Chapter 1. The Web Security Landscape
In this chapter, we’ll look at the basics of web security. We’ll discuss the risks of running a web server on the Internet and give you a framework for understanding how to defend against those risks. We’ll also look at the hype surrounding web security, analyze what companies (probably) mean when they use the phrase “secure web server,” and discuss overall strategies for reducing the risks of operating a site and publishing information on the World Wide Web.
Web Security in a Nutshell
In the book Practical UNIX & Internet Security, we gave a simple definition of computer security: A computer is secure if you can depend on it and its software to behave as you expect.
Using this definition, web security is a set of procedures, practices, and technologies for protecting web servers, web users, and their surrounding organizations. Security protects you against unexpected behavior.
Why should web security require special attention apart from the general subject of computer and Internet security? Because the Web is changing many of the assumptions that people have historically made about computer security and publishing:
The Internet is a two-way network. As the Internet makes it possible for web servers to publish information to millions of users, it also makes it possible for computer hackers, crackers, criminals, vandals, and other “bad guys” to break into the very computers on which the web servers are running. Those risks don’t exist in most other ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access