Web site security requirements
This 'web site security requirements' article is supplied by Web Site Security, where you can find more information about web site security requirements.
Evaluation of Web Site Security Considerations
An unfortunate fact is that there are numerous ways in which web site security can be imperilled. For example, security risks lurk insidiously that may have an effect on Web servers and LANs (local area networks) on which Web sites reside, even by the conventional use of a Web browser.
Web Masters are in the front line when managing the most acute threats. As soon as a Web server is installed at a site, a window is made in the local area network through which anyone who is on the Internet can look. Obviously, on the whole web site visitors see only what they are meant to look at, but some make an effort to unearth areas of the site which aren't designed to be evident to the world. Nefarious visitors aspire to do other than only look; they make an effort to unbolt the window and slither in. The damage intruders may inflict might be sheer vandalism, for instance changing the web site's home page with one of theirs that might say or display anything, or else it might be larceny, like gaining possession of a contacts or orders list.
It's difficult to avoid the probability that convoluted software includes bugs. No matter how carefully it's tested, there's by and large some pattern of events or user actions, even though it may be rare, which causes a fault. Computer software bugs give rise to holes in system security. A Web server is complex software that can quite probably include a security crack.
It is not just the complexity of a Web server which can instigate a glitch, but also its open architecture. Think about a CGI script as an illustration. A CGI script can be processed at the server in answer to a remote call from a client. It could be a request from an application or even the click of a button in a browser. If the CGI script has a bug, there's a chance of a security violation.
Network Administrators also have to deal with problems from Web servers because of the threat they pose to the security of the local area network. Though there must be no unauthorised incursions, admission has to be granted to website visitors. This means that access to the network has to be controlled. The Administrator therefore needs to perform a delicate balancing act. Even the most robust firewall can be compromised if the Web server is configured poorly. Bearing that in mind, normal use of the web site may be unattainable if the firewall is configured poorly. Arriving at a perfect answer is yet more difficult if an intranet exists as part of the system. Usually, the Web server in that case must be configured to recognize and verify domains and user groups, which are liable to have differing permission levels and access privileges.
Suggestion: For advice about a particular aspect of website security, for instance "web site security requirements", search for the complete phrase on the Web.
Almost anyone using a browser to surf the Internet believe that they're doing so secretly and in safety. This is not correct. Web browsers can execute autonomous software on the user's computer that are hosted by a web site. Modern browsers show a warning and ask permission to run such programs. Described generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily install a virus or other dangerous software on the browser user's machine. As soon as it is in the system it can inflict all kinds of catastrophe and may be very awkward to remove.
This is also a concern for Network Administrators. Web browsers afford a route for potentially malicious software to seep through the local area network's firewall. After it is in the system, the harm it can inflict can go from covertly appropriating confidential information to meaningless demolition.
Aside from the problems regarding active content, just surfing the Web leaves a trail of the user's activities in the browser's history. This might be utilised by websites and installed software programs to ascertain an accurate report of the user's behaviour and preferences. Despite the fact that this may be considered an invasion of privacy by some people, it can be useful by displaying germane subject matter instantly, so exonerating the user of the chore of trying to find it.
Confidentiality is a question which concerns not only browser users but also Web Masters and Network Administrators for the duration of the actual transmission of information via the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Net. When it was formed, security wasn't the principal aspect of its blueprint. Both network and Internet transmissions should therefore not be considered as necessarily confidential. When the browser on a local computer downloads a sensitive document from the remote Web server, or the browser user fills in a form with personal data and clicks the 'Submit' button, the transmitted information might be intercepted without authorization.
To find out more about 'web site security requirements', visit website-security.biz.