Security vulnerabilities – why we made web so insecure ?

We made it all wrong and then we started patching up here and there to keep it working and started running web application to make it much easier to invite crackers to get inside and then we patch again to give yet another insecurity…..Yes I am talking about internet, the big WWW. Welcome to another series of security which will make you understand why things are so insecure here.

Why we made internet ?

Web was never designed to be secure, it was built for

  • sharing information like physics document.
  • giving information to different war zones to act faster.
  • to be stateless ( i.e not to remember when you go from one page to another).
  • no control over the client.

In fact Internet was a project for Department of defense (DoD) to be used during the war.

HTTP( Hyper Text Transfer Protocol ) = UFBP ( Universal Firewall Bypass Protocol )

Those who know what I mean up there must have laughed to who didn’t here is the deal.

  • Http or hyper text transfer protocol is the set of rule or protocol which defines how data is transfered from one point to another.
  • UFBP is an acronym which means HTTP is a firewall which can bypass everything or anybody can bypass i.e You made a door so nobody comes in but then you left a hole below which allows everybody to get in and take your stuff.!!

Thats our problem with WEB, we made rules which has holes and then we patched up and then we patched up again. One question always rings my mind with so many years gone Why Web is still so insecure ? It should have grown better and better but thats not the case.

Web is different

Web is not a traditional desktop or laptop , its a different animal its different from traditional software.Why? because its open , accessible to anybody any time any point!

Web was never ment to run applications. We talked about Browser Based Operating system , today we have web based adobe designers, we have storage.Everything is on web why ? One reason you can say is because we want a common access agreed but did you ever thought applications running on web are open target and hence your data is always insecure !! Got my point!!

  • We want to safeguard information but we want lot of people to access it (Opposite to each other).
  • We want to run applications on web but again its open to everybody.
  • We gave access permissions but web never knows its you or somebody else with your information (Genius?)
  • Secret Question “Whats your pet name?” I know your pet name and next moment I am looking at your Inbox ( Excellent ?)

We started good with an excellent idea of bringing world together but then we forgot our lessons and made it all insecure and then what …the best thing “PATCH”.

Take a break, think back and read again.The article might be little shaky for you but thats the fact. From tomorrow you will be on tour to understand some of the most addressed security issues.Till then take a moment and think.

Two more posts in this series you can read are :

  • Network Architecture and Security Vulnerabilities
  • Cross Site Scripting (XSS) Security Vulnerability

About Ashish Mohta

A Professional Tech blogger, Editor and Writer who talks about solving day to day problems of people who use computer. His expertise are in Windows 7, Microsoft Office, Software, Mobile Apps and Video Posts.

6 comments

  1. I guess when the internet evolved from plain sharing of information to one where the business side comes in, that’s where the security comes into play. Credit card numbers, online money accounts/ payment processors, customers’ information shared within the company, email contents, etc.. I guess you just can’t share those. When the internet has more uses than one, that is where it starts..

  2. Thanks a ton for dedicating this post to me. 🙂

    It would take a long time to make web a secure place. Thinkable article.

  3. There are many reason the web is insecure (i will concentrate on two technical ones):
    1. In the past the web relied on client-side scripting, which is by nature insecure
    2. Writing “secure” code wasn’t really important until the last 4-5 years. Functionality and Design were kings. Security was seen as a nuisance. See Microsoft as an example – its applications become much secure only in the past 5 years or so.

  4. The internet was the world without the limit, although we have tried to close all the gaps, but we could not close all the gaps, still must have the gap that could be penetrated.
    That could be carried out by us was minimize the available gap.

  5. Web is secure if you think it is , world’s biggest companies like microsoft and adobe are also not secure .Because everything is created by man and if one man can create security wall than second can break it also .

  6. Nothing is secure. Even Norton who gives securities had a breakdown by hackers.

    Anywayz interesting think. Bookmarked it!

Leave a Reply