Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • Web Security Report

    Загружено:

    Exodius
    77 просмотров6 страниц
    Just a web security report written for cert IV Web Design.

    Авторское право

    © Attribution Non-Commercial (BY-NC)

    Доступные форматы

    PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    Just a web security report written for cert IV Web Design.

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    77 просмотров6 страниц

    Web Security Report

    Загружено:

    Exodius
    Just a web security report written for cert IV Web Design.

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 6

    Web Security

    Report
    Brendan Timmons
    8/6/2008
    Contents
    Why do you need web security? ................................................................................... 2
    What needs to be secured on the web? ........................................................................ 2
    Purpose of web security ................................................................................................ 3
    Confidentiality ........................................................................................................... 3
    Integrity ..................................................................................................................... 3
    Availability ................................................................................................................. 3
    Authentication ........................................................................................................... 3
    Risk management .......................................................................................................... 4
    Defining threats and vulnerabilities .............................................................................. 4
    Accidental .................................................................................................................. 4
    Malicious .................................................................................................................... 4
    Authorization ............................................................................................................. 4
    Bibliography ................................................................................................................... 5

    Brendan Timmons ID: 0313472 1|Page


    Why do you need web security?

    Web security is vital for anyone who intends to use the internet, for the typical user
    the risk is not that great, but for a webmaster the risk is substantially more. If you
    don’t have any web security you are just opening yourself up to some nasty people
    lurking out there on the internet who get up to all kinds of mischief. These people
    are generally known as ‘hackers’, these people look for holes or vulnerabilities in
    security systems in order to exploit the website or user in order to gain access to
    information, this is called a breach of web security.

    Web Security breaches come in many shapes and forms, but there are three main
    areas hackers can gain access to personal data:

     Web Server vulnerabilities or problems.


     Browser-side vulnerabilities.
     Network eavesdropping.

    What needs to be secured on the web?

    Ensuring that all confidential information such as client details, transaction records,
    stock lists, and server details are secure will hopefully deter any hackers from
    accessing the information that could be damaging to your business or clients.

    Brendan Timmons ID: 0313472 2|Page


    Purpose of web security
    The main purpose of web security is to safeguard confidential data from hackers who
    look for vulnerabilities or loop holes in systems to take the information for their own
    personal gains.

    Confidentiality
    Web security ensures confidentiality for personal information web users send over
    the internet to web sites such as bank details to e-banking sites or transaction
    records from an e-commerce website. Without taking security precautions this
    information could fall into the wrong hands.

    Integrity
    Having web security can also protect data and maintain integrity in the case of
    hardware failure or malicious threats from hackers or viruses that could potentially
    corrupt data. Data integrity ensures that the data will always be there in the event of
    a disaster. One way of ensuring data integrity is to have backups, both onsite and
    offsite.

    Availability
    Availability goes hand in hand with data integrity in the sense that if you have a data
    integrity plan, you also must make sure that the data is always accessible no matter
    what.

    Authentication
    Using a secure authentication process can aid in assuring confidentiality of users or
    clients, by using user ID’s and forcing complex passwords are just some of the ways
    to keep the users account details from falling into the wrong hands.

    Brendan Timmons ID: 0313472 3|Page


    Risk management

    Taking steps in risk management is a large part in Web Security by prioritizing the
    risks posed on certain information and making it your first goal to secure information
    with a high risk rating.

    Determining a risk factor for a piece of information can be broken down into four
    parts by considering the:

     Tangible value of the information


     Perceived value of the information
     Cost of securing the information
     Cost of a security breach

    By doing so, you can focus your efforts on securing information with a high risk factor
    to safeguard it from potential threats.

    Defining threats and vulnerabilities

    The internet is a large place and there are a lot of threats out there and plenty of
    vulnerabilities within software that can be exploited. There are three broad
    categories of threats.

    Accidental
    An accidental threat is generally when a user unintentionally opens themselves up to
    a threat by, among other things, accidentally disclosing information, or using simple
    passwords that are easy to crack. A lack of understanding in web security is most
    likely to blame for cases such as these.

    Malicious
    Threats that are malicious are intended to cause harm to their target which can be a
    number of things such as users, systems, and networks. Malicious threats generally
    take the form of a virus. These kinds of threats can be particularly damaging to an
    organization or business, destroying critical data such as transaction records or client
    data.

    Authorization
    An authorization threat is when a hacker poses as an authorized user in order to gain
    access to confidential information. This is generally achieved by cracking a user’s
    password that has access to the network or website in question.

    Brendan Timmons ID: 0313472 4|Page


    Bibliography
    Lincoln D. Stein, J. N. (2002, February 4). The World Wide Web Security FAQ.
    Retrieved August 8, 2008, from The World Wide Web Consortium (W3C):
    http://www.w3.org/Security/faq/

    Shweta Bhasin, S. B. (2002). Web Security Basics. Thomson Course Technology.

    Brendan Timmons ID: 0313472 5|Page

    Вам также может понравиться