Information Security CS 526 Topic 9

Slides:



Advertisements
Similar presentations
Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.
Advertisements

CookiesPHPMay-2007 : [‹#›] Maintaining State in PHP Part I - Cookies.
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Parameter Tampering. Attacking the Ecommerce Shopping Cart In the above image we see that a user who wants to purchase a Television visits an online Store.
CC3.12 Lecture 12 Erdal KOSE Based of Prof. Ziegler Lectures.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
Servlets and a little bit of Web Services Russell Beale.
What are cookies? Cookies are text files stored on one’s computer after visiting a website Used for: -Storing information such as a unique visitor ID -Allowing.
Internet Cookies: Changing Internet Use and Privacy Lindsay Maidment & Katherine Hollander November 8, 2006.
20/1/12.  Cookies are a useful way of storing information on the client’s computer  Initially feared, when they first appeared and were considered a.
Amount of daily searches on Google 150 million searches per day from 100 different countries 150 million searches per day from 100 different countries.
CS526Topic 9: Web Security (2)1 Information Security CS 526 Topic 9 Web Security Part 2.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
By: Mr Hashem Alaidaros MKT 445 Lecture 3 Title: Affiliate Marketing.
 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.
INLS 200 today’s line-up online privacy short video discussion questions from you? ethics cases? Ulrich’s Guide to Periodicals.
IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.
INTERNET PRIVACY Marketing companies The cookie leak security hole in the HTML messages The Web Bug Can we trust the privacy.
JavaScript, Fourth Edition
CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Chapter 8 Cookies And Security JavaScript, Third Edition.
COOKIES. INTERNET COOKIES What are they Where are they found What should you do about them.
CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.
Cookies Web Browser and Server use HTTP protocol to communicate and HTTP is a stateless protocol. But for a commercial website it is required to maintain.
STATE MANAGEMENT.  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state.
PHP Programming with MySQL Slide 10-1 CHAPTER 10 Managing State Information.
U.S. Department of Commerce Web Advisory Group Minding Your Own Business The Platform for Privacy Preferences Project.
Web Metrics Terminology & Measurement. Visit A visit is a Web user with a unique address entering a Web site at some page for the first time that day.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Saving State on the WWW. The Issue  Connections on the WWW are stateless  Every time a link is followed is like the first time to the server — it has.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP Headers Client IP Address HTTP User Login FAT URLs Cookies.
ECMM6018 Enterprise Networking for Electronic Commerce Tutorial 7
CS526Topic 12: Web Security (2)1 Information Security CS 526 Topic 9 Web Security Part 2.
ITM © Port,Kazman 1 ITM 352 Cookies. ITM © Port,Kazman 2 Problem… r How do you identify a particular user when they visit your site (or any.
Session Management Tyler Moore CS7403 University of Tulsa Slides adapted in part or whole from Dan Boneh, Stanford CS155 1.
Project 5: Customizing User Content Essentials for Design JavaScript Level Two Michael Brooks.
Cookies and Sessions in PHP. Arguments for the setcookie() Function There are several arguments you can use i.e. setcookie(‘name’, ‘value’, expiration,
Unit-6 Handling Sessions and Cookies. Concept of Session Session values are store in server side not in user’s machine. A session is available as long.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
COOKIES Gloria Soria Network Security COSC 356. What is a Cookie? A cookie is a piece of text that a Web Server can store on a user's hard disk. Cookies.
PHP: Further Skills 02 By Trevor Adams. Topics covered Persistence What is it? Why do we need it? Basic Persistence Hidden form fields Query strings Cookies.
Top Ten Ways to Protect Privacy Online -Abdul M. Look for privacy policies on Web Sites  Web sites can collect a lot of information about your visit.
Images were sourced from the following web sites: Slide 2:commons.wikimedia.org/wiki/File:BorromeanRing...commons.wikimedia.org/wiki/File:BorromeanRing...
Some from Chapter 11.9 – “Web” 4 th edition and SY306 Web and Databases for Cyber Operations Cookies and.
CS 115: COMPUTING FOR THE SOCIO-TECHNO WEB TECHNOLOGIES FOR PRIVATE (AND NOT-SO-PRIVATE) COMMUNICATIONS.
Accessing the Intranet
Managing Windows Security
CSE 154 Lecture 20: Cookies.
Hotspot Shield Protect Your Online Identity
JavaScript, Sixth Edition
World Wide Web policy.
19.10 Using Cookies A cookie is a piece of information that’s stored by a server in a text file on a client’s computer to maintain information about.
Internet and security.
COOKIES.
Latest Updates on BlackHawk Mines Music : Privacy Policy
Cookies and Sessions in PHP
PIXELS! 12/3/2015.
563.10: Bloom Cookies Web Search Personalization without User Tracking
CS 115: COMPUTING FOR The Socio-Techno Web
What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.
Unit 27 Web Server Scripting Extended Diploma in ICT
Cross-Site Request Forgery (CSRF) Attack Lab
HTML5 and Local Storage.
CSc 337 Lecture 27: Cookies.
Business Zone - Clearing your Cache
Exploring DOM-Based Cross Site Attacks
Cross Site Request Forgery (CSRF)
CSc 337 Lecture 25: Cookies.
Presentation transcript:

Information Security CS 526 Topic 9 Web Security Part 2 CS526 Topic 12: Web Security (2)

Readings for This Lecture Optional Reading Bandhakavi et al.: CANDID : Preventing SQL Injection Attacks Using Dynamic Candidate Evaluations Chen et al.: Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow CS526 Topic 12: Web Security (2)

Other Web Threats SQL Injection Side channel leakages See slides by Venkat Side channel leakages See slides from MSR Web browsing privacy: third-party cookies CS526 Topic 12: Web Security (2)

Browser Cookie Management Cookie Same-origin ownership Once a cookie is saved on your computer, only the Web site that created the cookie can read it. Variations Temporary cookies Stored until you quit your browser Persistent cookies Remain until deleted or expire Third-party cookies Originates on or sent to a web site other than the one that provided the current page CS526 Topic 12: Web Security (2)

Third-party cookies Get a page from merchant.com Contains <img src=http://doubleclick.com/advt.gif> Image fetched from DoubleClick.com DoubleClick knows IP address and page you were looking at DoubleClick sends back a suitable advertisement Stores a cookie that identifies "you" at DoubleClick Next time you get page with a doubleclick.com image Your DoubleClick cookie is sent back to DoubleClick DoubleClick could maintain the set of sites you viewed Send back targeted advertising (and a new cookie) Cooperating sites Can pass information to DoubleClick in URL, … CS526 Topic 12: Web Security (2)

Cookie issues Cookies maintain record of your browsing habits Cookie stores information as set of name/value pairs May include any information a web site knows about you Sites track your activity from multiple visits to site Sites can share this information (e.g., DoubleClick) Browser attacks could invade your “privacy” CS526 Topic 12: Web Security (2)

Coming Attractions … Malware defenses CS526 Topic 12: Web Security (2)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.