Whether a website is secure or not, there are at least three basic elements, one is https encryption, the other is WAF protection, and the third is trusted identity validation, all three are indispensable. That's why the ZT Browser innovatively displays three security-related icons: , not only has the security padlock, but also have the cloud WAF protection icon and the website trusted identity validation level icon. Please refer to the innovation UI Icon Summary of ZT Browser for details.
The browser, as the entrance to the Internet, user don’t know if the surfing website is secure. At present, various websites attacks have become the norm, and the website owner does not know whether its website has encountered attacks, unless it is an attack that the website obviously cannot access. Therefore, in order to enhance the security protection awareness of the website owners and website visitors, and meet the compliance requirements of the Cyber Security Law, ZT Browser exclusively displays the WAF protection icon in the address bar, so that the website visitors have seen the WAF protection of the website and cybersecurity protection compliant at a glance. This is also a technological innovation.
For websites that use the cloud WAF service that don’t pass the Cybersecurity Protection Compliant certification, it will display "Cloud WAF Protection".
"Cybersecurity Protection" is the abbreviation of the Graded Protection of Cybersecurity. It is based on article 21 of "Cyber Security Law"–“The state shall implement the rules for graded protection of cybersecurity. Network operators shall, according to the requirements of the rules for graded protection of cybersecurity, fulfill the following security protection obligations, so as to ensure that the network is free from interference, damage or unauthorized access, and prevent online data from being leaked, stolen or tampered.” and article 31 – “The State implements focus protection for critical information infrastructure on the basis of the graded cybersecurity protection structure in important sectors and areas such as public telecommunications and information services, energy, transportation, irrigation works, finance, public services, e-government, etc., as well as other critical information infrastructure that, whenever it is destroyed, loses its ability to function or encounters data leaks, may gravely harm national security, the national economy, the people's livelihood and the public interest.” All websites must "adopt technical measures such as preventing computer viruses and cyber-attacks, network invasion and other hazardous cyber security behaviors" and "adopt technical measures such as data classification, important data backup and encryption" to ensure the website system security and meet the requirements of cybersecurity protection compliance.
The first element of website security is HTTPS encryption to realize the information transmission from the browser to the server is encrypted to prevent confidential information from leaking in the transmission process, effectively preventing various illegal stealing and illegal tampering. This is the baseline requirement, without HTTPS encryption, all browsers will display "Not secure". HTTPS encryption can meet the cybersecurity protection compliant requirements in three aspects: "communication transmission", "data integrity", and "data confidentiality". HTTPS encryption can also meet the cryptography protection complaint requirements in secure communication to protect data integrity, confidentiality and authenticity of identity using cryptography technology, and meet the requirement in application security and data security to protect data confidentiality and integrity in transmission and storage procedure using cryptography technology.
The second element of website security is WAF protection, which is also indispensable. WAF can effectively prevent various attacks and prevent illegal stealing and illegal tampering after the information reaches the server from browser. HTTPS encryption guarantees confidential information to reach the server security, and after the information arrives at the server, the work that prevent various attacks can only be completed by the Web Application Firewall. Without WAF protection, HTTPS encryption is also meaningful, this point is very important. HTTPS encryption and WAF protection are all duty and one section of each. Cloud WAF protection can meet the cybersecurity protection compliant requirements such as "invasion prevention", "malicious code prevention", and "data integrity (anti-tampering)".
The third element of website security is the website trusted identity validation. A fake bank website may also have HTTPS encryption, and the browser also shows the security padlock. It may also have WAF protection. However, these do not prove that this fake bank website is secure! Therefore, the website trusted identity validation is the third important factor of website security, which is as important as HTTPS encryption and WAF protection! The simplest website trusted identity validation is to deploy the IV SSL certificate, OV SSL certificate and EV SSL certificate that has validated the website identity.
ZoTrus Website Security Cloud Service is a comprehensive website security solution that integrates HTTPS encryption, cloud WAF protection and website trusted identity validation, achieving one-click for 3 website security protections. It is a comprehensive innovative service including Alibaba Cloud WAF service that meets the cybersecurity protection complaint requirement and HTTPS encryption service that meets the cryptography protection compliant requirements. It is also greatly reducing the cost for compliance, the most important, it protect the important data security of the website and ensuring the smooth operation of the business of the website owner. ZoTrus Website Security Cloud Service let all websites to enjoy everyday security and worry-free! If you want to know more about the details of the Website Security Cloud Service, please visit the CEO Blog related articles, and welcome to purchase this innovation service!