Security vulnerabilities - why we made web so insecure ?

We made it all wrong and then we started patching up here and there to keep it working and started running web application to make it much easier to invite crackers to get inside and then we patch again to give yet another insecurity…..Yes I am talking about internet, the big WWW. Welcome to another series of security which will make you understand why things are so insecure here.

Why we made internet ?

Web was never designed to be secure, it was built for

sharing information like physics document.
giving information to different war zones to act faster.
to be stateless ( i.e not to remember when you go from one page to another).
no control over the client.

In fact Internet was a project for Department of defense (DoD) to be used during the war.

HTTP( Hyper Text Transfer Protocol ) = UFBP ( Universal Firewall Bypass Protocol )

Those who know what I mean up there must have laughed to who didn’t here is the deal.

Http or hyper text transfer protocol is the set of rule or protocol which defines how data is transfered from one point to another.
UFBP is an acronym which means HTTP is a firewall which can bypass everything or anybody can bypass i.e You made a door so nobody comes in but then you left a hole below which allows everybody to get in and take your stuff.!!

Thats our problem with WEB, we made rules which has holes and then we patched up and then we patched up again. One question always rings my mind with so many years gone Why Web is still so insecure ? It should have grown better and better but thats not the case.

Web is different

Web is not a traditional desktop or laptop , its a different animal its different from traditional software.Why? because its open , accessible to anybody any time any point!

Web was never ment to run applications. We talked about Browser Based Operating system , today we have web based adobe designers, we have storage.Everything is on web why ? One reason you can say is because we want a common access agreed but did you ever thought applications running on web are open target and hence your data is always insecure !! Got my point!!

We want to safeguard information but we want lot of people to access it (Opposite to each other).
We want to run applications on web but again its open to everybody.
We gave access permissions but web never knows its you or somebody else with your information (Genius?)
Secret Question “Whats your pet name?” I know your pet name and next moment I am looking at your Inbox ( Excellent ?)

We started good with an excellent idea of bringing world together but then we forgot our lessons and made it all insecure and then what …the best thing “PATCH”.

Take a break, think back and read again.The article might be little shaky for you but thats the fact. From tomorrow you will be on tour to understand some of the most addressed security issues.Till then take a moment and think.

Two more posts in this series you can read are :

If you enjoyed this post Subscribe to the Free TechSpot Newsletter or Feed It through This Blog Feed .If you dont want to leave a comment but have a query email me using my contact form click Contact

This article is dedicated to one of my friend , blogger and reader Ramanathan

About The Author of this article:
Ashish is one of the co-author of this blog and writes on various interesting softwares, PC tips and more. You can read more of his articles here.

Enjoyed this article? Download our Toolbar ( for Free ) and read us more quickly or Free Subscribe to the Full RSS Feed or Get Post like this in your Inbox Click to get via Email ( You will have to confirm by checking you Inbox)

Readers Play Ground

Add your Comments or Discuss further in our forums
Enjoyed this article? Subscribe to the Full RSS Feed
(No Ratings Yet)

Loading ...
Email This Post to your friends or somebody who can use it
Tags: firewall_bypass, hyper_text_transfer, Security, web_application
Get Post like this in your Inbox Click to get via Email ( You will have to confirm by checking you Inbox)
Read More Stories from Security

10 Comments and Link-Backs to “Security vulnerabilities - why we made web so insecure ?”

Click Me and Jump to Add your Comment :)

6 Comments from Friends and Readers

lyndonmaxewell, March 19, 2007:

I guess when the internet evolved from plain sharing of information to one where the business side comes in, that’s where the security comes into play. Credit card numbers, online money accounts/ payment processors, customers’ information shared within the company, email contents, etc.. I guess you just can’t share those. When the internet has more uses than one, that is where it starts..
Ramanathan, March 19, 2007:

Thanks a ton for dedicating this post to me.

It would take a long time to make web a secure place. Thinkable article.
Gili, March 19, 2007:

There are many reason the web is insecure (i will concentrate on two technical ones):
1. In the past the web relied on client-side scripting, which is by nature insecure
2. Writing “secure” code wasn’t really important until the last 4-5 years. Functionality and Design were kings. Security was seen as a nuisance. See Microsoft as an example - its applications become much secure only in the past 5 years or so.
tokrs, March 19, 2007:

The internet was the world without the limit, although we have tried to close all the gaps, but we could not close all the gaps, still must have the gap that could be penetrated.
That could be carried out by us was minimize the available gap.
Atul, March 19, 2007:

Web is secure if you think it is , world’s biggest companies like microsoft and adobe are also not secure .Because everything is created by man and if one man can create security wall than second can break it also .
Rishi, March 20, 2007:

Nothing is secure. Even Norton who gives securities had a breakdown by hackers.

Anywayz interesting think. Bookmarked it!