Browsing anonymously is very simple. You go to one of the free proxy websites, enter target address and you get the desired page without exposing your data to that page. While this is free and you hide your IP address, you still present your data to one server or website. You never know what is this server doing with your data. The best solution would be to have your own proxy. This way you would have total control over what data is stored and how this data is used.
To set up a proxy website is pretty simple. There are many free scripts available on web. Simply search for “proxy script” and you will get a lot of choices. One popular script is Glype. This is a free web-based PHP script. This script downloads web pages and forwards them to your browser. The script is in fact a complete website with only one function: to act as a proxy between your computer and the destination web server where your wanted page is hosted. Most such scripts have plenty of parameters to configure, but default values work well in most situations.
To install a web proxy scrip you need hosting as for any other type of website. The installation is usually very simple. You downland the script, unpack it, configure some data like password for administration or cache time and your files are ready to be uploaded to the web server. Once the script is there it is already operational. Of course, this depends on each script, you should always follow the installation instructions. The Glype script needs no special installation–it is a plug and play application. Once you have a proxy page you can use it to browse anonymously without worrying who will examine your data. Such scripts need little maintenance. You only need to periodically check the log files for anything unusual.
To host a web proxy you don’t need a separate domain name. You can install it into a separate folder on your existing website. You can access it by simply entering you domain and the folder where your script is located. Proxy servers usually provide caching functions. This can significantly increase access speeds for frequently visited websites. You can also block certain IP addresses if you would like to prevent access for some users.
Having your own proxy website is a good idea. When you will need total anonymity you will know where to go. Nobody will check your log files and nobody will intercept the data that you will transfer while browsing.
If you are running a free web proxy and do not use a robots.txt, you may find trouble coming your way from other angry webmasters claiming that you have stolen their web content. If you do not understand this, then at least remember this term “proxy hijacking” well. You see, when a proxy user uses your free web proxy is used to retrieve another website’s contents, those content are being rewritten by the proxy script and appear to be hosted on your proxy website automatically. What used to be on other websites now becomes your content after some proxy users visited those third party websites.
Next, you have search engine bots from Google,Yahoo and MSN etc crawling through your proxy websites content and indexing those automatically created or so called stolen content and associating those content to your proxy website. When the real owners and authors of those content do a search on search engines and find those content being listed on your web proxy (and not on their own websites), they turn angry and start issuing abuse emails to your hosting provider and to the search engines. Your proxy website will end up being removed from the search engine results and that may mean a great loss of web traffic and profits for you.
Some hosting companies will also suspend your hosting accounts although this is not likely for specialized proxy hosting providers that are used to handling such complaints and know that the real cause of the proclaimed abuses. If you are using AdSense or any other advertising networks for monetizing your web proxy, these complainers may even go as far as to try and get your AdSense accounts banned by report that you are a spammer that is using duplicate content.
If you do not know what web proxy scripts you are using but you know you got them free, then most likely you are using either of the three big proxy scripts: CGI Proxy, Phproxy and Glype. For convenience, we provide a sample robots.txt that works with their default installations:
Copy the above source code into a robots.txt and upload it to the root directory for each proxy website. Creating proper robots.txt files for your proxy websites is an often forgotten but essential step for many proxy owners, especially those that own large proxy networks consisting of hundreds of web proxies.
Not only does it help keep information confidential, web security testing is also useful in authentication and authorization issues. With advancements in web technology, better testing tools have been developed to expose a web application’s vulnerabilities. These tools enable you to determine the vulnerable areas on your websites and make the necessary changes to strengthen the application’s resistance to unlawful access.
Your choice of web security testing tools will depend on your system and the needs to be addressed. However, it is essential to choose a tool that is easy to install and with a user-friendly interface. A good testing tool is incomplete with a set of standalone add-ons such as web proxy, and HTTP editors. These add-ons identify live web servers within the network and help in conducting a thorough examination of the system. Primarily, almost half the security issues will be detected by these add-ons.
Web application security testing tools must allow the creation of logs to track the process right form URL submission to packet level details. Via the HTTP protocol it is easy to identify headers sent and received, and locate the error invoking code. Web security testing tools must allow users to manipulate the web application as an authenticated user in order to determine sensitive areas of the application that can be vulnerable. In addition, the user should be able to test the application and adopt different authorization roles.
The right web security testing tool will offer many ways to control what has been scanned, which allows for hassle free testing and saves time as well. A web security tool with password cracking capabilities can make the application secure and tests the strength of the login mechanism. It would be prudent to opt for an evaluation version before actually purchasing one.
All the areas need to be equally addressed in security testing since every client connected online can be a potential threat to the system. It is important to gather as much information as possible in web application security testing. It is necessary to determine how people access your web application and the type of information they have access to. These usually include comments & sensitive information embedded in the html source code, error messages generated at the server, and application error messages. These aspects need to be considered during web application development.