Briefly explain the web security concerns such as relevant legislations prevention of hacking, viruses, identity theft, firewall, impact of side performance, SSL, https, digital certificates, strong passwords, alternative authentication methods and suggest security improvements for the proposed web application.
When considering about the CBL website, it is built for a specific purpose of getting the customer feedback about their products. So here the site collects lot of information about the people who gave their feedback. So here we have to concern mainly about the security of this site as it holds lot of information about the valuable customers of the company.
Prevention of hacking
Hacking has become a great threat to computer systems as the hackers can get the data inside the system or else they can modify or delete the data, so necessary actions should be taken in order to prevent hacking, following are some methods to prevent from hacking
Make sure do not disclose your User ID and Password to outsiders and use hard to guess passwords with combining numbers, symbols and characters.
Use the Firewall/Anti-Virus software and Spywares to get the protection from the malicious virus and program attacks.
Make strength your database to preventing from the database attacks. Usually the hacker targeting the vulnerable areas in the database to enter to the system.
Use an encryption data transferring in between the websites and the wireless access device will terminate the possibility of hacking.
By not entering to suspecting links in the webpage content will reduce the possibility being hack through the web browser.
Viruses
When considering about viruses enormous amount of viruses can be found now as new viruses are being released everyday. So those viruses can harm the computers systems in different ways, so it is very important to prevent your system from viruses. Following things can be done in order to prevent from virus attacks.
Installing a good antivirus program can solve this issue and maintaining the program up to date I very important as the new viruses are being released day by day.
Backup your programs and data regularly. Recover from backup is the most secure way to restore the files after a virus attack.
Schedule a daily scan to check for viruses.
Do not execute any downloads and attachment unless you are sure what it will do.
Identity Theft
Keep records of your financial data and transactions
Install security software
Use an updated Web browser
Be wary of e-mail attachments and links in both e-mail and instant messages
Store sensitive data securely
Shred documents
Protect your PII
Stay alert to the latest scams
Firewalls
A firewall is a set of related programs, located at a network that protects the resources of a private network from users from other networks. By installing firewalls the risk of hackers can be minimized as it limits the unwanted access to your computer system.
SSL
Secure Socket Layer (SSL) means a protocol used to transfer the important documents. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient
HTTPS
Also known as Secure HTTP. HTTPS also a protocol which is used to send data securely through internet, it is used to transmit individual massages securely. It provides a secure message-oriented communications protocol designed for use in conjunction with HTTP
Digital Certificate
A digital identity document binding a public-private key pair to a specific person or organization. Verifying a digital signature only proves that the signer had the private key corresponding to the public key used to decrypt the signature
Strong Passwords
Using a strong password is very important these days as cyber criminals increasing day by day it is vey easy to crack a password as there are so many tools to do it, unless it is a strong password someone can even guess the common passwords. So when creating a password it should be contain at least 8 characters including letters, number and symbols. Following things can be used in order to secure your password.
Never recycle passwords
Never record a password anywhere
Exceptions include use of encrypted password "vaults"
Use a different password for each system/context
Be aware Trojan horse programs can masquerade as login prompts so always reset the system as appropriate to obtain a trusted login prompt
Check for keyboard buffer devices/software that intercepts keystrokes (including password capture
Alternative authentication methods
This is using different kind o authentication methods instead relying on the same kind of authentication method. It is very important to use alternative authentication methods as the frauds regarding authentication rapidly growing with the new technologies
