What is Web Security? | Purpose of Web security | Web Security Threats and Approaches | How can achieve web security | web security threats

 Web Security Threats & Approaches

What is Web Security?

Web security refers to networks, computer system and data are protected from unauthorized person or group.

Purpose of Web Security

The purpose of web security is to prevent security attack like Passive attack and Active Attack. Web security maintains the smooth operation of any business that uses computers and prevents hackers and malware from manipulating your systems, software, or network.

 

How can achieve Web Security?

Various tools & technologies are available to achieve web security:

Web & Network Firewall: Web Application firewall sets between your website server and the data Connection. The purpose is to read every bit of data that passes through it and to protect your site.

Keep your software & plugins up to date: If your website's s/w or applications are not up-to-date, your site is not secure. Updates are vital to the health and security of your website. Take all software and plugins update request seriously. Also use https and SSL Certificate to secure your website.

Backup your data: Back up your site regularly. You should maintain backups of all your website files in case your site becomes inaccessible or your data is lost.

Keep your website clean: Every database, application or plugins on your website is another possible point of entry for hackers. You should delete any files, databases or applications from your website that are no longer in use.

Strong password policy: It is important to use strong passwords to protect against brute force, password should be complex, containing uppercase and lowercase letters, numbers and special characters. Your password should be at least 10 characters long.

Password cracking tools: Password cracking tools help restore lost password, whether you have forgotten a password of your password has been hacked, a password Cracking tools can help you recover it.

Scan your website for vulnerabilities: It is important to regularly perform web security scans to check for website and server vulnerabilities. web security scans should be performed on a schedule and after any change or addition to your web Components.

Use of Antivirus: Antivirus software helps protect your computer against malwares and other incoming threats. Antivirus software looks at data - like webpage, files, software applications – which are travelling over the network to your device. It searches for known threats and monitors the behaviour of all programs and flagging suspicious behaviour.

 

What are Web Security Threats?

Web security threats are vulnerabilities within website and applications or attacks launched by malicious users. Web security threats are designed to breach security of website or applications. Web security threats involve malicious people and organizations, as well as the tools they use to leverage the internet in an attempt to infiltrate your network or devices. The most common security threats are malware, phishing, denial of services, SQL injection, stolen data.

Modification of Message: Message should not be altered during transmission it is also called as data breach. It means some confidential and sensitive information gets exposed. It is one kind of threat.

Denial of Services: It is known as DDOS (Distributed Denial of Services). It is a web security threat that involves attackers flooding servers with large volumes of internet traffic to disrupt service and take websites offline. The sheer volume of fake traffic results in the target network or server being overwhelmed, which leaves them inaccessible.

Phishing: Phishing attack targeting users through email, text message or social media messaging sites.  Attackers impersonate of real user or website, users can trust that link and click on given link and provide sensitive information like account number, credit/debit card data and login credentials. User Can lost their money, sensitive information etc.....

SQL Injection: SQL stands for structured query language. SQL is used to search and query database. SQL Injection is a website security threats. SQL injection is the placement of malicious code in SQL statement, via webpage input. Using SQL injection hacker can retrieve credential and some sensitive information.

Malware: Malware stands for "Malicious Software”. It is a file or code, typically delivered over a network, that infects, explores, steals or conduct virtually any behaviour an attacker wants. Malware comes in so many variants, there are number of methods to infect computer systems.

 

Classification of Web Security Threats

Web security threats are classify based on security attack: Passive and Active attacks. Another way to classify Web security threats is in terms of the location of the threat:

Web Security Threats

Web Security Approaches

A number of approaches to providing Web security are possible. The various approaches that have been considered are similar in the services and the mechanisms that they are used. But it may be differed with respect to their scope of applicability and their relative location within the TCP/IP protocol stack.

Network Level: One way to provide Web security is to use IP security (IPsec). The advantage of using IPsec is that it is transparent to end users and applications and provides a general-purpose solution. Furthermore, IPsec includes a filtering capability so that only selected traffic need incur the overhead of IPsec processing.

Transport Level: Another relatively general-purpose solution is to implement security just above TCP. The foremost example of this approach is the Secure Sockets Layer (SSL) and the follow-on Internet standard known as Transport Layer Security (TLS). At this level, there are two implementation choices. For full generality, SSL (or TLS) could be provided as part of the underlying protocol suite and therefore be transparent to applications. Alternatively, SSL can be embedded in specific packages. For example, Netscape and Microsoft Explorer browsers come equipped with SSL, and most Web servers have implemented the protocol.

Application Level: Application-specific security services are embedded within the particular application. The advantage of this approach is that the service can be tailored to the specific needs of a given application.

To learn more about Socket Programming Functions, Click here

Watch more videos click here.