Website security evaluation

This 'website security evaluation' article is supplied by Web Site Security, where you can find more information about website security evaluation.

Examining Web Site Security Issues



An unfortunate fact is that there are numerous ways in which web site security can be imperilled. Security dangers lurk insidiously that could impinge on Web servers and LANs (local area networks) where Web sites are situated, even by the routine use of a Web browser.

Web Masters are in the front line when handling the critical threats. As soon as a Web server is installed at a site, a window is fabricated in the local area network through which anyone on the Internet can look. Naturally, for the most part website visitors look at no more than what they are meant to see, but a minority make an effort to uncover parts of the site that aren't meant to be discernible by the public. Iniquitous visitors aspire to go further than only look; they endeavor to unfasten the window and slither through it. The damage intruders could cause might be mere vandalism, for example substituting the web site's home page with theirs which could say or put on view anything, or it could be robbery, like stealing a customers or orders list.

It's hard to elude the probability that convoluted computer software includes bugs. No matter how scrupulously it's tested, there is more often than not some pattern of events or user actions, even though it may happen hardly ever, that leads to a fault. Computer software bugs produce holes in system security. A Web server is complex software that may quite probably contain a security fault.

It's not just the intricacy of a Web server that can produce a glitch, but also its open architecture. Think about a CGI script as an example. A CGI script can be executed at the server in reply to a remote call from a client. This could be a request from a program or even the click of a button in a browser. If the CGI script contains a bug, there may be a danger of a security violation.

Network Administrators also have to tackle problems from Web servers on account of the threat they pose to the security of the local area network. Despite the fact that there ought to be no unauthorized intrusions, admission must be given to web site visitors. This means that access to the network should be controlled. The Administrator therefore must perform a delicate balancing act. Even the most sturdy firewall can be undermined if the Web server is configured badly. Concomitant with this constraint, normal use of the website can be unattainable if the firewall is configured badly. Arriving at a perfect solution is yet more tricky if an intranet exists as an element of the system. Normally, the Web server then must be configured to recognise and validate domains and user groups, which are likely to have differing permission levels and access privileges.

Hint: For ideas concerning a specialized aspect of website security, something like "website security evaluation", look for the full expression on the Net.

Almost anyone using a browser to surf the Net believe that they really are doing so namelessly and in safety. It is not correct. Web browsers may execute autonomous software programs on the local machine which are hosted by a website. Current browsers show a caution and ask authorization to run these kinds of programs. Described generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily deposit a virus or other hazardous software on the browser user's computer. As soon as it's in the system it can cause all kinds of catastrophe and can be extremely problematical to delete.

This is also a worry for Network Administrators. Web browsers present a way for potentially malicious software to seep through the local area network's firewall. When it is in the network, the damage it can inflict can stretch from surreptitiously gaining possession of sensitive information to willful destruction.

Aside from the matters regarding active content, simply surfing the Web records a trail of the user's activities in the browser's history. This can be utilized by web sites and installed programs to determine an exact profile of the user's behavior and preferences. While this may be considered an invasion of privacy by some people, it can be advantageous by displaying germane content straight away, thus exonerating the user of the chore of searching for it.

Privacy is a matter that concerns not only browser users but also Web Masters and Network Administrators in the actual transmission of information via the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Internet. When it was created, security was not the principal aspect of its design. Both network and Internet transmissions should therefore not be considered as essentially confidential. When the browser on a local PC downloads a private file from the remote Web server, or the browser user fills in a form with private data and clicks the 'Submit' button, the transmitted information can be intercepted without consent.

To find out more about 'website security evaluation', visit website-security.biz.