Building Success Websites What to build and what to look out for!

Slides:

Advertisements

Similar presentations

Driving Factors Security Risk Mgt Controls Compliance.

Advertisements

Internet Protocol Security (IP Sec)

Intro To Secure Comm. Exercise 3. Problem The following scenario is suggested for establishing session keys  Alice and Bob share a secret (key phrase/password)

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

1 MIS 2000 Class 22 System Security Update: Winter 2015.

Chapters 14 & 15 Internet Databases. E-Commerce  Bringing new products, services, or ideas to market, supporting and enhancing business operations 

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

SECURITY Chapter 15 CNS Crackers "malicious computer users" Varying intentions and abilities What motivates people to break into computer systems?

CSA 223 network and web security Chapter one

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

Chapter 12 Network Security.

FIT3105 Security and Identity Management Lecture 1.

Wikis And Blogs Their role in the Corporate Environment Kevin Baker Nelson Brodyck Adam Garten-Zutter Darren Makovichuk Cameron Smith.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.

Kittiphan Techakittiroj (24/08/58 22:49 น. 24/08/58 22:49 น. 24/08/58 22:49 น.) Digital Certification Kittiphan Techakittiroj

Real Security InterSwyft Technical information's.

Security. Cryptography Why Cryptography Symmetric Encryption – Key exchange Public-Key Cryptography – Key exchange – Certification.

Securing Information Systems

Storage Security and Management: Security Framework

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

CIS 1310 – HTML & CSS 12 E-Commerce Overview. CIS 1310 – HTML & CSS Learning Outcomes  Define E-commerce  Identify Benefits & Risks of E-Commerce 

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 3: VPN and Encryption Technology.

Dan Johnson. What is a hashing function? Fingerprint for a given piece of data Typically generated by a mathematical algorithm Produces a fixed length.

Computer & Network Security

Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Cryptography, Authentication and Digital Signatures

18-jan-962. ETH-W4 (ra)1 security on the Web l security l authentication l privacy.

Information Systems Security

IETF 60 – San Diegodraft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Aravind.

NDSU Lunchbytes "Are They Really Who They Say They Are?" Digital or Electronic Signature Information Rick Johnson, Theresa Semmens, Lorna Olsen April 24,

John A. Coates, P.E., Administrator Wastewater Compliance Evaluation Section, Office of Wastewater Management Florida Department of Environmental Protection.

1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,

IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.

Public Key Encryption.

CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.

CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Living in a Network Centric World Network Fundamentals – Chapter 1.

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

CIS 325: Data Communications1 Chapter Seventeen Network Security.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

2/19/2016clicktechsolution.com Security. 2/19/2016clicktechsolution.com Threats Threats to the security of itself –Loss of confidentiality.

 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.

As business and traffic grows a company finds that shared hosting is inadequate to meet demands and even VPS is not sufficient. In both instances security.

Copyright © Terry Felke-Morris Web Development & Design Foundations with HTML5 8 th Edition CHAPTER 12 KEY CONCEPTS 1 Copyright.

LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.

CS520 Web Programming Declarative Security (I) Chengyu Sun California State University, Los Angeles.

● The most common website platform ● User friendly-easy to edit ● Constantly improving-updates, plugins, themes Why WordPress?

Security Protecting information data confidentiality

Web Applications Security Cryptography 1

Design for Security Pepper.

12 E-Commerce Overview.

CompTIA Security+ Study Guide (SY0-501)

Systems Design Chapter 6.

Protocol ap1.0: Alice says “I am Alice”

Unit 8 Network Security.

Electronic Payment Security Technologies

Chapter 8 roadmap 8.1 What is network security?

Presentation transcript:

Building Success Websites What to build and what to look out for!

What do you want to do? Publish company info with an online brochure Take orders for good and/or services Provide services or digital goods Add value to goods and/or services Cut costs

Publish company info with an online brochure Simple static information that dominated the web in the early 1990’s How can they fail? – Failure to provide important information – Poor presentation – Failure to respond to customer feedback – Allow info on site to go stale – Fail to track site usage stats

Take orders for good and/or services Ways to fail… – Unanswered questions about products/services – Trust – Ease of use – Compatibility – Wrong product – Bad marketing – Grow to fast

Provide services or digital goods Think information sites (stocks for instance) or digital media (ebook, video, mp3 etc.) Pros –cheap, immediate delivery Cons – Intellectual property rights (CISC355) Ways to fail – Not securing the IP rights to what customers want – Model is not scalable

Add value to goods and/or services Some websites are value added… – Think tracking on ups.com or fedex.com – Support forums for goods/services Ways to fail – Not providing timely responses (think usps.com) – Not adding the value you think you are (how do you get/respond to feedback?)

Cut costs Providing PDF manuals online instead of printing/shipping bulky physical copies Replacing brink and mortar stores with online only. – Not having a strategy or understanding your customer base

Risks and Threats Crackers – Secure your site against internal and external threats! Failure to attract sufficient business Infrastructure/Scaling issues (power, hardware, network, etc.) Reliance on Shipping Competition Software bugs Government policies and taxes

Security Threats to Websites Exposure of confidential data Loss of data Modification of data DoS Attacks Software bugs Repudiation

Ways to combat security threats The most secure website is one that is not connected to a network… Unfortunately it is not very usable! Need a balance between security and usability – Authentication – Encryption Private Key Public Key

Security… continued Certificates – combine you saying who you are via a Certifying Authority and encryption Data backups Physical Security

PHP Authentication Security is not a bolt on afterthought or something you will get to later… Successful websites have security built into the development process… But where to start… How about authentication? – There are many ways to implement but most sites only require a username/password combination

Some PHP Authentication Examples Simple Authentication ( secret.php - cool multistate page – very useful!) – What is good about this model? – What is bad about this model? Improved Simple Authentication (secret2.php) – What is good about this model? – What is bad about this model?

Encrypt Passwords Anyone have an issue with storing a password in clear text? PHP has several encryption algorithms available… Using one way hash functions – crypt() – old and not very secure – md5() – Message Digest 5 – medium secure – sha1() – Secure Hash Algorithm 1 – most secure

Other ways to secure HTTP Authentication Sessions (later chapter)