--Originally published at Tech and no-tech
It is normal, knowing the threats that exist in Computer systems and on the Internet, that we could be scared of surfing the web. It is valid to be scared of web sites and to doubt about their security and their countermeasures. Any web site or web page can be a target for people to attack or can have an unintentional threat within it. What are we supposed to do? Do not use the Internet?
As I already wrote, there are always potential vulnerabilities and threats when visiting a web page or site. When? For example, in these cases:
- Loading a new page with dynamic content
- Making a search (product, location, price)
- Filling out a form
- Searching the site’s content
- Using a shopping cart
- Creating an account
- Logging in
Every time there is interaction between the user and the web site, that might involve server or external communication, is a potential threat. And let’s just remember that we trust some pages with very confidential or crucial information about us.
Businesses have, normally, two ways to choose from, to address the security of their site. The first one involves having very professional guys working on the code of the page, which know about security and that can apply patches or updates at once when needed. And having security experts checking their job. It is like a double-check. O yes, and do not forget they will have a tight firewall, antivirus protection and will run IPS/IDS.
The second option is to run a web scanning solution to test existing equipment, applications, and web site code. They will also have a tight firewall, antivirus and run IPS/IDS, but they will also lock their front door. Why? Well, it is easier to fix the actual bugs they have, than just keep building higher walls
Continue reading "Am I secure visiting a web site?"