In auditing a web server, an IS auditor should be concerned about the risk of individuals gaining
unauthorized access to confidential information through:
common gateway interface (CGI) scripts.
enterprise Java beans (EJBs).
Common gateway interface (CGI) scripts are executable machine independent software programs
on the server that can be called and executed by a web server page. CGI performs specific tasks
such as processing inputs received from clients. The use of CGI scripts needs to be evaluated,
because as they run in the server, a bug in them may allow a user to gain unauthorized access to
the server and from there gain access to the organization’s network. Applets are programs
downloaded from a web server and executed on web browsers on client machines to run any webbased applications. Enterprise java beans (EJBs) and web services have to be deployed by the
web server administrator and are controlled by the application server. Their execution
requiresknowledge of the parameters and expected return values.