Lesson 15 Client Side Vulnerabilities and you. Active Server Pages MS’s answer to the scripting world of PERL and CGI on Unix Usually Written In Visual.

Slides:



Advertisements
Similar presentations
1 Copyright © 2002 Pearson Education, Inc.. 2 Chapter 1 Introduction to Perl and CGI.
Advertisements

Copyright © 2004 ProsoftTraining, All Rights Reserved. Lesson 11: Advanced Web Technologies.
Chapter 17: WEB COMPONENTS
Internet Security Protocols
1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Languages for Dynamic Web Documents
Server-Side vs. Client-Side Scripting Languages
ASP Tutorial. What is ASP? ASP (Active Server Pages) is a Microsoft technology that enables you to make dynamic and interactive web pages. –ASP usually.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
B.Sc. Multimedia ComputingMedia Technologies Database Technologies.
CGIWrap CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms without compromising the security of the http server.
Introduction to Web Base Multimedia Application. Web base application TCP/IP (HTTP) protocol Using WWW technology & software Distributed environment.
Introduction to Web Based Application. Web-based application TCP/IP (HTTP) protocol Using WWW technology & software Distributed environment.
Active Server Pages Chapter 1. Introduction Understand how browsers and servers interacted when the Web was young Understand what early Internet and intranet.
1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.
CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.
Creating Web Page Forms
Web Integration to an Appx Backend Server. Unix web servers + CGI Win2K web servers + ASP Win2K web servers + ODBC Processing requests Generating HTML.
1 Enabling Secure Internet Access with ISA Server.
Server Side Scripting Norman White. Where do we do processing? Client side – Javascript (embed code in html) – Java applets (send java program to run.
 2000 Deitel & Associates, Inc. All rights reserved. Chapter 24 – Web Servers (PWS, IIS, Apache, Jigsaw) Outline 24.1Introduction 24.2Microsoft Personal.
FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)
CSCI 6962: Server-side Design and Programming Course Introduction and Overview.
A Back-Stage Pass: What Every Hacker Wants Presented by: Art Jones.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Basics of Web Databases With the advent of Web database technology, Web pages are no longer static, but dynamic with connection to a back-end database.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
5 Chapter Five Web Servers. 5 Chapter Objectives Learn about the Microsoft Personal Web Server Software Learn how to improve Web site performance Learn.
Introduction to Internet Programming (Web Based Application)
Web Site Security Andrew Cormack JANET-CERT ©The JNT Association, 1999.
Course ILT Internet/intranet support Unit objectives Use the Internet Information Services snap-in to manage IIS, Web sites, virtual directories, and WebDAV.
Security Awareness: Applying Practical Security in Your World Chapter 4: Chapter 4: Internet Security.
Client Side Vulnerabilities Aka, The Perils of HTTP Lesson 14.
Database-Driven Web Sites, Second Edition1 Chapter 5 WEB SERVERS.
ASP Introduction Y.-H. Chen International College Ming-Chuan University Fall, 2004.
Web Application Security ECE ECE Internetwork Security What is a Web Application? An application generally comprised of a collection of scripts.
Web Pages with Features. Features on Web Pages Interactive Pages –Shows current date, get server’s IP, interactive quizzes Processing Forms –Serach a.
Chapter 8 Collecting Data with Forms. Chapter 8 Lessons Introduction 1.Plan and create a form 2.Edit and format a form 3.Work with form objects 4.Test.
Lecture Note 1: Getting Started With ASP.  Introduction to ASP  Introduction to ASP An ASP file can contain text, HTML tags and scripts. Scripts in.
Module 1: Configuring Windows Server Module Overview Describe Windows Server 2008 roles Describe Windows Server 2008 features Describe Windows Server.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Module 5: Configuring Internet Explorer and Supporting Applications.
Structure of the Internet. Internet Structure LAN ISP Internet Backbone.
1 MSCS 237 Overview of web technologies (A specific type of distributed systems)
The Top 10 Bugs in Windows 2000 From Jesper Johanssen’s W2K Security Vulnerabilities Lecture.
Web Development in Microsoft Visual Studio Slide 2 Lecture Overview How to create a first ASP.NET application.
RUBRIC IP1 Ruben Botero Web Design III. The different approaches to accessing data in a database through client-side scripting languages. – On the client.
Web Pages with Features. Features on Web Pages Interactive Pages –Shows current date, get server’s IP, interactive quizzes Processing Forms –Serach a.
ASP (Active Server Pages) by Bülent & Resul. Presentation Outline Introduction What is an ASP file? How does ASP work? What can ASP do? Differences Between.
Security fundamentals Topic 8 Securing network applications.
1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS.
Form Processing Week Four. Form Processing Concepts The principal tool used to process Web forms stored on UNIX servers is a CGI (Common Gateway Interface)
ASP. ASP is a powerful tool for making dynamic and interactive Web pages An ASP file can contain text, HTML tags and scripts. Scripts in an ASP file are.
 Web pages originally static  Page is delivered exactly as stored on server  Same information displayed for all users, from all contexts  Dynamic.
Web Page Designing With Dreamweaver MX\Session 1\1 of 9 Session 1 Introduction to PHP Hypertext Preprocessor - PHP.
Active X and Signed Applets Chad Bollard. Overview ActiveX  Security Features  Hidden Problems Signed Applets  Security Features  Security Problems.
ASP.NET WEB Applications. ASP.NET  Web application framework developed by Microsoft  Build dynamic data driven web applications and web services  Subset.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Windows Vista Configuration MCTS : Internet Explorer 7.0.
Section 6.3 Server-side Scripting
SY0-401 Exam Dumps CompTIA Security+ Certification Exam
WWW and HTTP King Fahd University of Petroleum & Minerals
Section 17.1 Section 17.2 Add an audio file using HTML
Introduction to Programming the WWW I
Configuring Internet-related services
Web Servers / Deployment
Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein
Presentation transcript:

Lesson 15 Client Side Vulnerabilities and you

Active Server Pages MS’s answer to the scripting world of PERL and CGI on Unix Usually Written In Visual Basic Script (VBS) Provides: –State –Backend data base access –Generally display HTML in Browser

ASP (2) Pros: – Ability to Output HTML file on the fly Con – Numerous Vulnerabilities that allow attackers to view ASP code itself -- Attackers can learn further vulnerabilities in program logic -- Attackers can view sensitive info

ASP (3) Con Numerous Vulnerabilities that allow attackers to view ASP code itself – Attackers can learn further vulnerabilities in program logic – Attackers can view sensitive info

Well Known Vulnerabilities ASP DOT Bug Vulnerability (IIS 3.0) –Allowed hacker to view ASP source code –Now patched –Patch intoduced new vulnerabilities

Well Known Vulnerabilities(2) ASP Alternate Data Streams (IIS 3.0) –Allowed file download –Limit file access rights of all source code by removing read access of the Everyone Group –Only allow execute permission

Well Known Vulnerabilities(3) Show code.asp Vulnerability (IIS 4.0) de.asp?source=/../../../../../boot.ini Script did not restrict use of “..” Allows Hacker to download files In this example Hacker Views Boot.ini file Applying hot fix corrected the problem

Well Known Vulnerabilities(4) Codebrws.asp Vulnerability (IIS 4.0) s.asp?source=/../../../../../winnt/repair/setup.log Allows Hacker to View any file on target system Applying hot fix corrected the problem

Managing Your Security IE Configuration Very Flexibile Checking WWW Page Certificates –File Properties IE TOOLs--Internet Options –Advanced –Security –Content

MS Advanced Options Can Set SSL/TLS Options Warn About Invalid Digital Certificates Warn on form submission redirection Much More just see >>>>>>>

Using File Properties Allows User to Check on Web Page properties Allows User to verify Digital Certificates Allows User to verify encryption

MS Internet Security Zones Next Series of Slide Shows You How User (Client) can select the security they desire while interacting on the Internet.

MS Internet Content Next Series of Slide Shows You Can Manage Digital Certificates on your home computer

Checking Your Open Ports

Checking Your IP Configuration

SUMMARY Client Side Security is Your Responsibility Do not be afraid to experiment

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.