Web Server Security By Michael Huang. Web Server Security - Background Experts gets hacked (AOL, MSN, FBI, CIA, etc…) Loss of Trade Secrets, Company Embarrassment,

Slides:

Advertisements

Similar presentations

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.

Advertisements

Protection from Internet Theft By James Seegars. What Is Hacking? Definition – A)To change or alter(Computer Program) – B) To gain access to (a computer.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.

Cryptography and Network Security Chapter 20 Intruders

Introduction The concept of “SQL Injection”

Vulnerability Analysis Borrowed from the CLICS group.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Database Connectivity Rose-Hulman Institute of Technology Curt Clifton.

Final Project Review Team Tessier Brandon Thorpe Michael Shusta Telin Kim Lucas Root.

Web server security Dr Jim Briggs WEBP security1.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Network Security and Personally Managed Computers Jordan K. Wiens Copyright Jordan K. Wiens 2004.

SQL-Injection attacks Damir Lizdek & Dan Rundlöf Language-based security.

SiteLock Internet Security: Big Threats for Small Business.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Adversaries in Clouds: Protecting Data in Cloud-Based Applications Nick Feamster Georgia Tech.

Project Implementation for COSC 5050 Distributed Database Applications Lab1.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Instant Messaging Security Flaws By: Shadow404 Southern Poly University.

Website Hardening HUIT IT Security | Sep

Lecture 18 HACKING (CONTINUED). WHY DO PEOPLE HACK ?  JUST FOR FUN.  SHOW OF THEIR KNOWLEDGE.  HACK OTHER SYSTEM SECRETLY.  DESTROY ENEMY’S COMPUTER.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

Cyber Patriot Training

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

Demystifying Backdoor Shells and IRC Bots: The Risk … By : Jonathan.

Cyber crime & Security Prepared by : Rughani Zarana.

Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.

SEC835 Practical aspects of security implementation Part 1.

Michael McDonnell GIAC Certified Intrusion Analyst Creative Commons License: You are free to share and remix but you must provide.

1 CHAPTER 2 LAWS OF SECURITY. 2 What Are the Laws of Security Client side security doesn’t work Client side security doesn’t work You can’t exchange encryption.

ColdFusion Security Michael Smith President TeraTech, Inc ColdFusion, Database & VB custom development

“Everyone full control or what?” Security challenges inside a company (WSUS, Wireless, Password policies: An introduction.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

INTRUDERS BY VISHAKHA RAUT TE COMP OUTLINE INTRODUCTION TYPES OF INTRUDERS INTRUDER BEHAVIOR PATTERNS INTRUSION TECHNIQUES QUESTIONS ON INTRUDERS.

SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.

Module 6: Designing Security for Network Hosts

Small Business Security Keith Slagle April 24, 2007.

Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.

Chap1: Is there a Security Problem in Computing?.

Computer Security Status Update FOCUS Meeting, 28 March 2002 Denise Heagerty, CERN Computer Security Officer.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

Borders Business Programme IT and Marketing Functions of Web-based Systems Russell Taylor Lecturer in Computing Borders Business Programme.

EECS 354: Network Security Group Members: Patrick Wong Eric Chan Shira Schneidman Web Attacks Project: Detecting XSS and SQL Injection Vulnerabilities.

Web Security. Introduction Webserver hacking refers to attackers taking advantage of vulnerabilities inherent to the web server software itself These.

Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.

JMU GenCyber Boot Camp Summer, “Canned” Exploits For many known vulnerabilities attackers do not have to write their own exploit code Many repositories.

SQL Injection Josh Mann. What is SQL Injection  SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries.

Appendix A: Designing an Acceptable Use Policy. Overview Analyzing Risks That Users Introduce Designing Security for Computer Use.

Taking on Tomorrow's Challenges Today Taking on Tomorrow's Challenges Today Almost every organisation has been attacked …. But most don’t know about it!

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Javascript worms By Benjamin Mossé SecPro

Port Knocking Benjamin DiYanni.

Chapter 7: Identifying Advanced Attacks

Employee clicks on fake

Secure Software Confidentiality Integrity Data Security Authentication

CompTIA Security+ Study Guide (SY0-401)

Answer the questions to reveal the blocks and guess the picture.

Dinis Cruz, Chief Information Security Officer 29 November 2017

Website Security Testing: Why Business Need It Very Badly.

Internet Service Provider Attack Scenario

Chapter 13 Security Methods Part 3.

Brute force attacks, DDOS, Botnet, Exploit, SQL injection

Lecture 2 - SQL Injection

Ethical Hacking ‘Ethical hacking’ is the branch of computer science that involves cybersecurity and preventing cyberattacks. Ethical hackers are not malicious.

Presentation transcript:

Web Server Security By Michael Huang

Web Server Security - Background Experts gets hacked (AOL, MSN, FBI, CIA, etc…) Loss of Trade Secrets, Company Embarrassment, Compromise of Client’s Personal Information Fallacy- firewall will protect web server Computer-illiterate people can hack a web server Absolute Security Impossible Basic guidelines to deter amateurs

Web Server Security- Basic Guidelines  isolate/off-network hosting  manage accounts/passwords employees are biggest risk remote password guessing tools (brutus, crack)  keep it patched new patches every few days, be proactive  limit access – not a workstation , aim, irc, ftp/telnet/ssh etc  serve safe code code abuse

Web Server Security- Hacking 101  Cookbook Hacking Determine server or operating system software Learn exploit from hacking site/forum Hack server Demo

Web Server Security- Hacking 101  Attacking Web Forms Find a web form (search for login.asp) Check for vulnerability Enter basic SQL (standard query language) commands to delete database Demo