Web Security Setting And Implementation Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Web surfing have become a most important aspect in the real world, we need web service for our day to day activities. The services include normal surfing application like web search, mail check, education to more complex applications like E-commerce. The security of the website is considered as most important one as sensitive and confidential information are in progress. There are vulnerabilities that may give opportunity to the hackers to intrude into their web session. The vulnerabilities include implying Zombie cookies, tracking devices, conflicting authenticated protocols, eavesdropping the communication, Script writing and spoofing. This paper deals with how cookies can be used to trace the web history and in what ways these vulnerabilities can be identified and eliminated.


Cookies is a nothing but an information generated by the webserver to the user's web browser. If X visits a webserver, a cookie is generated with the information of the client and stored in user's web browser. When the client revisits the webpage by the web browser, the generated cookies can be used to update and verify the client. Thus

Cookies provide an easy way for the webserver to verify the information about the client. A cookie is a special kind of packet which is injected and verified by the webserver. HTTP protocol is used to exchange data between the web sessions, as you know HTTP is a stateless protocol which does not keep track of information.

For example, Amazon keeps track of the shopping cart information even when the user is not a registered one. So whenever the user updates his information in the cart the webserver update it in the cookies and store it in the web browser, so when the user restart the browser after a certain time, the information regarding the cart is known to the web server by the cookies stored in web browser. [4] The various types of cookies includes session cookies, HTTP-persistent cookies, tracking cookies, secure cookie, HTTP only cookie and third party cookies.



Risks and policies of Cookies

When the website address is referred in the URL of the web browser, the webpage is retrieved from the webserver to the web browser. If there is any cookies associated with that request then the cookies is sent along with the request. The webserver verifies the cookies with the existing webserver and retrieved the data's and information like User ID that of particular user. If there is no cookie sent along with the request from the web browser to the web server, then the server generate a cookie with the current information .Then the webserver sends that cookie along with the requested page to the client.

Since the cookies contain the important information regarding that of a particular user, it must be secured enough for protection. Although certain cookies are marked with timestamps the hacker can easily get the required information about the client and impersonate as a valid user. [5] If someone takes control over the cookies transmitted between the hosts to the web server, he may be able to get the information about the user. In local machines also if someone gets holds of the cookie, they can change the information on the cookie and can impersonate as legitimate user. This allows the normal user to impersonate as a registered user and violate the policy of the website.

Threats and Concerns

The main thing focused when comes to cookies is its privacy. Since if cookies can be easily forged the integrity and confidentiality is lost. The main threats in cookies are cookie-harvesting threat, end system threat, network threats. When a client system is hacked, the client believes that it is in contact with the web server and the cookies are transmitted to the hacker thinking that it is been passed to the webserver. Thus the hacker is in constant touch with the client thus collecting and seeding all information from the cookies.

Figure -2

When the cookies in the browser is hacked through a local hard disk and then impersonated using the hackers own key, then it is termed as end system threat. Network threats are the one when the cookie is snooped when crossing the network between the host and webserver.

Setting and Implementation

Cookies are the data's and information stored in a web browser created by webserver which is used to change the state of the HTTP protocol to make remember the details of the client. Cookies are normally stored in a webserver with a maximum capacity of 12000 kilobytes with maximum 20 cookies per domain or server. When a connection is requested from the browser to the server, HTTP-REQUEST is been sent. For that browser sends back the HTTP-RESPONSE, which in turn sends the data packet along with the cookie.

Each cookie is stored in SET-COOKIE directory located in the host browser to store and retrieve the cookie from and to the server. Each cookie had some attributes with contains user id which is used to identify the host on the server. Timestamp is normally employed in the cookie which is used to define the lifetime of the cookie. Normally some cookies will remain only for a particular session while some web servers like Google, MSN have persistent or lifelong cookies.

Time stamp allows the cookie to expire automatically does prevent hackers from using it. Although it is time stamped, it can be still used to retrieve the user information until it expires. For the cookies to prevent from forging advanced encryption methods like salting are used.


To keep track of visited websites, cookies are generally used. By implying the Man in the Middle attack, a cookie can easily be hijacked and its information about the host can be easily traced. The integrity and confidentiality of the host can be easily broke when the cookie is handled lightly. Since the cookie contains data's like user id, session information hackers or illegitimate user may forge and mend to their wish. They can impersonate as a legitimate user and may violate the security policy of the webserver. To avoid this five ring policy as proposed on [2] can be used to encrypt the information thus providing a secure transmission of cookies between the webserver and the host.