The Web Security Issues Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

The increasing popularity of the internet has created great challenges and opportunities for various business sectors. Internet banking has created such a great impact on the business sectors that many transaction of business sector needs a secure and easy way to carry on their transactions. Many banking services are to be utilized by the business sectors so, the internet banking has to make its deep root in the business sectors. Every small scale, medium scale and large scale industries has to use internet banking for the efficient use of the banking services. This could be more reliable if the banking services are handled through secure connections as the internet is prone to many dangers such as data theft, hackers also try to steal the data and make use of this data to modify and make the data unreliable.

For every internet banking site authorization and authentication are crucial considering on the user end and banking end too. Considering the security from the user end is of great importance. User has to be given assurance that his authorization is of great importance for secured connection with the server. Here an individual access rights in an application is must. Based on the access rights of an individual who is logged into the system he will be given the privileges to access the application. Here the user will be given dynamic authorization which means user is customized and real time authorization service between the user and network for service models important. Protecting the privacy of users is a challenging problem for identity management systems, which can only be achieved if it gives uses complete control over their identity data. Giving Identity to the user is authentication and providing him the access rights is authorization. Unless a user given authenticates himself he will not be entering into the application and he wil be given the privileges for utilizing the services of the application.

Data Access control

The user authenticates himself and the user access rights to post the data and retrieve is important. Every user will be having his own criteria to make such amendments to access the data. As management of privacy and security of such data is very important. Every programmer is gives certain set of access rules that he should imply when making of the web site. Use of appropriate access specifiers which are to be declared public and keeping those class which are to be mentioned in private is also important. Protecting such data and managing access rights of the users so that the user can see only the relevant data that he is allowed other than others data. Advantages of maintaining such data involves flexibility, dynamicity and speed of enforcement. An access control to data is defined based on the objects accessing to the objects are classified as private, protected and public. The goal of the system is to control the way data are accessed by users having different profiles. We propose an extension of classical models based on the authorization rules by assigning authorizations a geo graphical scope. In such a way, the operations users may execute on spatial data may vary depending on their user identity and object position. The data that is stored in the database to implement this we need a centralized database. So that all users can use it to store and retrieve data objects. This process can be handled by following certain steps. The content that is stored can be managed by the data manager along with confidentially constraints next is to check whether data is not leaked it is handled by the Data leak manager and adjusts the confidential constraints if necessary. The Access request manager is responsible for enforcing the confidentiality requirements of the data objects stored at the Content Manager and to imply log requests. Based on this log requests the trust manager handles fault tolerance.

Use of firewall as a security system

A firewall is an essential and neglected component of many network architectures

Firewalls are important as this adds security to our applications. Main objective that is to be implemented in Firewall configuration is security policy y a security administrator. There is a need of rules which are to be followed as the rules may not be declared by the security administrator of any higher level of organization. Firewalls act as bridges where it restricts who can access the site and who may not. In firewall security system the security administrator will be allowed to permit what sort of users can access the data in which manner can they modify the data. Firewalls are most efficient way to add security to the application. In network data is transferred in the form of packets . Attackers can detour the access control of packet filtering system so this has to be avoided. This can be handled by providing the firewall with certain set of policies. Firewalls represent one of the most important network

Security mechanisms. They act as network traffic filters filtering all traffic that enters or leaves the local network. This communication in encrypted form is mainly implemented to prevent forging and tapping in the middle of communication. Network comprise of many routers and bridges there are chances of theft of data in order to secure the data at the time of its transmission protocols in firewall are implemented.

Client side security

Internet is the most growing in the day to day life which resulted in rich, dynamic web applications. This growth has also introduced new underestimated attack vendors. Out of which Cross site scripting is one . These attacks are most exploited security problems in modern Web applications. These attacks result in theft of cookies, passwords and other personal credentials. This is mainly caused by the scripts, which do not sanitize user inputs. This scripts are written to validate a user.

If input to your dynamic Web pages is not validated, you may encounter the following problems:

Data integrity can be compromised.

Cookies can be set and read.

User input can be intercepted.

Malicious scripts can be executed by the client in the context of the trusted source.

The main web applications which are prone to cross site scripting are which has log in pages and which processes credit card information such a type of details very useful to the attackers.

Server side Security

If a user can gain access to information they are not supposed to see then there arises security breach. An attacker can crash a Web server by having an html file execute a simple program. For this many defense tools have been developed such as encryption techniques and firewall technologies. World wide web is an internet application which supports many programming languages, plug ins, etc.. all these have lead to a new set of security problems . Some of the new programming languages have also introduced new security flaws. Web servers allow certain features that ordinary network servers do not allow. Such features are useful to create dynamic web documentations. Under maintenance the developer has to modify the content in the web server and he notifies the related information in the code which provides the unauthorized web users to harm the web server in a number of ways, including the crashing the web server computer.

Most web servers support Server Side Includes(SSI) which can be used to execute CGI(Common Gateway Interface) scripts and echo valuable information to web browsers. By exploiting features of SI, a user can gain valuable information about a web server computer as well as do harm to the server. By this a user can obtain information about the server computer configuration and what processes are currently in running on the server computer and he can kill a process that does not belong to himand he can even crash the server computer. He can do it from the client computer without having access log to server computer

Public key Cryptography

Public key cryptography helps in encrypting and decrypting the messages so that many people can encrypt the messages so that one person can read them and only one person can encrypt the messages and many people can read them. Public key cryptography was discovered in the Spring of 1975 and has followed surprising course. Even though it is limited to a mathematical foundation public key cryptography is revolutionizing communication security by making possible secure communication networks with hundreds of thousands of subscribers.