Security in the web relate to protecting your sensitive data (like passwords, credit card numbers, PINs etc) from being accessed or manipulated by the people whom you think are not deemed to do so. Most of the security concerns arise due to the vulnerabilities in the Internet and related technologies. To understand what are the security issues, consider an example of a transaction where you send your username and password to login to a website. Security issues for this transaction are as follows:
Privacy – It should not be possible for a third-party to steal your data while it is being sent to a server.
Integrity – It should not be possible for a third-party to modify your data before reaching the server.
Authentication – Both sides of the communication should be able to identify each other’s identity.
Non-repudiation – Both sides must be able to prove legally that the message was sent and received.
First two issues, privacy and integrity can be supported by using encryption which is way to convert human readable information to non-human readable. There are several algorithms widely available for encryption among which the popular ones are RSA, DES, AES and Triple DES.
There is another dimension which raises various problems regarding the security of the data. It is through malicious programs. Hackers (people with evil intensions) create malicious programs known as viruses, worms, time bombs and others. A virus is a malicious program which is transmitted through attachments of an e-mail or as a part of a software download that when executed on the victim’s computer, attaches itself with the other programs and makes them unusable or deletes data available in the memory or hard disk. A worm, unlike a virus, has the ability of self propagation. Viruses and worms allows an attacker to gain control of the victim’s computer which in turn are used as a part of attacks known as DoS (Denial of Service) attacks.