Web Security

Web security
Web security merupakan bagian dari
Computer/Information security. Pertanyaan
yang muncul dalam computer security
ataupun web security yaitu: “apa yang harus
secure ?”
Electronic Assets
Electronic Assets adalah target dari serangan yang
mengancam keamanan sistem komputer atau
sistem informasi. Electronic Assets merupakan aset
yang paling berarti bagi suatu perusahaan atau
industri yang sehariharinya
bergantung pada
sistem komputer dan jaringan dalam menjalankan
transaksi bisnisnya. 'Electronic Assets adalah
data dan program'

The Difference Between Hackers
and Crackers
A hacker is a person intensely interested in the arcane
and recondite workings of any computer operating
system. Hackers are most often programmers. As such,
hackers obtain advanced knowledge of operating
systems and programming languages. They might
discover holes within systems and the reasons for such
holes. Hackers constantly seek further knowledge,
freely share what they have discovered, and never
intentionally damage data.

The Difference Between Hackers
and Crackers (cont'd)
A cracker is one who breaks into or otherwise
violates the system integrity of remote
machines with malicious intent. Having
gained unauthorized access, crackers
destroy vital data, deny legitimate users
service, or cause problems for their targets.
Crackers can easily be identified because
their actions are malicious.

Risks of Web security
Loss of customer confidence, trust and reputation with
the consequent harm to brand equity and consequent
effects on revenue and profitability;
Possible loss of the ability to accept certain payment
instruments e.g. VISA, Mastercard
Negative impact on revenues and profits arising from
any falsified transactions and from employee downtime;

Risks of Web security (cont'd)
 Website downtime which is in effect the closure of one
of the most important sales channels for an ebusiness;
 The expenditure involved in repairing the damage
done and building contingency plans for securing
compromised websites and web applications;
and,
 Legal battles and related implications from Web
application attacks and lax security measures including
fines and damages to be paid to victims.



Web security Attack
 Passive attack
 Sniffing(capture message)
 Trapper web (web penjebak)
 Active attack
 Denial of Service (DoS)
 Buffer OverFlow
 SQL injection
 Cross Site Scripting
 Session Hijacking
 Directory Traversal attack
 Authentication Attack (Brute Force attack)

http://overflow.web.id/source/Web-Security.pdf