Browser Standards and Security

Introduction

When designing a Web site it is important to consider how the users will see the Web page. There are many browsers available that a user could be using to view your Web site. Consideration of the standards between each browser is important. There are so many browsers available on the market that the Web page that has been created could, and, most probably will look different on every browser. Some browsers handle certain scripting languages better than others e.g. Mozilla Firefox has no problems handling animated gifts as rollovers on buttons, whereas Internet Explorer 5 cannot handle them and will not display them correctly or may not display them at all. In section 2 of this report will discuss the standards between browsers, browsers available and how the browsers handle the HTML language in different ways. This section will also show the usage between the most popular browsers and will display the statistics as a pie chart with each chunk representing a different browser. In section 3 of this report, will discuss the security risks from both the client side and server side and will list the top ten vulnerabilities that a Web site must overcome to stay protected. This section will also display the statistics of security risks in a bar chart. Section 4 discusses how the information that is in this report will be used in the main project.

Section 5 is the conclusion of all the information that has been gathered to make this report and how it can be used to create a better compatible and secure Web site.

Browsers
As the internet was created to unite the world into one inter connecting community, the use of so many different browsers that view Web pages in different ways makes it harder for a Web designer to create a Web site and it can stop users seeing a Web page in the same way. When designing a Web site, the designer must test their pages in different browsers to check the outcome of that page. With so many browsers available, it is important to consider which browsers to test for and how many past browser versions need to be catered for within the designs.

As technology has advanced, the situation has improved to that of a few years ago but the problem has not been completely resolved. You can now be confident that at least 99% of users have browsers that support nearly all of HTML 4. However, there are still inconsistencies in the way Cascading Style Sheets are implemented and older browser versions pre-dating the current standards take a long time to fade away entirely. A Web site designer must now also consider the mobile user; phones, PDAs and other handheld media devices that have access to the internet. The browser that these devices use will be a variant of a standard browser but the user will view the pages on a much smaller screen. A mobile browser, also called a micro browser, mini browser or wireless internet browser (WIB) are optimised so as to display Web content most effectively for small screens on portable devices. Mobile browser software must also be small and efficient to accommodate the low memory capacity and low-bandwidth of wireless handheld devices. Typically, they were stripped-down Web browsers but as of 2006 some mobile browsers can handle latest technologies such as CSS 2.1, JavaScript and Ajax. Jennifer Niederst Robbins (2006) says;

“1996 to 1999: The Browser Wars begin.
For years, the Web development world watched as Netscape and Microsoft battled it out for browser market dominance. The result was a collection of proprietary HTML tags and incompatible implementations of new technologies, such as JavaScript, Cascading Style Sheets, and Dynamic HTML. On the positive side, the competition between Netscape and Microsoft also led to the rapid advancement of the medium as a whole.”

The World Wide Web consortium establishes the basic rules on how to translate a HTML document and the official HTML standards.

The HTML standards say that the Table tag should support a Cellspacing attribute to define the space between parts of the table. HTML standards don’t define the default value for that attribute, so unless you explicitly define Cellspacing when building your page, two browsers may use different amounts of white space in your table. HTML standards are usually ahead of what browsers support. Over the past few years Internet Explorer has done a much better job of this than Netscape Navigator, though Opera has done arguably the best job.

If you build a Web page and the user’s browser does not understand part of the language, then they will ignore that part and continue creating the rest of the page. This will cause some browsers not to display the page the way it was designed to be seen.

The best way to minimize these problems is to pay attention to browser compatibility when building your Web page. Avoid using HTML extensions and be careful about using cutting-edge features of the language that may not yet be supported by all the major browsers.

The major difference between two versions of the same browser is their support for newer portions of the HTML language. A new browser is generally better at displaying Web pages than an old one.

Web Application Security
When creating any Web application such as an e-commerce Web site, security must be on the designers mind at all times. A design flaw in the application could cause a hacker to easily access the Web server through cross site scripting on the Web site. The Web server is a common target for hackers as it is a very powerful machine with a large amount of bandwidth and also allows anonymous users to access it. The Web wasn’t designed to be secure, nor was it designed to run applications or for businesses selling over a network. It was designed to be static and for users to gather information. As the Web applications become more powerful with what they are able to do, the security risks become greater for a potential attacker. As code is intermitted with data such as Javascript embedded in HTML, hackers use a malicious piece of code that gets mistaken for part of the Web site code which then gives a hacker more permission than they should be allowed, enabling them to alter securely protected data.