Website security database

This 'website security database' article is supplied by Web Site Security, where you can find more information about website security database.

Assessment of Web Site Security Issues



An unfortunate fact is that there are several ways in which website security can be jeopardised. Security hazards exist that affect Web servers and LANs (local area networks) where Websites are hosted, even by the typical use of a Web browser.

Web Masters shoulder the responsibility when dealing with the gravest threats. As soon as a Web server is set up at a site, a window is made in the local area network through which anyone using the Internet can look. Obviously, as a rule website visitors see only what they're meant to look at, but a small number of them endeavor to unearth parts of the site which aren't intended to be perceptible to the rest of the world. Nefarious visitors desire to do other than simply look; they try to undo the window and steal through it. The damage they may inflict might be mere vandalism, such as substituting the web site's home page with their own which might say or put on view absolutely anything, or it might be larceny, such as appropriating a contacts or sales database.

It is difficult to evade the probability that complex software contains bugs. Regardless of how carefully it is tested, there will be by and large a particular order of events or user actions, even if it may be uncommon, that causes a failure. Computer software bugs give rise to flaws in system security. A Web server is complex software that may quite likely include a security hole.

It's not only the intricacy of a Web server that may trigger a problem, but also its open architecture. Think about a CGI script as an illustration. A CGI script may be executed at the server in reply to a remote request from a client. This could be a request from an application or even the click of a button in a browser. If the CGI script includes a bug, there's a danger of a security violation.

Network Administrators also have to tackle problems from Web servers due to the risk they pose to the security of the local area network. Though there ought to be no unauthorised incursions, access has to be granted to web site visitors. This means that access to the network should be controlled. The Administrator therefore needs to perform a delicate balancing act. Even the most robust firewall can be compromised if the Web server is configured badly. Concomitant with this constraint, normal use of the website can be impossible if the firewall is configured badly. Reaching a model answer is yet more difficult if an intranet is a constituent of the system. Usually, the Web server then has to be configured to recognize and verify domains and user groups, which are liable to have differing permission levels and access rights.

Hint: For ideas about a specialized aspect of web site security, like "website security database", look for the full phrase on the Net.

Almost anyone using a browser to surf the Web believe that they are doing so in secret and securely. This is not the case. Web browsers may run autonomous software on the local computer which are resident on a website. Modern browsers display a caution and ask authorisation to run such programs. Identified generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, can easily inject a virus or other dangerous software on the browser user's machine. Once it is in the system it can wreak all kinds of damage and may be very awkward to get rid of.

This is also a worry for Network Administrators. Web browsers make available a way for possibly malicious software to seep all the way through the local area network's firewall. As soon as it is in the system, the damage it can inflict can vary from covertly stealing confidential information to meaningless carnage.

Aside from the problems to do with active content, just surfing the Web records a trail of the user's activities in the browser's history. This could be used by web sites and installed programs to establish an accurate report of the user's behaviour and interests. Though this may be considered an invasion of privacy by some, it can be positively effective by providing relevant content directly, thus exonerating the user of the task of trying to find it.

Secrecy is a subject which worries not only browser users but also Web Masters and Network Administrators for the duration of the actual transmission of information by means of the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Internet. When it was formed, security wasn't the principal feature of its design. Both network and Internet transmissions should therefore not be considered as automatically confidential. When the browser on a local machine downloads a sensitive file from the remote Web server, or the browser user fills in a form with private data and clicks the 'Submit' button, the transmitted information can be intercepted without authorization.

To find out more about 'website security database', visit website-security.biz.