Website security auditing

This 'website security auditing' article is supplied by Web Site Security, where you can find more information about website security auditing.

Website Security Considerations - An Evaluation



It's unfortunate, but there are lots of ways in which web site security can be circumvented. Security dangers are ever present that have an effect on Web servers and LANs (local area networks) on which Web sites are hosted, even by the customary use of a Web browser.

Web Masters shoulder the responsibility when handling the critical challenges. As soon as a Web server is set up at a site, a porthole is made in the local area network through which anyone on the Internet can peer. Obviously, most web site visitors see only what they are supposed to see, but some make an effort to locate elements of the site which are not designed to be perceptible to the public. Pernicious visitors aspire to do more than merely look; they make an effort to unbolt the window and steal inside. The harm intruders could cause might be sheer vandalism, for example changing the website's home page with one of their own which could say or show anything at all, or else it might be robbery, like gaining possession of a customers or sales database.

It's hard to evade the virtual certainty that convoluted software contains bugs. Regardless of how meticulously it is tested, there is usually a particular order of events or user actions, even though it may occur once in a blue moon, that causes a failure. Software bugs give rise to flaws in system security. A Web server is involved software which may very probably contain a security flaw.

It's not merely the intricacy of a Web server that can create a glitch, but also its open architecture. Consider a CGI script as an illustration. A CGI script may be executed at the server in answer to a remote request from a client. It might be a request from a program or even the click of a button in a browser. If the CGI script has a bug, there is a possibility of a security breach.

Network Administrators also have to face problems from Web servers owing to the danger they pose to the security of the local area network. Though there must be no unauthorised intrusions, access has to be granted to web site visitors. This means that access to the network should be controlled. The Administrator therefore has to perform a delicate balancing act. Even the most sturdy firewall can be breached if the Web server is configured badly. By the same token, normal use of the website can be impossible if the firewall is configured poorly. Attaining a model solution is still more tricky if an intranet forms a constituent of the system. Typically, the Web server then has to be configured to distinguish and validate domains and user groups, which are apt to have differing permission levels and access rights.

Tip: For ideas concerning a special viewpoint of web site security, for instance "website security auditing", look for the complete expression on the Web.

Nearly everybody using a browser to surf the Internet suppose that they really are doing so incognito and in safety. This is not so. Web browsers are able to process self-contained software on the local computer that are resident on a web site. Current browsers show a notice and ask consent to run such programs. Well-known generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, may easily install a virus or other hazardous software on the browser user's PC. As soon as it is in the system it can cause all kinds of catastrophe and can be extremely hard to remove.

This is also a concern for Network Administrators. Web browsers make available a way for potentially malicious software to permeate through the local area network's firewall. As soon as it is in the system, the harm it can cause can go from secretly appropriating sensitive information to wanton destruction.

Besides the matters regarding active content, simply browsing the Web records a trail of the user's activities in the browser's history. This might be used by web sites and installed programs to establish an exact report of the user's behavior and interests. Whereas this may be thought of as an invasion of privacy by some, it can be positively effective by providing pertinent content without delay, thus relieving the user of the task of searching for it.

Secrecy is a topic which worries not only browser users but also Web Masters and Network Administrators in the actual transmission of data via the Internet. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Internet. When it was formed, security wasn't the most important feature of its design. Both network and Internet transmissions should therefore not be thought of as as essentially private. Each time the browser on a local computer downloads a private file from the remote Web server, or the browser user fills in a form with personal information and clicks the 'Submit' button, the transmitted information could be intercepted without authorisation.

To find out more about 'website security auditing', visit website-security.biz.