What is Web Security?
Web security is an interesting topic and should be high on the radar of anyone who has a Web presence under their control. Ineffective Web security leads to all of the things that make us hate the Web: spam, viruses, identity theft, to name a few.
The problem with Web security is that, as important as it is, it is also very complex. I am quite sure that some of you reading this are already part of an network of attack computers. Your servers are sending out spam messages without you even knowing it. Your emails and passwords have been harvested. Thus it has been resold to people who think you need either a new watch. Fact is, you are part of the problem and don’t know what you did to cause it.
The reason is that security experts don’t like to talk too much in public about what they do and where the issues lie. Sadly enough, they can also come across as arrogant in their views. This could be the result of people not taking security seriously and not following the most basic advice, such as using passwords that are clever, not “password” or “letmein.” Another reason is those tutorials that show you how to “do something in five minutes”. It conveniently neglect to mention the security implications of their advice. If it sounds too easy to be true, it probably is. A perfect example of this is PHP solutions that use a file for data storage and ask you to make it writable to the world. This is easy to implement, but it means that any spammer can write to this file.