CS526Topic 9: Web Security (2)1 Information Security CS 526 Topic 9 Web Security Part 2.

Slides:



Advertisements
Similar presentations
CookiesPHPMay-2007 : [‹#›] Maintaining State in PHP Part I - Cookies.
Advertisements

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Parameter Tampering. Attacking the Ecommerce Shopping Cart In the above image we see that a user who wants to purchase a Television visits an online Store.
CC3.12 Lecture 12 Erdal KOSE Based of Prof. Ziegler Lectures.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
Servlets and a little bit of Web Services Russell Beale.
What are cookies? Cookies are text files stored on one’s computer after visiting a website Used for: -Storing information such as a unique visitor ID -Allowing.
Internet Cookies: Changing Internet Use and Privacy Lindsay Maidment & Katherine Hollander November 8, 2006.
20/1/12.  Cookies are a useful way of storing information on the client’s computer  Initially feared, when they first appeared and were considered a.
XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.
Amount of daily searches on Google 150 million searches per day from 100 different countries 150 million searches per day from 100 different countries.
Chapter 10 Maintaining State Information Using Cookies.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.
INLS 200 today’s line-up online privacy short video discussion questions from you? ethics cases? Ulrich’s Guide to Periodicals.
Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.
IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.
JavaScript, Fourth Edition
Working with Cookies Managing Data in a Web Site Using JavaScript Cookies* *Check and comply with the current legislation regarding handling cookies.
CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Chapter 8 Cookies And Security JavaScript, Third Edition.
COOKIES. INTERNET COOKIES What are they Where are they found What should you do about them.
Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.
CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.
Chapter 6 Server-side Programming: Java Servlets
Cookies Web Browser and Server use HTTP protocol to communicate and HTTP is a stateless protocol. But for a commercial website it is required to maintain.
11 1 Cookies CGI/Perl Programming By Diane Zak Objectives In this chapter, you will: Learn the difference between temporary and persistent cookies.
STATE MANAGEMENT.  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state.
PHP Programming with MySQL Slide 10-1 CHAPTER 10 Managing State Information.
U.S. Department of Commerce Web Advisory Group Minding Your Own Business The Platform for Privacy Preferences Project.
Web Metrics Terminology & Measurement. Visit A visit is a Web user with a unique address entering a Web site at some page for the first time that day.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
The Problem of State. We will look at… Sometimes web development is just plain weird! Internet / World Wide Web Aspects of their operation The role of.
Saving State on the WWW. The Issue  Connections on the WWW are stateless  Every time a link is followed is like the first time to the server — it has.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP Headers Client IP Address HTTP User Login FAT URLs Cookies.
CITA 310 Section 2 HTTP (Selected Topics from Textbook Chapter 6)
ECMM6018 Enterprise Networking for Electronic Commerce Tutorial 7
Persistence Maintaining state using cookies and queries.
11 MANAGING INTERNET EXPLORER CONNECTIONS AND SECURITY Chapter 12.
CS526Topic 12: Web Security (2)1 Information Security CS 526 Topic 9 Web Security Part 2.
Cookies (continue). Extracting Data From Cookies Data retrieved from a cookie is a simple text string. While there is no specific JavaScript function.
Search Engine using Web Mining COMS E Web Enhanced Information Mgmt Prof. Gail Kaiser Presented By: Rupal Shah (UNI: rrs2146)
Digital Communication and Networks. Go to this website 10 minutes looking Pick an article Prepare a 5 slide pp Take into account.
Cookies By: Kendra Alvarez. Concepts of Cookies Cookies are pieces of information generated by a Web server and stored in the user's computer, ready for.
PHP and Sessions. Session – a general definition The GENERAL definition of a session in the “COMPUTER WORLD” is: The interactions (requests and responses)
ONLINE SAFETY AND SECURITY Computer Basics 1.5. INFAMOUS CYBER ATTACKS IN 2014 Sony Pictures: Attackers stole just about everything in the corporate network,
ITM © Port,Kazman 1 ITM 352 Cookies. ITM © Port,Kazman 2 Problem… r How do you identify a particular user when they visit your site (or any.
Project 5: Customizing User Content Essentials for Design JavaScript Level Two Michael Brooks.
Cookies and Sessions in PHP. Arguments for the setcookie() Function There are several arguments you can use i.e. setcookie(‘name’, ‘value’, expiration,
Unit-6 Handling Sessions and Cookies. Concept of Session Session values are store in server side not in user’s machine. A session is available as long.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
COOKIES Gloria Soria Network Security COSC 356. What is a Cookie? A cookie is a piece of text that a Web Server can store on a user's hard disk. Cookies.
PHP: Further Skills 02 By Trevor Adams. Topics covered Persistence What is it? Why do we need it? Basic Persistence Hidden form fields Query strings Cookies.
Top Ten Ways to Protect Privacy Online -Abdul M. Look for privacy policies on Web Sites  Web sites can collect a lot of information about your visit.
Distributed Web Systems Cookies and Session Tracking Lecturer Department University.
Images were sourced from the following web sites: Slide 2:commons.wikimedia.org/wiki/File:BorromeanRing...commons.wikimedia.org/wiki/File:BorromeanRing...
Some from Chapter 11.9 – “Web” 4 th edition and SY306 Web and Databases for Cyber Operations Cookies and.
CSE 154 Lecture 20: Cookies.
19.10 Using Cookies A cookie is a piece of information that’s stored by a server in a text file on a client’s computer to maintain information about.
Internet and security.
COOKIES.
CS 115: COMPUTING FOR The Socio-Techno Web
What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.
Unit 27 Web Server Scripting Extended Diploma in ICT
HTML5 and Local Storage.
CSc 337 Lecture 27: Cookies.
Information Security CS 526 Topic 9
CSc 337 Lecture 25: Cookies.
Presentation transcript:

CS526Topic 9: Web Security (2)1 Information Security CS 526 Topic 9 Web Security Part 2

CS526Topic 9: Web Security (2)2 Readings for This Lecture Optional Reading –Bandhakavi et al.: CANDID : Preventing SQL Injection Attacks Using Dynamic Candidate EvaluationsCANDID : Preventing SQL Injection Attacks Using Dynamic Candidate Evaluations –Chen et al.: Side-Channel Leaks in Web Applications: a Reality Today, a Challenge TomorrowSide-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow

Other Web Threats SQL Injection –See slides by Venkat Side channel leakages –See slides from MSR Web browsing privacy: third-party cookies CS526Topic 9: Web Security (2)3

Browser Cookie Management Cookie Same-origin ownership –Once a cookie is saved on your computer, only the Web site that created the cookie can read it. Variations –Temporary cookies Stored until you quit your browser –Persistent cookies Remain until deleted or expire –Third-party cookies Originates on or sent to a web site other than the one that provided the current page CS526Topic 9: Web Security (2)4

Third-party cookies Get a page from merchant.com –Contains –Image fetched from DoubleClick.com DoubleClick knows IP address and page you were looking at DoubleClick sends back a suitable advertisement –Stores a cookie that identifies "you" at DoubleClick Next time you get page with a doubleclick.com image –Your DoubleClick cookie is sent back to DoubleClick –DoubleClick could maintain the set of sites you viewed –Send back targeted advertising (and a new cookie) Cooperating sites –Can pass information to DoubleClick in URL, … CS526Topic 9: Web Security (2)5

Cookie issues Cookies maintain record of your browsing habits –Cookie stores information as set of name/value pairs –May include any information a web site knows about you –Sites track your activity from multiple visits to site Sites can share this information (e.g., DoubleClick) Browser attacks could invade your “privacy” CS526Topic 9: Web Security (2)6

CS526Topic 9: Web Security (2)7 Coming Attractions … Secure communication & key distribution

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.