Malicious Code
Today’s scripting is automated in a similar way that server communication accepts and responds to inputs and outputs.
However, scripting can carry many vulnerabilities, and make networks and systems subject to malicious code from cyberspace.
The majority of malicious code appears through e-mail phishing, attachments and spoofed websites.
The security of an organization will concentrate in two key areas: server and client.
Common Gateway Interface (CGI)
CGI determines how an organization will use servers, browsers, programs and how to exchange information.
A CGI script can be written in any language and used for communication between servers and client systems.
CGI scripts help the communication process by allowing the systems to view dynamic and interactive code, typically HTML, CSS and JavaScript. The languages can be written with programming languages like C or C++, or scripting languages like Java and PHP.
Scripting languages are not compiled like the programming languages. Instead there are interpreted by programs on the server and client machines in order to exchange information. These scripts aim to make the communication process between the two points more efficient.
CGI Scripts and Three-Way Handshake
CGI scripts are attached to the server, sent through a server-side translation and delivered to client systems through an interface.
The Three-Way Handshake goes from server to interpreter and then to client. Or it goes from client to interpreter to server.
Security Issues
Attaching a malicious program to the server or client using a CGI script is a common vulnerability.
Other security concerns include: disruptions during the program development process, man-in-the-middle attacks, DDoS, and hackers gaining remote access to servers and clients.