Web Security Issues

By: aathishankaran Emailed: 1787 times Printed: 2615 times    

Latest comments
By: rohit kumar - how this program is work
By: Kirti - Hi..thx for the hadoop in
By: Spijker - I have altered the code a
By: ali mohammed - why we use the java in ne
By: ali mohammed - why we use the java in ne
By: mizhelle - when I exported the data
By: raul - no output as well, i'm ge
By: Rajesh - thanx very much...
By: Suindu De - Suppose we are executing

To some, the Internet itself is just one big security vulnerability. However, for most of us, it is a vulnerability that we have to live with. The following subsections describe Web-specific security issues from the point of view of the Webmaster and the user. 

The Webmaster's Perspective 

Running a secure Web server is not an easy task. Security vulnerabilities can, potentially, exist anywhere-in CGI programs, in the server setup, or own the web server itself. These vulnerabilities could lead to embarrassing modifications to Web content, the theft of sensitive information, or the complete shutdown of your Web site. 

To run a secure Web site, the Webmaster must keep abreast of the latest Web vulnerabilities and implement security countermeasures as needed. The World Wide Web Security FAQ, located at http://www.genome.wi.edu/www/faqs/www-security-faq.html can help you get started. It discusses many of the known Web vulnerabilities and offers good advice on how you can protect your Web site. 

Server Software 

Web site security begins with the Web server. Unfortunately, not all Web servers are secure. Security holes have been identified in both commercial and public domain servers. Although these holes have been patched in later versions of the server software, the potential for the introduction of new vulnerabilities cannot be dismissed. 

Publicly available Web servers, such as the Apache server, offer a high level of security and reliability. However, if security is of paramount concern, then you may want to consider a commercial server by a major vendor, such as Netscape. While commercial servers are not immune to security flaws, reputable vendors tend to respond quickly to security holes once they are identified, in order to stay in business. Publicly developed Web servers, such as Apache, also have quick turnarounds for bug fixes-in some cases, even faster than commercial developers. However, there is no one to blame if and when a problem does occur. 

Server Capabilities 

New server products continue to add features, such as server-side JavaScript, server plug-ins, and database connectivity that increase the overall complexity of the server software. While the Webmaster looks at the capabilities of a Web server and visualizes all of the ways in which these capabilities could be used to build a better Website, the penetrator examines each capability in terms of how it could be used to circumvent, defeat, and disable the security of the server as a whole. 

Server-side includes are examples of server features that are also a bonus to the penetrator. A server-slide include is a sequence of commands that is embedded in an HTML document. When a Web server requests the document, the server-scans the document for the embedded commands and executes them. The results of the common execution are used to update the HTML document before it is sent to the browser. One of the commands, exec, allows arbitrary operating system commands to be executed. This capability is very powerful both for you and the penetrator. When server-side in cludes are enabled, a person with minimal Web-publishing capabilities gains the extra privilege of being able to execute operating system commands.

JSP Home | All JSP Tutorials | Latest JSP Tutorials

Sponsored Links

If this tutorial doesn't answer your question, or you have a specific question, just ask an expert here. Post your question to get a direct answer.

Bookmark and Share


Be the first one to add a comment

Your name (required):

Your email(required, will not be shown to the public):

Your sites URL (optional):

Your comments:

More Tutorials by aathishankaran
Web Security Issues
The Web User's Perspective
Server-side plug-Ins
The best way to avoid security vulnerabilities with new server
JavaScript Security
Window Object
Working with Status Bar Messages
Retrieving a Portion of a String
Referencing Windows
Math Object
Frame Object
Document Object
Closing Windows
Built-in Object in Javascript
Textarea Object

More Tutorials in JSP
LifecycleException: service.getName(): "Catalina"; Protocol handler start failed: `java.net.BindException: Permission denied <null>:80
JSP Alert Example
JSP CheckBox Example
Uploading an Image to a Database using JSP
Uploading a file to a server using JSP
A JSP page that gets properties from a bean
The page Directive in JSP
The taglib, tag, include, attribute and the variable Directive in JSP
Declarations in JSP
Scriptlets and Expressions in JSP
Tag Libraries in JSP
The Request Object in JSP
The Response Object in JSP
The Out Object in JSP
The Session Object in JSP

More Latest News
Most Viewed Articles (in JSP )
JSP Example to connect to MS SQL database and retrieve records
What are the different scopes in JSP?
JSP CheckBox Example
JSP Alert Example
Comparison operators in JSP
Sending Email using JSP
Uploading an Image to a Database using JSP
Arithmetic Evaluation Using the Expression Language in JSP
The Advantages of JSP
Disabling Scriptlets in JSP using web.xml
The Request Object in JSP
Writing your first JSP page
Uploading a file to a server using JSP
Deploying an Individual JSP on Tomcat
Automatically Refreshing a JSP
Most Emailed Articles (in JSP)
Calling JSP from a batch file
Simple HTML-Building Utilities
Handling Events
The Tag Life Cycle with Attributes in JSP
JSP Program for display Date
Sessions in JSP
The Advantages of JSP
Using a DataSource from WebLogic in a JSP
The JSP Program running first Time.
JSP pages in servlet
Combining Scriptlets with HTML
Declaring variable in JSP
An Example Using Servlet Initialization and Page Modification Dates
Password Object