Website security audits

This 'website security audits' article is supplied by Web Site Security, where you can find more information about website security audits.

Website Security Considerations - An Understanding



An unfortunate fact is that there are numerous ways in which website security can be circumvented. Security risks lurk insidiously that have an effect on Web servers and LANs (local area networks) where Websites reside, even by the customary use of a Web browser.

Web Masters face the flak when handling the critical risks. As soon as a Web server is set up at a site, a porthole is fabricated in the local area network through which anyone who is using the Internet can look. Obviously, on the whole web site visitors look at no more than what they are meant to see, but a small number try to locate elements of the site which are not meant to be discernible by the world. Unscrupulous visitors aim to go further than simply look; they attempt to unfasten the window and steal through it. The damage they can inflict might be sheer vandalism, for example substituting the web site's home page with one of theirs that could say or put on view anything at all, or it might be larceny, like stealing a contacts or sales database.

It's hard to evade the virtual certainty that intricate computer software contains bugs. No matter how comprehensively it's tested, there does exist as a rule some permutation of events or user actions, although it might appear hardly ever, that causes a failure. Computer software bugs create gaps in system security. A Web server is complex software that may very likely include a security crack.

It's not just the complexity of a Web server that can cause a glitch, but also its open architecture. Consider a CGI script as an example. A CGI script may be run at the server in reply to a remote request from a client. This could be a request from a program or even the click of a button in a browser. If the CGI script contains a bug, there will be a risk of a security breach.

Network Administrators also have to face problems from Web servers because of the risk they pose to the security of the local area network. Whereas there must be no unauthorised intrusions, right of entry has to be given to web site visitors. This means that access to the network has to be controlled. The Administrator therefore must perform a delicate balancing act. Even the most robust firewall can be breached if the Web server is configured badly. By the same token, normal use of the web site may be impossible if the firewall is configured badly. Reaching a perfect solution is yet more tricky if an intranet is an element of the system. Usually, the Web server then must be configured to recognise and validate domains and user groups, which are apt to have varying permission levels and access rights.

Hint: For advice about a certain facet of web site security, like "website security audits", look for the full expression on the Web.

Most of the people using a browser to surf the Net think that they're doing it anonymously and in safety. It is not correct. Web browsers are able to process autonomous software on the local machine that are resident on a web site. Current browsers show a warning and ask permission to run those programs. Described generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily leave a virus or other dangerous software on the browser user's PC. As soon as it's in the system it can cause all kinds of havoc and may be exceedingly stubborn to eradicate.

This is also a concern for Network Administrators. Web browsers make available a means for possibly malicious software to filter all the way through the local area network's firewall. After it is in the system, the harm it may inflict can go from stealthily appropriating confidential data to meaningless spoliation.

Apart from the matters to do with active content, simply surfing the Web records a trail of the user's activities in the browser's history. This can be used by websites and installed programs to create an exact profile of the user's behaviour and interests. Though this may be unacceptable as an invasion of privacy by some people, it can be positively effective by displaying appropriate subject matter instantly, thus unburdening the user of the chore of searching for it.

Confidentiality is a problem which worries not just browser users but also Web Masters and Network Administrators in the actual transmission of information via the Internet. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Net. When it was formed, security was not the most influential factor of its design. Both network and Internet transmissions should therefore not be considered as automatically private. When the browser on a local machine downloads a private file from the remote Web server, or the browser user fills in a form with private data and clicks the 'Submit' button, the transmitted data can be intercepted without authorisation.

To find out more about 'website security audits', visit website-security.biz.