Web site security test tools

This 'web site security test tools' article is supplied by Web Site Security, where you can find more information about web site security test tools.

Examination of Web Site Security Concerns



An unfortunate fact is that there are many ways in which website security can be undermined. Security risks exist that could impinge on Web servers and LANs (local area networks) where Web sites reside, even by the natural use of a Web browser.

Web Masters face the flak when coping with the most dangerous threats. As soon as a Web server is installed at a site, a porthole is fabricated in the local area network through which anyone who is on the Internet can peer. Naturally, as a rule web site visitors see only what they're meant to look at, but some try to locate elements of the site that are not designed to be evident to the general public. Pernicious visitors would like to do other than only look; they try to unbolt the window and sneak through it. The harm intruders can cause might be sheer vandalism, such as changing the web site's home page with one of theirs which might say or display absolutely anything at all, or it could be theft, like stealing a contacts or sales list.

It's difficult to elude the likelihood that complicated computer software has bugs. No matter how systematically it is tested, there does exist frequently a particular combination of events or user actions, while it might transpire rarely, which will cause a failure. Computer software bugs produce breaches in system security. A Web server is convoluted software that may very possibly contain a security crack.

It is not just the complexity of a Web server that can produce a problem, but also its open architecture. Consider a CGI script as a case in point. A CGI script can be executed at the server in answer to a remote call from a client. It might be a request from an application or even the click of a button in a browser. If the CGI script has a bug, there's a risk of a security breach.

Network Administrators also have to face problems from Web servers due to the threat they pose to the security of the local area network. Despite the fact that there must be no unauthorized incursions, admittance has to be given to website visitors. This means that access to the network should be regulated. The Administrator therefore must perform a delicate balancing act. Even the most robust firewall may be compromised if the Web server is configured poorly. Concomitant with this constraint, normal use of the web site may be impossible if the firewall is configured badly. Attaining a model resolution is even more tricky if an intranet exists as a constituent of the system. Typically, the Web server in that case has to be configured to identify and authenticate domains and user groups, which are likely to have varying permission levels and access privileges.

Tip: For information as regards a specialised facet of website security, for example "web site security test tools", search for the full phrase on the Internet.

Most people using a browser to surf the Net believe that they are doing it in secret and securely. This is not the case. Web browsers can run autonomous programs on the client computer which are hosted by a web site. Current browsers show a notice and request permission to execute these kinds of programs. Described commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily deposit a virus or other dangerous software on the browser user's computer. As soon as it is in the system it can wreak all kinds of catastrophe and can be exceedingly stubborn to eradicate.

This is also a concern for Network Administrators. Web browsers offer a route for potentially malicious software to filter all the way through the local area network's firewall. Once it is in the system, the damage it might inflict can vary from furtively stealing confidential information to wanton carnage.

Besides the problems to do with active content, merely browsing the Internet records a trail of the user's activities in the browser's history. This might be utilized by web sites and installed programs to create an exact profile of the user's behaviour and interests. Despite the fact that this might be frowned upon as an invasion of privacy by some, it can be positively effective by providing related subject matter without delay, so unburdening the user of the chore of looking for it.

Privacy is a question which worries not just browser users but also Web Masters and Network Administrators for the duration of the actual transmission of data via the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Internet. When it was formed, security was not the principal factor of its blueprint. Both network and Internet transmissions should therefore not be thought of as as essentially confidential. Whenever the browser on a local computer downloads a confidential document from the remote Web server, or the browser user fills out a form with confidential data and clicks the 'Submit' button, the transmitted information could be intercepted without consent.

To find out more about 'web site security test tools', visit website-security.biz.