In the first half of 2018, information of 50 million users on Facebook has been leaked; then in the second half of the year, Marriott announced that its SPG database was attacked, and up to 500 million guests were at risk of exposing their credit card and identity information worldwide; in March 2019, TikTok also faced a fine of up to $5.7 million because of a violation of the Children's Privacy Regulation Act.
The increasing concern about information security has become a hot topic in various industries around the world. Countries have issues or are preparing to enact the Cyber Security Privacy Protection Act to strengthen the supervision of network security. In 2018, EU members unanimously passed the General Data Privacy Regulation (GDPR), in which owners of websites that disclose private user information may face a penalty of up to 20 million euros of 4% of global annual revenue. Moreover, the United States and China is enacting similar regulations respectively, which are expected to be officially implemented by the end of 2020.
Let's firs understand how the user's information is stolen before answering this question.
After the user enters the login information on the website, if data is not enrypted during the process of transmission from the client to the server, it is easy for the third party to intercept and steal the information.
Let's take common cookie and Session_id login authentication methods as an example, the cookie could be pictured as a warehouse, which stores the informaion of the user login. The Session_id is like the ID number generated for the user. When the user wants to re-enter after closing the webpage, they are allowed to access their own information only when they hold the ID card. However, it is not difficult to find out that if this warehouse does not have various security measures, the security is hard to guarantee. For example, XSS and CSRF attacks are duplicating your ID card to access and steal the information.
If we go back to the above example, the security checking is to comprehensively test the security of the warehouse and to precisely predict the possible attacks as well as offering solutions.
'Security emphasized above, 'Stability' and 'Speed', togeher constitute the '3S' criteria for ranking the quality of the website.
The concept of stability of the website is rather vague. Simply, all results of behaviors are as expected. For example, the page information is fully loaded, the image and text appear in the correct position; the page can be opened normally without a 404 Error; and there is no crash under the specified concurrency (number of simultaneous access).
The intuitive understanding of the website's speed is the speed of the page's response- how long it takes to open a link, including resource loading, data requests, rendering effects, etc. An efficient website saves time, effort and money.
Of course, a perfect websie should not compromise any of these principles. Security, Speed and Stability must be complementary and inseparable.