Web site security research

This 'web site security research' article is supplied by Web Site Security, where you can find more information about web site security research.

Website Security Considerations - An Understanding



Unfortunately, there are lots of ways in which web site security can be imperilled. For example, security hazards exist which may affect Web servers and LANs (local area networks) on which Web sites are situated, even by the customary use of a Web browser.

Web Masters face the flak when coping with the most dangerous risks. As soon as a Web server is set up at a site, a porthole is created in the local area network through which anyone who is using the Internet can peep. Naturally, the majority of website visitors see no more than what they're meant to look at, but a minority make an effort to locate parts of the site that are not meant to be perceptible to the public. Pernicious visitors intend to go further than only look; they endeavor to unfasten the window and creep inside. The damage intruders can cause might be mere vandalism, for instance substituting the website's home page with one of their own that could say or put on view anything, or it could be theft, like gaining possession of a customers or orders list.

It's hard to avoid the virtual certainty that intricate computer software contains bugs. No matter how painstakingly it's tested, there's typically a certain permutation of events or user actions, although it might arise once in a blue moon, that causes an error. Software bugs cause breaches in system security. A Web server is convoluted software that may very probably contain a security gap.

It is not only the complexity of a Web server which may create a problem, but also its open architecture. Consider a CGI script as an example. A CGI script may be run at the server in reply to a remote call from a client. It might be a request from an application or even the click of a button in a browser. If the CGI script has a bug, there is a danger of a security violation.

Network Administrators also have to tackle problems from Web servers owing to the danger they pose to the security of the local area network. Whereas there must be no unauthorised intrusions, admission must be granted to web site visitors. This means that access to the network has to be regulated. The Administrator therefore must perform a delicate balancing act. Even the most robust firewall can be breached if the Web server is configured badly. Bearing that in mind, normal use of the website can be not possible if the firewall is configured poorly. Finding a perfect answer is yet more complicated if an intranet forms part of the system. Typically, the Web server in that case needs to be configured to recognise and verify domains and user groups, which are likely to have differing permission levels and access privileges.

Suggestion: For ideas concerning a certain side of website security, e.g. "web site security research", look for the full expression on the Web.

The majority of people using a browser to surf the Net believe that they really are doing so namelessly and securely. This is not the case. Web browsers are able to execute self-contained software on the user's machine that are hosted by a website. Modern browsers display a warning and request permission to run those programs. Described commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, can easily inject a virus or other dangerous software on the browser user's PC. After it is in the system it can cause all kinds of catastrophe and can be exceedingly hard to eradicate.

This is also a worry for Network Administrators. Web browsers present a means for possibly malicious software to filter through the local area network's firewall. After it is in the system, the damage it might inflict can go from clandestinely appropriating private information to gratuitous carnage.

Apart from the issues in re active content, just browsing the Internet records a trail of the user's activities in the browser's history. This might be utilised by web sites and installed programs to create an accurate profile of the user's behavior and interests. Whereas this may be considered an invasion of privacy by some people, it can be positively effective by providing related subject matter instantly, so relieving the user of the chore of trying to find it.

Secrecy is a matter that worries not just browser users but also Web Masters and Network Administrators in the actual transmission of data by means of the Internet. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Net. When it was formed, security was not the principal feature of its blueprint. Both network and Internet transmissions should therefore not be thought of as as essentially private. Any time the browser on a local machine downloads a private document from the remote Web server, or the browser user completes a form with confidential data and clicks the 'Submit' button, the transmitted data may be intercepted without authorization.

To find out more about 'web site security research', visit website-security.biz.