Website security risk assessment

This 'website security risk assessment' article is supplied by Web Site Security, where you can find more information about website security risk assessment.

An Assessment of Web Site Security Issues



An unfortunate fact is that there are various ways in which website security can be undermined. Security risks are ever present which might have an effect on Web servers and LANs (local area networks) where Websites reside, even by the typical use of a Web browser.

Web Masters are in the front line when coping with the gravest risks. As soon as a Web server is installed at a site, a porthole appears in the local area network through which anyone using the Internet can peek. Of course, for the most part website visitors see no more than what they're meant to look at, but a few make an effort to find areas of the site that are not intended to be detectable by the general public. Pernicious visitors mean to go further than just look; they attempt to unbolt the window and creep through. The damage they may inflict might be mere vandalism, for instance changing the website's home page with their own that might say or display absolutely anything at all, or it could be burglary, like stealing a contacts or sales list.

It's hard to elude the likelihood that convoluted software includes bugs. No matter how methodically it's tested, there will be frequently some order of events or user actions, though it might be infrequent, that leads to an error. Software bugs give rise to gaps in system security. A Web server is complex software which can quite probably include a security gap.

It's not only the intricacy of a Web server that can cause a problem, but also its open architecture. Consider a CGI script as an example. A CGI script may be executed at the server in answer to a remote request from a client. It might be a request from an application or even the click of a button in a browser. If the CGI script includes a bug, there will be a chance of a security breach.

Network Administrators also have to confront problems from Web servers due to the danger they pose to the security of the local area network. Despite the fact that there must be no unauthorized intrusions, admission has to be granted to web site visitors. This means that access to the network has to be controlled. The Administrator therefore needs to perform a delicate balancing act. Even the most sturdy firewall may be undermined if the Web server is configured badly. By the same token, normal use of the website can be unattainable if the firewall is configured badly. Attaining a model solution is still more complicated if an intranet is part of the system. Normally, the Web server then must be configured to distinguish and verify domains and user groups, which are apt to have varying permission levels and access privileges.

Tip: For information about a certain viewpoint of website security, e.g. "website security risk assessment", search for the complete phrase on the Web.

Almost anyone using a browser to surf the Internet think that they're doing it secretly and safely. This is not so. Web browsers are able to process autonomous programs on the client machine which are resident on a web site. Current browsers show a notice and request permission to run these kinds of programs. Well-known commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, might easily install a virus or other hazardous software on the browser user's PC. After it's in the system it can inflict all kinds of damage and may be very stubborn to get rid of.

This is also a worry for Network Administrators. Web browsers make available a path for possibly malicious software to permeate through the local area network's firewall. After it is in the system, the damage it may cause can stretch from clandestinely appropriating sensitive information to willful demolition.

Besides the concerns in re active content, merely surfing the Web records a trail of the user's activities in the browser's history. This may be used by websites and installed software to ascertain a precise profile of the user's behaviour and preferences. While this may be thought of as an invasion of privacy by some, it can be advantageous by supplying pertinent content right away, so exonerating the user of the chore of looking for it.

Confidentiality is a subject which worries not only browser users but also Web Masters and Network Administrators in the actual transmission of data via the Internet. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Internet. When it was created, security wasn't the principal factor of its design. Both network and Internet transmissions should therefore not be thought of as as essentially private. Every time the browser on a local machine downloads a private document from the remote Web server, or the browser user completes a form with personal information and clicks the 'Submit' button, the transmitted information may be intercepted without consent.

To find out more about 'website security risk assessment', visit website-security.biz.