Computer & Network Security

Slides:



Advertisements
Similar presentations
1 Copyright © 2002 Pearson Education, Inc.. 2 Chapter 1 Introduction to Perl and CGI.
Advertisements

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.
Introduction to JavaScript
Kyung Hee University 1 1 Application Layer. 2 Kyung Hee University Position of Application Layer.
1 Chapter 12 Working With Access 2000 on the Internet.
Creating Web Page Forms. Objectives Describe how Web forms can interact with a server-based program Insert a form into a Web page Create and format a.
INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.
Introduction to Web Database Processing
INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.
Introduction to Web Interface Technology (CSE2030)
Active Server Pages Chapter 1. Introduction Understand how browsers and servers interacted when the Web was young Understand what early Internet and intranet.
1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.
Introduction to Web Interface Technology (CSE2030)
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Creating Web Page Forms
Chapter 6: Hostile Code Guide to Computer Network Security.
Server Side Scripting Norman White. Where do we do processing? Client side – Javascript (embed code in html) – Java applets (send java program to run.
INTRODUCTION TO WEB DATABASE PROGRAMMING
1 CS 3870/CS 5870 Static and Dynamic Web Pages ASP.NET and IIS.
FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)
XP Tutorial 6New Perspectives on HTML and XHTML, Comprehensive 1 Creating Web Page Forms Designing a Product Registration Form Tutorial 6.
1 Creating Web Forms in HTML Web forms collect information from customers Web forms include different control elements including: –Input boxes –Selection.
1 CS 3870/CS 5870 Static and Dynamic Web Pages ASP.NET and IIS.
Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.
Chapter 16 The World Wide Web Chapter Goals Compare and contrast the Internet and the World Wide Web Describe general Web processing Describe several.
16-1 The World Wide Web The Web An infrastructure of distributed information combined with software that uses networks as a vehicle to exchange that information.
CPS120: Introduction to Computer Science The World Wide Web Nell Dale John Lewis.
Chapter 17 - Deploying Java Applications on the Web1 Chapter 17 Deploying Java Applications on the Web.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 23 How Web Host Servers Work.
1 In the good old days... Years ago… the WWW was made up of (mostly) static documents. –Each URL corresponded to a single file stored on some hard disk.
HTML. Principle of Programming  Interface with PC 2 English Japanese Chinese Machine Code Compiler / Interpreter C++ Perl Assembler Machine Code.
Web Pages with Features. Features on Web Pages Interactive Pages –Shows current date, get server’s IP, interactive quizzes Processing Forms –Serach a.
1 Welcome to CSC 301 Web Programming Charles Frank.
1 © Netskills Quality Internet Training, University of Newcastle HTML Forms © Netskills, Quality Internet Training, University of Newcastle Netskills is.
7 Chapter Seven Client-side Scripts. 7 Chapter Objectives Create HTML forms Learn about client-side scripting languages Create a client-side script using.
1 MSCS 237 Overview of web technologies (A specific type of distributed systems)
1 HTML Forms
ASP (Active Server Pages) by Bülent & Resul. Presentation Outline Introduction What is an ASP file? How does ASP work? What can ASP do? Differences Between.
1 WWW. 2 World Wide Web Major application protocol used on the Internet Simple interface Two concepts –Point –Click.
ECMM6018 Enterprise Networking for Electronic Commerce Tutorial 7
Scripting Languages Client Side and Server Side. Examples of client side/server side Examples of client-side side include: JavaScript Jquery (uses a JavaScript.
Form Processing Week Four. Form Processing Concepts The principal tool used to process Web forms stored on UNIX servers is a CGI (Common Gateway Interface)
ASP. ASP is a powerful tool for making dynamic and interactive Web pages An ASP file can contain text, HTML tags and scripts. Scripts in an ASP file are.
 Web pages originally static  Page is delivered exactly as stored on server  Same information displayed for all users, from all contexts  Dynamic.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 22 World Wide Web and HTTP.
Teaching slides Chapter 6. Chapter 6 Software user interface design & construction Contents Introduction Graphical user interface – Rich window based.
2440: 141 Web Site Administration Web Forms Instructor: Joseph Nattey.
1 Chapter 1 INTRODUCTION TO WEB. 2 Objectives In this chapter, you will: Become familiar with the architecture of the World Wide Web Learn about communication.
CX Introduction to Web Programming
Web Programming Language
Distributed Control and Measurement via the Internet
Tonga Institute of Higher Education IT 141: Information Systems
Objective % Select and utilize tools to design and develop websites.
Instructor Materials Chapter 5 Providing Network Services
Section 6.3 Server-side Scripting
WWW and HTTP King Fahd University of Petroleum & Minerals
World Wide Web policy.
CS 371 Web Application Programming
Introduction to Programming the WWW I
Objective % Select and utilize tools to design and develop websites.
PHP / MySQL Introduction
Tutorial (4): HTTP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Chapter 27 WWW and HTTP.
Tonga Institute of Higher Education IT 141: Information Systems
JavaScript.
Tonga Institute of Higher Education IT 141: Information Systems
Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems
Introduction to JavaScript
Web Application Development Using PHP
Presentation transcript:

Computer & Network Security Hostile Scripts (Zararlı Kod Parçaları) Dr.Yuksel Celik

Hostile Scripts (Zararlı Kod Parçacıkları) Computer & Network Security Definition Scripting technology is making the Web interactive and automated as Web servers accept inputs from users and respond to user inputs. While scripting is making the Internet and in particular the Web alive and productive, it also introduces a huge security problem to an already security-burdened cyberspace. Hostile scripts embedded in Web pages, as well as HTML-formatted e-mail, attachments, and applets introduce a new security paradigm in cyberspace security. In particular, security problems are introduced in two areas: at the server and at the client.

Hostile Scripts (Zararlı Kod Parçacıkları) Computer & Network Security Common Gateway Interface (CGI) The Common Gateway Interface, or CGI, is a standard to specify a data format that servers, browsers, and programs must use in order to exchange information. CGI scripts written in scripting languages are not compiled like those in nonscripting languages. Instead, they are text code which is interpreted by the interpreter on the information server or in the browser and run right away. Many of these languages include script languages such as Perl, JavaScript, TCL, PHP, ASP,Asp.Net, JSP, AppleScript, Unix shell, and VBScript and nonscript languages such as C/C++, Fortran, and Visual Basic.

Hostile Scripts (Zararlı Kod Parçacıkları) Computer & Network Security CGI Scripts in a Three-Way Handshake When computers are communicating, they follow these etiquette patterns and protocols, and we call this procedure a handshake. In fact, for computers, it is called a three-way handshake. A three-way handshake starts with the client sending a packet, called a SYN (short for synchronization), which contains both the client and server addresses together with some initial information for introductions.

Hostile Scripts (Zararlı Kod Parçacıkları) Computer & Network Security CGI Script Security Issues To an information server, the CGI script is like an open window to a private house where passersby can enter the house to request services. It is an open gateway that allows anyone anywhere to run an executable program on your server and even send their own programs to run on your server. An open window like this on a server is not the safest thing to have, and security issues are involved. CGI scripts present security problems to cyberspace in several ways including and following security threats that can happen to a broken script; Giving an attacker access to the system’s password file for decryption Mailing a map of the system which gives the attacker more time offline to analyze the system’s vulnerabilities Starting a login server on a high port and telneting in Beginning a distributed denial-of-service attack against the server Erasing or altering the server’s log fi les Malicious code provided by one client for another client Many different scripting tags that can be embedded in this way include <SCRIPT>, <OBJECT>,<APPLET>, and <EMBED>.

Hostile Scripts (Zararlı Kod Parçacıkları) Computer & Network Security Server-Side Script Security Issues A server-side script, whether compiled or interpreted, and its interpreter are included in a Web server as a module or executed as a separate CGI binary. It can access files, execute commands, and open network connections on the server. These capabilities make server-side scripts a security threat because they make anything run on the Web server unsecure by default. PHP, like other server-side scripts, was designed to allow user-level access to the fi le system, but it is entirely possible that a PHP script can allow a user to read system fi les such as /etc/passwd which gives the user access to all passwords and the ability to modify network connections and change device entries in /dev/ or COM1, con figuration files /etc/ files, and .ini files.

Hostile Scripts (Zararlı Kod Parçacıkları) Computer & Network Security Security Issues in JavaScript and VBScript (Client Side Script) Recall that using all client-side scripts like JavaScript and VBScript that execute in the browser can compromise the security of the user system. These scripts create hidden frames on Web sites so that as a user navigates a Web site, the scripts running in the browser can store information from the user for short-time use, just like a cookie. The hidden frame is an area of the Web page that is invisible to the user but remains in place for the script to use. Data stored in these hidden frames can be used by multiple Web pages during the user session or later. Also, when a user visits a Web site, the user may not be aware that there are scripts executing at the Web site.

Hostile Scripts (Zararlı Kod Parçacıkları) Computer & Network Security Security Issues in JavaScript and VBScript (Client Side Script) Hackers can use these loopholes to threaten the security of the user system. There are several ways of dealing with these problems including • Limit browser functions and operations of the browser scripts so that the script, for example, cannot write on or read from the user’s disk. • Make it difficult for others to read the scripts. • Put the script in an external file and reference the file only from the document that uses it.

Hostile Scripts (Zararlı Kod Parçacıkları) Computer & Network Security Thanks

Hostile Scripts (Zararlı Kod Parçacıkları) Computer & Network Security References: Kizza, Joseph Migga, Guide to Computer Network Security, Springer,2014

Hostile Scripts (Zararlı Kod Parçacıkları) Computer & Network Security Definition System

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.