Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Web Components Chapter 17.

Slides:



Advertisements
Similar presentations
Overview Environment for Internet database connectivity
Advertisements

Section 10.1 Identify how Web sites are structured Explain the role of URLs Describe the function of HTTP Section 10.2 Explain how the Web has affected.
Chapter 17: WEB COMPONENTS
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
DT228/3 Web Development WWW and Client server model.
Lesson 17-Web Components. Background  The World Wide Web was invented in 1990 by Tim Berners- Lee to give physicists a convenient method of exchanging.
Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.
Project 1 Introduction to HTML.
Chapter Concepts Review Markup Languages
© 2010, Robert K. Moniot Chapter 1 Introduction to Computers and the Internet 1.
15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.
INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.
Introduction to Web Database Processing
Outline IS400: Development of Business Applications on the Internet Fall 2004 Instructor: Dr. Boris Jukic Server Side Web Technologies: Part 2.
INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.
Introduction to Web Interface Technology (CSE2030)
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Computer Security and Penetration Testing
WWW and Internet The Internet Creation of the Web Languages for document description Active web pages.
© 2004, Robert K. Moniot Chapter 1 Introduction to Computers and the Internet.
Electronic Commerce Last Week Internet utility programs
1st Project Introduction to HTML.
COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.
Web Programming Language Dr. Ken Cosh Week 1 (Introduction)
HTML 1 Introduction to HTML. 2 Objectives Describe the Internet and its associated key terms Describe the World Wide Web and its associated key terms.
Chapter ONE Introduction to HTML.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
1 Web Developer & Design Foundations with XHTML Chapter 6 Key Concepts.
INTRODUCTION TO WEB DATABASE PROGRAMMING
Chapter 1 Introduction to HTML, XHTML, and CSS
FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)
Copyright © cs-tutorial.com. Introduction to Web Development In 1990 and 1991,Tim Berners-Lee created the World Wide Web at the European Laboratory for.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Chapter 1: Introduction to Web
Chapter 16 The World Wide Web Chapter Goals Compare and contrast the Internet and the World Wide Web Describe general Web processing Describe several.
DATA COMMUNICATION DONE BY: ALVIN SAMPATH CARLVIN SAMPATH.
Chapter 4: Core Web Technologies
Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.
Internet Basics Dr. Norm Friesen June 22, Questions What is the Internet? What is the Web? How are they different? How do they work? How do they.
Chapter 6 The World Wide Web. Web Pages Each page is an interactive multimedia publication It can include: text, graphics, music and videos Pages are.
Web Security Chapter 6. Learning Objectives Understand SSL/TLS protocols and their implementation on the Internet Understand HTTPS protocol as it relates.
5 Chapter Five Web Servers. 5 Chapter Objectives Learn about the Microsoft Personal Web Server Software Learn how to improve Web site performance Learn.
Chapter 17 - Deploying Java Applications on the Web1 Chapter 17 Deploying Java Applications on the Web.
NASRULLAH KHAN.  Lecturer : Nasrullah   Website :
 2001 Prentice Hall, Inc. All rights reserved. 1 Chapter 21 - Web Servers (IIS, PWS and Apache) Outline 21.1 Introduction 21.2 HTTP Request Types 21.3.
HTML, XHTML, and CSS Sixth Edition Chapter 1 Introduction to HTML, XHTML, and CSS.
Chapter 4 Networking and the Internet. © 2005 Pearson Addison-Wesley. All rights reserved 4-2 Chapter 4: Networking and the Internet 4.1 Network Fundamentals.
Chapter 8 Cookies And Security JavaScript, Third Edition.
Kingdom of Saudi Arabia Ministry of Higher Education Al-Imam Muhammad Ibn Saud Islamic University College of Computer and Information Sciences Chapter.
1 Welcome to CSC 301 Web Programming Charles Frank.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
Web Design (1) Terminology. Coding ‘languages’ (1) HTML - Hypertext Markup Language - describes the content of a web page CSS - Cascading Style Sheets.
Database Systems: Design, Implementation, and Management Eighth Edition Chapter 14 Database Connectivity and Web Technologies.
1 MSCS 237 Overview of web technologies (A specific type of distributed systems)
COP 3813 Intro to Internet Computing Prof. Roy Levow Lecture 1.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
NASRULLAH KHAN.  Lecturer : Nasrullah   Website :
WEB SERVER SOFTWARE FEATURE SETS
HTML Concepts and Techniques Fifth Edition Chapter 1 Introduction to HTML.
Database Systems: Design, Implementation, and Management Eighth Edition Chapter 14 Database Connectivity and Web Technologies.
Internet Infrastructure Min Ding Smeal College of Business Administration Pennsylvania State University.
Chapter 1 Introduction to HTML, XHTML, and CSS HTML5 & CSS 7 th Edition.
Introduction to HTML Simple facts yet crucial to beginning of study in fundamentals of web page design!
Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.
6/28/ A global mesh of interconnected networks (internetworks) meets these human communication needs. Some of these interconnected networks are.
Principles of Computer Security, Fourth Edition Copyright © 2016 by McGraw-Hill Education. All rights reserved. Web Components Chapter 17.
1 Chapter 1 INTRODUCTION TO WEB. 2 Objectives In this chapter, you will: Become familiar with the architecture of the World Wide Web Learn about communication.
World Wide Web policy.
Chapter 1 Introduction to HTML.
Project 1 Introduction to HTML.
Presentation transcript:

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Web Components Chapter 17

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Objectives Describe the functioning of the SSL/TLS protocol suite. Explain web applications, plug-ins, and associated security issues. Describe secure file transfer options. Explain directory usage for data retrieval. Explain scripting and other Internet functions that present security concerns. Use cookies to maintain parameters between web pages. Examine web-based application security issues.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Key Terms Active Server Pages (ASP) ActiveX ASP.NET Authenticode Buffer overflow Code signing Common Gateway Interface (CGI) Common Vulnerabilities and Exposures (CVE)

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Key Terms (continued) Common Weakness Enumerations (CWE) Cookies File Transfer Protocol (FTP) Hypertext Markup Language (HTML) Inlining Internet Engineering Task Force (IETF) Java JavaScript

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Key Terms (continued) Lightweight Directory Access Protocol (LDAP) PHP Plug-ins Secure Sockets Layer (SSL) Server-side scripting Transport Layer Security (TLS) Uniform Resource Locator (URL) X.500

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Current Web Components and Concerns Security concerns can be grouped into three main tasks: Securing a server that delivers content to users over the Web. Securing the transport of information between users and servers over the Web. Securing the user’s computer from attack over a web connection.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Web Protocols Common protocols used on the Web: Encryption (SSL and TLS) The Web (HTTP and HTTPS) Directory Services (DAP and LDAP) File Transfer (FTP and SFTP)

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Encryption (SSL and TLS) Secure Sockets Layer (SSL) is a general-purpose protocol developed by Netscape for managing the encryption of information being transmitted over the Internet. Transport Layer Security (TLS) SSL and TLS are essentially the same, although not interchangeable. Cryptographic methods are an ever-evolving field, and because both parties must agree on an implementation method, SSL/TLS has embraced an open, extensible, and adaptable method to allow flexibility and strength.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 IE 8 Security Options

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Encryption (SSL and TLS) Firefox SSL Security Options

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Encryption (SSL and TLS) Firefox SSL Cipher Options

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 SSL/TLS Handshake

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 How SSL/TLS Works IE 8 Certificate Management Options

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 IE 8 Certificate Store

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Firefox Certificate Options

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Firefox Certificate Store

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 SSL/TLS Attacks SSL/TLS is specifically designed to provide protection from man-in-the middle attacks. A Trojan program that copies keystrokes and echoes them to another TCP/IP address in parallel with the intended communication can defeat SSL/TLS.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 The Web (HTTP and HTTPS) HTTP is used for the transfer of hyperlinked data over the Internet, from web servers to browsers. When a secure connection is needed, SSL/TLS is used and appears in the address as

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 The Web (HTTP and HTTPS) ( continued) High-assurance notification in IE 7 High-assurance notification in Firefox

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Directory Services (DAP and LDAP) A directory is designed and optimized for reading data, offering very fast search and retrieval operations. LDAP offers all of the functionality most directories need and is easier and more economical to implement.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 SSL/TLS LDAP SSL/TLS provides several important functions to LDAP services: Establish the identity of a data source through the use of certificates. Provide for the integrity and confidentiality of the data being presented.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 File Transfer (FTP and SFTP) FTP is a standard network protocol used to exchange and manipulate files over a TCP/IP based network. Secure FTP (SFTP) is used when confidential transfer is required and combines both the Secure Shell (SSH) protocol and FTP.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Vulnerabilities Because SSL is enabled does not mean the user is safe. Key loggers can record what is being typed on a user’s computer before it is encrypted. A company’s database can get hacked releasing your information to the world.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Code-based Vulnerabilities Buffer overflows Java and JavaScript ActiveX Securing the browser CGI Server-side scripts Cookies Signed applets Browser plug-ins

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Buffer Overflows The buffer overflow vulnerability is a result of poor coding practices on the part of software programmers. This occurs when an application can accept more input than it has assigned storage space, and the input data overwrites other program areas.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Java Java is a computer language invented by Sun Microsystems as an alternative to Microsoft’s development languages. Designed to be platform-independent Java offered a low learning curve and a way of implementing programs across an enterprise. Although platform independence never fully materialized, Java has found itself to be a leader in object-oriented programming languages. Java can still perform malicious activities, and the fact that many users falsely believe it is safe increases its usefulness for attackers.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 JavaScript JavaScript is a scripting language developed to be operated within a browser instance. The primary purpose is to enable features such as validation of forms. Enterprising programmers found many other uses for JavaScript, such as manipulating the browser history files, now prohibited by design. JavaScript actually runs within the browser, and the code is executed by the browser itself. This has led to compatibility problems.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Java and JavaScript Java Configuration Settings in Microsoft Internet Explorer 7

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Java and JavaScript Security Setting Functionality Issues

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 ActiveX ActiveX is a broad collection of application programming interfaces (APIs), protocols, and programs developed by Microsoft. –Used to download and execute code automatically over an Internet-based channel. –Can enable a browser to display a custom type of information in a particular way. –Can perform complex tasks, such as update the operating system and application programs.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 ActiveX (continued) ActiveX Security Settings in IE 8

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Securing the Browser Added features means weaker security. No browser is 100 percent safe. Currently Firefox coupled with the NoScript plug-in provides good protection. –The NoScript plug-in allows the user to determine from which domains to trust scripts.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 CGI & Server-Side Scripts Common Gateway Interface (CGI) is a method for having a web server execute a program outside the web server process, yet on the same server. Server-side scripting allows programs to be run outside the web server and to return data to the web server to be served to end users via a web page. This is replacing CGI.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Cookies Cookies are small chunks of ASCII text passed within an HTTP stream to store data temporarily in a web browser instance. It a series of name-value pairs that is stored in memory during a browser instance. –Expires –Domain –Path –Secure

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Cookies (continued) Firefox Cookie Management

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Cookies (continued) Microsoft Internet Explorer 7 Cookie Management

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Cookies (continued) Microsoft Internet Explorer 7 Cookie Store

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Signed Applets The ability to use a certificate to sign an applet allows the identity of the author to be established. A signed applet can be hijacked as easily as a graphic or any other file. Inlining is using an embedded control from another site with or without the other site’s permission.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Browser Plug-ins Plug-ins are small application programs that increase a browser’s ability to handle new data types and add new functionality. Dynamic data such as movies and music can be manipulated by a wide variety of plug-ins, and one of the most popular comes from Real Networks.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Browser Plug-ins (continued) Add-ons for IE 8

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Open Vulnerability and Assessment Language (OVAL) OVAL comprises two main elements: an XML- based machine-readable language for describing vulnerabilities, and a repository. Common Vulnerabilities and Exposures (CVE) is a system that provides a reference-method for publicly known information-security vulnerabilities and exposures.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Web 2.0 and Security The foundations of security apply the same way in Web 2.0 as they do elsewhere. With more capability and greater complexity comes a greater need for strong foundational security efforts.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Chapter Summary Describe the functioning of the SSL/TLS protocol suite. Explain web applications, plug-ins, and associated security issues. Describe secure file transfer options. Explain directory usage for data retrieval. Explain scripting and other Internet functions that present security concerns. Use cookies to maintain parameters between web pages. Examine web-based application security issues.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.