Essays /

Web Security Essay

Essay preview

What is a secure site?

Traditionally when you hear someone say 'Our website is Secure' they imply that their website uses SSL (Secure Sockets Layer) and that the traffic is encrypted (The little lock in your browser usually appears) unfortunately Encryption doesn't make a website secure. Sure encryption makes sure that nobody can sniff your session (see what you're doing), but if the site you're submitting personal data to contains a Vulnerability an attacker can still steal your data. Some sites contain logo's saying 'Secured by XXX' (XXX being a vendor name) but you can't trust these one bit. Rather then paying for a security monitoring service a website owner could easily just copy the image and save a few thousands dollars doing it. Unfortunately not everyone knows how to secure a website and some blind trust is needed in order to perform some everyday tasks. To ease your mind there are some rules that certain types of sites must follow in order to remain active.


Web Security Guard is an application developed by Crawler that prevents the user from entering potentially dangerous Web sites that may cause adware, viruses, spyware, or spam.Web Security Guard informs of potentially dangerous websites by displaying information and user reviews before entering websites.It uses a database of web site ratings and reviews provided by the users. Crawler Toolbar comes with Web Security Guard keeping it up to date and providing combined search results from major Internet search engines.

When a computer connects to a network and begins communicating with others, it is taking a risk. Internet security involves the protection of a computer's internet account and files from intrusion of an unknown user.[1] Basic security measures involve protection by well selectedpasswords, change of file permissions and back up of computer's data. Security concerns are in some ways peripheral to normal business working, but serve to highlight just how important it is that business users feel confident when using IT systems. Security will probably always be high on the IT agenda simply because cyber criminals know that a successful attack is very profitable. This means they will always strive to find new ways to circumvent IT security, and users will consequently need to be continually vigilant. Whenever decisions need to be made about how to enhance a system, security will need to be held uppermost among its requirements. Internet security professionals should be fluent in the four major aspects:  Penetration testing

 Intrusion Detection
 Incidence Response
 Legal / Audit Compliance

Some apparently useful programs also contain features with hidden malicious intent. Such programs are known as Malware, Viruses, Trojans,Worms, Spyware and Bots.  Malware is the most general name for any malicious software designed for example to infiltrate, spy on or damage a computer or other programmable device or system of sufficient complexity, such as a home or office computer system, network, mobile phone, PDA, automated device or robot.  Viruses are programs which are able to replicate their structure or effect by integrating themselves or references to themselves, etc into existing files or structures on a penetrated computer. They usually also have a malicious or humorous payload designed to threaten or modify the actions or data of the host device or system without consent. For example by deleting, corrupting or otherwise hiding information from its owner.  Trojans (Trojan Horses) are programs which may pretend to do one thing, but in reality steal information, alter it or cause other problems on a such as a computer or programmable device / system.  Spyware includes programs that surreptitiously monitor keystrokes, or other activity on a computer system and report that information to others without consent.  Worms are programs which are able to replicate themselves over a (possibly extensive) computer network, and also perform malicious acts that may ultimately affect a whole society / economy.  Bots are programs that take over and use the resources of a computer system over a network without consent, and communicate those results to others who may control the Bots. The above concepts overlap and they can obviously be combined. The terminology is evolving. Antivirus programs and Internet security programs are useful in protecting a computer or programmable device / system from malware. Such programs are used to detect and usually eliminate viruses. Anti-virus software can be purchased or downloaded via the internet. Care should be taken in selecting anti-virus software, as some programs are not as effective as others in finding and eliminating viruses or malware. Also, when downloading anti-virus ...

Read more


/3172/3041842192_5b51468648.jpg. /checkuser.php?authenticated=true /etc/passwordfolder /iconslogo.png, /index.php /pathtest/ /search?q=puppies&start=50. /search?q=puppies, /test.php?ouch=that+hurts 1 2 2009 2wwi 3 4 4.2.0 5 50 6 70 abl absolut abus access account across act action activ activex adapt add address admin advertis advic adwar affect age agenda airlin ajax alert allow almost alreadi also alter alway among ampersand anim anoth anti anti-spywar anti-virus antivirus anyon anyth anyway api appar appear append appli applic aren around arrog articl ask aspect asynchron attack attempt audit authent auto auto-complet autom automat avail awar away b4sk3rv back background bad ban bar basic becom begin beil2bffmda2wwi best better big binari bit blind block book bot bother box brows browser brute buck build bullet bullet-proof busi buy calcul call came cannot capabl card care case caus cautious certain chang charact charset cheap check checklist checkuser.php choic chrome circumv class classifi clean clever click clickjack client code collect combin combo come comment common communic complet complex complianc compromis comput concept concern confid configur connect consent consequ consid constant contact contain content continu control conveni convert cooki cool copi corrupt could couldn cours crack crawler creat credit crimin cross cross-sit cryptic css cyber damag danger data databas date day debug decis default default.aspxor defin delet demo design detail detect develop devic dictionari differ disguis display document document.cookie doesn dog dollar domain done download drop drop-down e e-mail e.g earlier eas easi easili economi effect either elig elimin els elsewher email emb embed enabl encount encrypt end engin enhanc enough entail enter entic entri error especi essenc etc even ever everi everyday everyon everyth evolv exampl excus execut exist expert explain explan exploit explor expos express extend extens facebook fact fallback fast featur feel field fight file find firebug firefox first first-class five fix flaw flex fli fluent focus folder follow font font-embed food forc forgeri form found four friend full fulli fun function funnili general generat get githuband give global go goal good googl great grown grown-up guard guess guy handi hangman happen hardcor harden harder harmless harvest hate hear held help hidden hide high highlight holm home hors host housekeep html humor hurt i.e, idea ident identifi il2bffmd imag implement impli implic import importproperti incid includ increas index.html index.php ineffect infiltr inform initi inject insecur insid inspir instal instanc instead instruct integr intent interact interest interfac internet intrus invas involv issu javascript keep keystrok kind know known languag last latter layer lead leak least least-maintain leav legal let letmein letter lie like list littl live ll3 load locat lock log log-in logo look loop lot love made mail main maintain major make male malici malwar manipul map market masquerad matter may mean measur media memor mention menu menus mess messag might mind minut mobil modifi monitor mortgag move movi much muppet must mysql name navig neck need neglect network never new nice nobodi normal not-much-saf notabl nuisanc number obfusc obvious occupi offic often okay old one onto onward open openid opera opportun option order other otherwis ouch outdat outsid overlap overrid oversight owner page paramet part parti particular password password1 patch path pathtest pay payload pda penetr peopl perfect perform peripher permiss person phish phone php phpsecinfo platform play pleas plus point possibl post potenti power presenc present pretend pretti prevent price prick print privaci privacy-invas probabl problem product profession profit program programm progress proof protect proven provid public puppi purchas quick quit race radar rat rate rather re reach read readabl readi real realiti realli reason recent recommend redirect refer regardless regist relat relay reli remain render replac replic report repositori request requir resid resold resourc respons result review right right-click risk robot rule run sad safe safer said save say screen script search seat section secur see seen select selectedpassword send sensit sent sentenc separ serious serv server server-sid servic session set set-up sh3rl0ckw4t50n share sheet sherlock show shown side signific similar simpli simul site slicker slider sniff snowbal social societi socket softwar solut somehow someon someth sound sourc spam spam.web spammer spi spit spywar ssl start state statist stay steal step still storag store strategi strength string strive structur stuff style submit subset success suffici sure surf surreptiti switch system take taken talk task technolog tell terminolog test test.php text theft thing think third third-parti though thousand threat threaten ticket time today togeth tool toolbar topic total tradit traffic travers tri trick trojan true trust turn tutori twitter two type ultim unchang unfilt unfortun uniform unknown updat upgrad upload uppermost uri us usabl use usedocument.write user usernam usual valid valu variabl vector vendor version via view vigil virus visibl visitor visual voucher vulner walk want warn watch way weakest web websit week well whatev whenev whether whole whose without won wonder word wordpress work world worm wors worst would writabl write writer wrong, xss xxx xyz yahoo yet