What are the misunderstandings related to the website security?

[Christina 80]

At present, the hacker attacks have become very serious network problems. Many hackers can even break through SSL encryption and a variety of firewalls, scored an internal Web site to steal information. Hackers can just by virtue of the browser and a few tips, that is, Web sites taking credit card information and other confidential information. With the firewall and patch management has gradually become standardized, all kinds of network facilities should be more complete than ever before. Unfortunately, way Bearing in mind that, hackers have begun to directly in the application level, start with pairs of Web sites. To enhance the security of Web sites, I need to know the misunderstandings related to the website security.

[Jackson2]

Web site uses SSL encryption.SSL encryption alone cannot guarantee security of the site. Web site to enable SSL encryption, indicating that the site to send and receive information through the encrypted SSL, however no guarantee that the information stored in the Web sites for security. Many sites use 128-bit SSL encryption, but I got hacked. In addition, SSL cannot protect the privacy of site visitor’s information. The privacy information directly inside the existing web server, which is not protected by SSL.

[Techno01]

Web site uses a firewall. Have access to the firewall filtering mechanism, but still could not cope with a number of malicious acts. Many online stores, auction sites and BBS are installed a firewall, but it remains fragile. The firewall by setting the "visitor list" can be excluded from malicious access, allowing only well-meaning visitors to come. However, how to identify good access and malicious access is a problem. Once allowed to visit, follow-up of the security issues would not be able to cope with a firewall.

[Trio]

Vulnerability scanner did not find any problems. Vulnerability scanning tool to generate some special access to the request sent to the Web site, access to the site to respond to message analysis. The tool will respond to information with a number of loopholes in comparison if it is found out the suspicious circumstances surrounding the reported security vulnerabilities. At present, the new version of the vulnerability scanning tool is generally found that the site more than 90% of the common security problems, but this tool on the Web site, there are many applications that can do.

[deveritt]

The programmer does create some problems, but some of the problems the programmer's control.

For example, the application's source code may be initially obtained from elsewhere, which the company's internal procedures, beyond the control of developers. Alternatively, companies may get some off-shore developers to make some custom development, integration with the original program; it may also be a problem. Or, some programmers to be used as some free code to make changes, it is also hidden safety problems. Cite an extreme example, there may be two programmers to develop a program project, they have no problem with the code development, security, very good, but together it is possible that security vulnerabilities.

[Techguru01]

Web site of the annual safety assessment is necessary, but the assessment of the situation may be related to the current situation is very different. Web site application as long as there is any change, there could be security risks. Sites like chosen to upgrade the application holidays, Christmas is a typical one season. Sites tend to increase the number of new features, but it ignores the security considerations. If the site does not add new features, which in turn will have an impact on business performance? Web site should be at all stages of program development by professional security personnel.