Web site security test

This 'web site security test' article is supplied by Web Site Security, where you can find more information about web site security test.

Understanding Website Security Concerns



Unfortunately, there are many ways in which website security can be breached. Security risks exist that impinge on Web servers and LANs (local area networks) on which Web sites reside, even by the ordinary use of a Web browser.

Web Masters bear the brunt when dealing with the gravest risks. As soon as a Web server is set up at a site, a porthole is established in the local area network through which anyone on the Internet can peer. Of course, on the whole website visitors see no more than what they're supposed to see, but a small number make an effort to uncover parts of the site that aren't intended to be evident to all and sundry. Fraudulent visitors intend to do more than merely look; they endeavour to unbolt the window and sneak in. The harm they can cause might be sheer vandalism, for example replacing the website's home page with one of their own which might say or put on view absolutely anything, or it could be burglary, like gaining possession of a customers or orders list.

It is hard to escape the virtual certainty that convoluted software contains bugs. Regardless of how methodically it is tested, there's by and large a certain pattern of events or user actions, even if it might come about seldom, which creates a fault. Computer software bugs produce gaps in system security. A Web server is complicated software which can very possibly include a security gap.

It's not merely the intricacy of a Web server which can create a problem, but also its open architecture. Consider a CGI script as an example. A CGI script can be run at the server in reply to a remote call from a client. It might be a request from a program or even the click of a button in a browser. If the CGI script contains a bug, there could be a danger of a security violation.

Network Administrators also have to handle problems from Web servers owing to the threat they pose to the security of the local area network. While there must be no unauthorised incursions, right of entry must be granted to website visitors. This means that access to the network has to be controlled. The Administrator therefore must perform a delicate balancing act. Even the most robust firewall may be breached if the Web server is configured badly. Concomitant with this constraint, normal use of the website may be not viable if the firewall is configured poorly. Reaching an ideal answer is yet more difficult if an intranet exists as an element of the system. Typically, the Web server then needs to be configured to identify and validate domains and user groups, which are apt to have varying permission levels and access privileges.

Suggestion: For ideas in relation to a certain aspect of website security, for instance "web site security test", look for the complete expression on the Internet.

Nearly all people using a browser to surf the Internet believe that they really are doing it incognito and securely. It is not so. Web browsers can execute autonomous software programs on the local computer which are located on a website. Modern browsers show a warning and ask consent to execute such programs. Described generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily inject a virus or other dangerous software on the browser user's machine. After it's in the system it can cause all kinds of catastrophe and may be very tricky to delete.

This is also a worry for Network Administrators. Web browsers offer a means for possibly malicious software to seep through the local area network's firewall. When it is in the system, the harm it can cause can range from covertly gaining possession of sensitive information to meaningless spoliation.

Besides the concerns involving active content, merely browsing the Web leaves a trail of the user's activities in the browser's history. This might be utilised by web sites and installed programs to determine a precise report of the user's behaviour and preferences. Despite the fact that this may be considered an invasion of privacy by some, it can be beneficial by offering related subject matter straight away, thus unburdening the user of the task of searching for it.

Confidentiality is a question that concerns not just browser users but also Web Masters and Network Administrators for the duration of the actual transmission of information via the Internet. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Net. When it was formed, security wasn't the principal factor of its design. Both network and Internet transmissions should therefore not be thought of as as necessarily private. Each time the browser on a local computer downloads a private document from the remote Web server, or the browser user fills in a form with private data and clicks the 'Submit' button, the transmitted information might be intercepted without consent.

To find out more about 'web site security test', visit website-security.biz.