Web security is the security of computer-related information. Protecting information from theft or misconduct in computer security or preserving the information available as specified in the security plan.
Types of Security Threats:
- Disclosure of information
An important part of building a more secure application is to understand the dangers it poses.
- Spoofing: Spoofing is the act of illegally gaining access to someone’s system and pretending to be a user. eg. A malicious user uses another user’s login ID and retrieves information from the system without the user’s permission.
- Tampering: Tampering is the act of illegally altering or removing details. Changes in the details change the meaning of the details and hence there is a loss of consistency. eg. A malicious user can access your website and modify the details in its files. This indirectly changes your text. This is usually done with a bug or a virus.
- Repudiation: The risk of repudiation is to make a transaction without any evidence. eg. A malicious user engages in a prohibited bank transaction without leaving any evidence to follow suit.
- Information Disclosure: Information Disclosure means stealing or disclosing private information. Private information is stolen and made public for those in need. eg. Stealing someone else’s passwords and retrieving any file on the server and disclosing the information in it to others.
HTTP and HTTPS
HTTP (Hypertext Transfer Protocol): HTTP is a hypertext transfer protocol, which is responsible for sending hypertext documents over the Internet. HTTP is commonly used when browsing the web. When a hypertext link is clicked, the URL is sent to the browser. The browser knows which server to connect to and which file to request from the URL. This is all done through the HTTP protocol. It is not secure, and this type of conversation between one’s computer and the web server can be detected by anyone.
HTTPS (HyperText Transfer Protocol Secure): HTTPS means communication with HTTP via Secure Socket Layer (SSL) or Transport Layer Security (TLS) transport. HTTPS is a secure HTTP. It is used to prevent unauthorized access when exchanging confidential information with the server. It is used in secure e-commerce transactions, e.g. This includes online banking transactions and other such transactions. It encrypts and decrypts the user’s page request as well as the pages sent from the webserver. It was developed by Netscape Communications Corporation.
SSL (Secure Sockets Layer): SSL provides secure socket layer protection when web servers and browsers are connected. Encryption uses an SSL cryptographic structure that uses two keys to encrypt data. That is the public key and the private key. The public key, everyone knows. Only the recipient of the message knows whether it is a private key or a secret key.
A security plan is a set of rules that governs the protection of important information and distribution. That organization has the basis of information security. Security plans are used to develop basic information, implement information properly, and maintain information after implementation.
Commonly Used Security Measures
- Login ID / Password
- Virtual Keyboard
- Login ID / Password: Login ID is used as a security measure on the web. The login ID is an identity given to each user to log on to the website. It is independent for each user. The system asks the user to provide a login ID. It can be a set of letters, name, email id, and includes *,:, $, etc. It also includes special characters. Passwords are also a common security measure on the web. It is always provided with a username or login ID. A string with any letter and number can be given a password. It identifies a specific person on a computer, a computer program, a computer network, or a similar system. Passwords must be secure, not easily identifiable to others. Remember me checkbox reminds us of the user login ID and password. If I select the Remember me checkbox, the cookie for that sets the website on the browser. A cookie is a small text file that is sent by a website to a web user’s computer. It is used to identify the user when he visits the website again. The user can log in directly to the website again without entering the login ID and password. Normally it provides login data, user preferences, a favorites list, etc. Remember the same things. Cookies usually have a time limit. So this option is only suitable if you are using a private computer.
- Virtual Keyboard: Virtual keyboard is software and/or hardware. This allows the user to type letters. Input devices such as a regular keyboard and a computer mouse can be used to use a virtual keyboard. The basic purpose of a virtual keyboard is to provide an alternative to a regular keyboard. This prevents usernames and passwords from being stolen, especially when users use computers in public places, such as Internet centers. This is because Logger is a keystrokes capture software that can capture keystrokes of login information recorded by a regular keyboard. Such programs may gain access to a person’s computer without their knowledge. Virtual keyboards are used on online banking websites and other websites where the information provided must be secure.
FTC: We receive compensation from the links on this page. Learn more