UNIT 28 WEBSITE PRODUCTION

Transcription

1 24 February 2012 Security Issues Lesson 6 UNIT 28 WEBSITE PRODUCTION

2 Assignment 2 P3 explain the security risks and protection mechanisms involved in website performance. Website security is an integral part of website design. explain to prospective customers the security issues which the company considers when designing a web-site. discuss the general security risks which threaten the integrity of data. define the laws and guidelines which various types of web-site must conform to.

3 Objectives Demonstrate web security issues Find solutions to web security issues Identify legal constraints for website design

4 Problems Identify any security issues on advanced websites Online payments Intercepting data Theft of information in transit Changing data Hacking username and passwords Getting information from Cookies Use of insecure OS Authentication access to server Undeleted files Weak encryption codes

5 Solutions Firewalls Encryption and Secure Socket Layer (SSL) Monitoring applications SPAM Prevention: File naming Use strong passwords Website certificates validates organisation

6 SQL injection Inserting SQL commands into username and login textboxes Username Password SELECT * FROM users WHERE username =?USRTEXT ' AND password =?PASSTEXT?

7 SQL injection Inserting SQL commands into username and login textboxes Username OR 1=1 -- Password -- signifies comment closes the username text field SELECT * FROM users WHERE username = '' OR 1=1

8 Google hacks The Google Hack HoneyPot lack of foresight into security... to blame. Code which reveals password Some passwords are held in password text files inurl:passwd.txt inurl:passlist.txt login: * password= * filetype:xls hundreds of similar search engine hacks GHH

9 Cross Site Scripting attacks - XSS Some websites store username and password in Cookies XSS gets username and password from the Cookie

10 Legal Issues in Website design Find several factors that must be considered when designing a website. Research in the internet the legal issues

11 Legal Issues in Website design 1. Copyright and Ownership 2. Data Protection 3. Disabled Access

12 Copyright and Ownership If you did not create it then you need permission to use it!! Without permission its stealing The ownership of text Pictures and graphics logos buttons icons images Music and songs Plays and screen plays digital download data compilation Software Blueprints

13 Copyright myth If you cannot see the copyright symbol is the sample protected by copyright laws?

14 Data Protection & Privacy Why should all websites comply to the Data Protection Act 1998? If you have an online presence and you collect or store information from prospective clients then you must apply for registration under The Data Protection Act 1998.

15 DPA The Data Protection Act requires anyone who handles personal information to comply with a number of important principles. It gives individuals rights over their personal information.

16 Task Find the DPA 8 Principles

17 Task Find the 8 Principles 1. Fairly and lawfully processed 2. Processed for limited purposes 3. Adequate, relevant and not excessive 4. Accurate and up to date 5. Not kept for longer than is necessary 6. Processed in line with your rights 7. Secure 8. Not transferred to other countries without adequate protection

18 Disability access The UK Disability Discrimination Act of 1995 states: If your business has a web site, it should be accessible to the disabled. There are ethical and commercial justifications for this, but there is also a legal reason: you could be sued for discrimination.

19 How can you improve disability access to your website

20 How to improve access? Identify methods to improve disability access: Text is not displayed in images (sight disability) Text alternative (sight disability) Large button (motor disability) Colour contrast Appropriate font Text alternative page

21 Follow W3C Ensure: Level A (priority 1) Web developers MUST satisfy this criterion These guidelines represent the most fundamental accessibility features Level AA (priority 2) Web developers MUST satisfy this criterion complex accessibility features Level AAA (priority 3) Web developers MAY satisfy this criterion These guidelines represent accessibility features that offer the broadest level of accessibility to web pages. d=27&q=new+web+creative+accesibility&ql=

22 What is accessibility? The Act also covers accessibility for Web-enabled televisions Mobile phones PDAs Different screen sizes Browser types Settings Or those who do not have plug-ins such as Flash.