Website security tests

This 'website security tests' article is supplied by Web Site Security, where you can find more information about website security tests.

Web Site Security Concerns - An Examination



An unfortunate fact is that there are many ways in which web site security can be jeopardised. Security dangers exist which may impinge on Web servers and LANs (local area networks) where Web sites are hosted, even by the regular use of a Web browser.

Web Masters bear the brunt when handling the critical risks. As soon as a Web server is installed at a site, a window is fabricated in the local area network through which anyone using the Internet can look. Naturally, for the most part web site visitors see no more than what they're meant to see, but a minority endeavor to uncover areas of the site which are not designed to be detectable by the rest of the world. Iniquitous visitors mean to do more than only look; they make an attempt to open the window and slither through it. The harm they may inflict might be sheer vandalism, such as replacing the web site's home page with one of theirs that might say or put on view anything, or it could be robbery, like gaining possession of a contacts or orders list.

It is difficult to elude the virtual certainty that complex software includes bugs. Regardless of how systematically it's tested, you can find by and large some pattern of events or user actions, while it may be uncommon, which will cause a fault. Software bugs give rise to breaches in system security. A Web server is involved software which may very possibly include a security crack.

It's not only the complexity of a Web server which can instigate a glitch, but also its open architecture. Consider a CGI script as an illustration. A CGI script may be run at the server in answer to a remote request from a client. It could be a request from a program or even the click of a button in a browser. If the CGI script has a bug, there is a risk of a security violation.

Network Administrators also have to take on problems from Web servers due to the risk they pose to the security of the local area network. While there ought to be no unauthorised intrusions, right of entry must be given to website visitors. This means that access to the network should be controlled. The Administrator therefore must perform a delicate balancing act. Even the most robust firewall may be compromised if the Web server is configured badly. Bearing that in mind, normal use of the website may be impossible if the firewall is configured poorly. Arriving at a model solution is still more tricky if an intranet exists as a constituent of the system. Typically, the Web server in that case has to be configured to identify and validate domains and user groups, which are liable to have differing permission levels and access privileges.

Hint: For information in relation to an individual side of web site security, such as "website security tests", search for the complete phrase on the Internet.

Most of the people using a browser to surf the Web suppose that they're doing it anonymously and in safety. This is not so. Web browsers can execute self-contained software programs on the user's computer which are resident on a web site. Modern browsers show a caution and ask consent to run those programs. Known commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, can easily leave a virus or other hazardous software on the browser user's computer. Once it's in the system it can inflict all kinds of damage and may be extremely tricky to remove.

This is also a worry for Network Administrators. Web browsers present a route for potentially malicious software to seep through the local area network's firewall. After it is in the network, the damage it may inflict can go from covertly appropriating private data to meaningless carnage.

Apart from the issues to do with active content, merely browsing the Net records a trail of the user's activities in the browser's history. This might be utilized by web sites and installed programs to determine a precise profile of the user's behaviour and interests. Though this may be thought of as an invasion of privacy by some, it can be beneficial by providing appropriate subject matter directly, so unburdening the user of the task of searching for it.

Privacy is an issue which worries not only browser users but also Web Masters and Network Administrators for the duration of the actual transmission of data by means of the Internet. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Internet. When it was formed, security wasn't the most influential feature of its design. Both network and Internet transmissions should therefore not be considered as essentially confidential. Whenever the browser on a local machine downloads a confidential document from the remote Web server, or the browser user fills out a form with confidential information and clicks the 'Submit' button, the transmitted data can be intercepted without authorisation.

To find out more about 'website security tests', visit website-security.biz.