Website security testing checklist
This 'website security testing checklist' article is supplied by Web Site Security, where you can find more information about website security testing checklist.
An Evaluation of Web Site Security Concerns
Alas, there are lots of ways in which website security can be jeopardised. For example, security dangers exist that may affect Web servers and LANs (local area networks) where Web sites reside, even by the natural use of a Web browser.
Web Masters come under fire when handling the gravest threats. As soon as a Web server is set up at a site, a window materializes in the local area network through which anyone who is using the Internet can peep. Of course, most website visitors see only what they are supposed to see, but a small number make an effort to discover elements of the site that are not meant to be detectable by the public. Fraudulent visitors intend to do other than simply look; they attempt to unfasten the window and steal through. The harm intruders can cause might be mere vandalism, like substituting the website's home page with one of their own that could say or display absolutely anything at all, or else it could be theft, such as gaining possession of a customers or sales list.
It is hard to elude the probability that complicated computer software has bugs. No matter how methodically it is tested, you can find typically a particular order of events or user actions, even though it might transpire on the odd occasion, that will cause a failure. Software bugs create gaps in system security. A Web server is intricate software which can quite possibly contain a security weakness.
It is not only the intricacy of a Web server which can cause a glitch, but also its open architecture. Think about a CGI script as a case in point. A CGI script can be executed at the server in reply to a remote request from a client. It might be a request from a program or even the click of a button in a browser. If the CGI script contains a bug, there's a danger of a security violation.
Network Administrators also have to confront problems from Web servers due to the risk they pose to the security of the local area network. Though there ought to be no unauthorised incursions, right of entry has to be given to web site visitors. This means that access to the network has to be regulated. The Administrator therefore needs to perform a delicate balancing act. Even the most robust firewall may be undermined if the Web server is configured poorly. Concomitant with this constraint, normal use of the web site may be unattainable if the firewall is configured poorly. Reaching a model resolution is yet more complicated if an intranet is a constituent of the system. Typically, the Web server in that case needs to be configured to distinguish and validate domains and user groups, which are apt to have varying permission levels and access rights.
Tip: For help regarding a particular side of website security, such as "website security testing checklist", search for the complete expression on the Internet.
Almost anyone using a browser to surf the Net think that they're doing so in secret and safely. It is not the case. Web browsers may execute autonomous software programs on the local computer that are located on a website. Modern browsers display a caution and request consent to execute such programs. Known generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, could easily inject a virus or other hazardous software on the browser user's PC. When it's in the system it can wreak all kinds of damage and can be exceedingly difficult to eliminate.
This is also a concern for Network Administrators. Web browsers present a way for potentially malicious software to permeate through the local area network's firewall. After it is in the system, the harm it is able to inflict can go from stealthily gaining possession of confidential information to wanton demolition.
Aside from the problems surrounding active content, merely browsing the Internet leaves a trail of the user's activities in the browser's history. This might be utilized by websites and installed software to establish a precise report of the user's behavior and interests. While this might be considered an invasion of privacy by some, it can be constructive by displaying germane subject matter directly, so exonerating the user of the task of searching for it.
Secrecy is an issue that concerns not just browser users but also Web Masters and Network Administrators during the actual transmission of information via the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Net. When it was created, security wasn't the most important aspect of its blueprint. Both network and Internet transmissions should therefore not be considered as necessarily confidential. Each time the browser on a local computer downloads a private document from the remote Web server, or the browser user completes a form with personal data and clicks the 'Submit' button, the transmitted information could be intercepted without authorisation.
To find out more about 'website security testing checklist', visit website-security.biz.