident on a website. Modern browsers show a warning and ask permission to run such programs. Well-known generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, can easily inject a virus or other dangerous software on the browser user's machine. Once it is in the system it can cause all kinds of havoc and may be extremely hard to remove.

This is also a concern for Network Administrators. Web browsers make available a path for possibly malicious software to permeate through the local area network's firewall. When it is in the network, the damage it can inflict can vary from furtively appropriating sensitive information to wanton carnage.

Apart from the matters surrounding active content, merely browsing the Web records a trail of the user's activities in the browser's history. This can be utilized by websites and installed software to establish a precise profile of the user's behavior and preferences. Although this may be unacceptable as an invasion of privacy by some people, it can be helpful by displaying appropriate subject matter immediately, thus relieving the user of the task of searching for it.

Confidentiality is an issue that worries not just browser users but also Web Masters and Network Administrators for the duration of the actual transmission of data by means of the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Net. When it was formed, security wasn't the most crucial aspect of its blueprint. Both network and Internet transmissions should therefore not be considered as necessarily private. Every time the browser on a local machine downloads a confidential document from the remote Web server, or the browser user fills out a form with confidential information and clicks the 'Submit' button, the transmitted data can be intercepted without authorisation.

To find out more about 'web site security evaluation', visit website-security.biz.