CSCE 201 Web Browser Security Fall 2015. CSCE 201 - Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.

Slides:



Advertisements
Similar presentations
The Internet and the Web
Advertisements

Overview Environment for Internet database connectivity
Chapter 17: WEB COMPONENTS
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
DT228/3 Web Development WWW and Client server model.
Lesson 4: Web Browsing.
Unit 12 Using the Internet & Browsing the Web.  Understand the difference between the Internet and the World Wide Web  Identify items on a web page.
XP Browser and Basics1. XP Browser and Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.
Web Security A how to guide on Keeping your Website Safe. By: Robert Black.
ACTIVE X By Ethan Huang. OUTLINE What is ActiveX? Component of ActiveX Why ActiveX? ActiveX and Java Security Issue.
INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
Week 2 IBS 685. Static Page Architecture The user requests the page by typing a URL in a browser The Browser requests the page from the Web Server The.
INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.
Active X Microsoft’s Answer to Dynamic Content Reference: Using Active X by Brian Farrar QUE
Technologies for EC/EB Walt Scacchi FEMBA 290 Winter 2003.
Security+ Guide to Network Security Fundamentals, Third Edition
Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.
Computer Security and Penetration Testing
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.
Browser and Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.
11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
PowerPoint Presentation to Accompany GO! with Internet Explorer 9 Getting Started Chapter 3 Exploring the World Wide Web with Internet Explorer 9.
With Internet Explorer 9 Getting Started© 2013 Pearson Education, Inc. Publishing as Prentice Hall1 Exploring the World Wide Web with Internet Explorer.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
INTRODUCTION TO WEB DATABASE PROGRAMMING
IT 210 The Internet & World Wide Web introduction.
FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)
Data Security.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
Security Awareness Chapter 3 Internet Security. Security Awareness, 3 rd Edition2 Objectives After completing this chapter, you should be able to do the.
Chapter 5 Security Threats to Electronic Commerce
Chapter 16 The World Wide Web Chapter Goals Compare and contrast the Internet and the World Wide Web Describe general Web processing Describe several.
1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),
Web Browser Security Prepared By Mohammed EL-Batta Mohammed Soubih Supervised By Eng. Eman alajrami Explain Date 10. may University of Palestine.
Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.
JavaScript, Fourth Edition
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Security Awareness: Applying Practical Security in Your World Chapter 4: Chapter 4: Internet Security.
Client Side Vulnerabilities Aka, The Perils of HTTP Lesson 14.
Security+ Guide to Network Security Fundamentals, Fourth Edition
Web Pages with Features. Features on Web Pages Interactive Pages –Shows current date, get server’s IP, interactive quizzes Processing Forms –Serach a.
.  At least one in ten web pages are booby-trapped with malware  Just viewing an infected Web page installs malware on your computer, if your operating.
Protecting Students on the School Computer Network Enfield High School.
1 Welcome to CSC 301 Web Programming Charles Frank.
Grid Chemistry System Architecture Overview Akylbek Zhumabayev.
Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
Web Design (1) Terminology. Coding ‘languages’ (1) HTML - Hypertext Markup Language - describes the content of a web page CSS - Cascading Style Sheets.
Database Systems: Design, Implementation, and Management Eighth Edition Chapter 14 Database Connectivity and Web Technologies.
1 MSCS 237 Overview of web technologies (A specific type of distributed systems)
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
U.S. Department of Commerce Web Advisory Group Minding Your Own Business The Platform for Privacy Preferences Project.
Module 2 – User Safety Privacy Attacks on end users Browser vulnerabilities.
Web Pages with Features. Features on Web Pages Interactive Pages –Shows current date, get server’s IP, interactive quizzes Processing Forms –Serach a.
Web application architecture1 Based on Jim Conallen: Web Applications with UML.
11 MANAGING INTERNET EXPLORER CONNECTIONS AND SECURITY Chapter 12.
IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Security Awareness Chapter 3 Internet Security. O BJECTIVES After completing this chapter, you should be able to do the following:  Explain how the World.
 Web pages originally static  Page is delivered exactly as stored on server  Same information displayed for all users, from all contexts  Dynamic.
Web Browsing *TAKE NOTES*. Millions of people browse the Web every day for research, shopping, job duties and entertainment. Installing a web browser.
Introduction to the World Wide Web & Internet CIS 101.
Adware and Browser Hijacker – Symptoms and Preventions /killmalware /u/2/b/ /alexwaston14/viru s-removal/ /channel/UC90JNmv0 nAvomcLim5bUmnA.
ITMT Windows 7 Configuration Chapter 7 – Working with Applications.
Windows Vista Configuration MCTS : Internet Explorer 7.0.
World Wide Web policy.
Lesson 4: Web Browsing.
Lesson 4: Web Browsing.
Presentation transcript:

CSCE 201 Web Browser Security Fall 2015

CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human and some automated usage – Interactive Web pages – Web Services (WSDL, SOAP, SAML) – Semantic Web (RDF, OWL, RuleML, Web databases) – XML technology (data exchange, data representation) Future: Semantic Web Services

CSCE Farkas3 ARE THE EXISTING SECURITY MECHANISMS SUFFICIENT TO PROVIDE DATA AND APPLICATION SECURITY OF THE NEXT GENERATION WEB?

CSCE Farkas4 Information Assurance Inference Control Privacy Security Trust Applications Policy making Formal models Negotiation Protocol Analysis Anonymity Access control Semantic web security Encryption Information hiding Data mining Computer epidemic Data provenance Fraud Biometrics

CSCE Farkas 5 Web Browser Software with simple role:  Connect to a web address  Fetch and display content from that address  Send data from a user to that address

CSCE Farkas 6 Security Issues for Browsers  Often connect to many addresses instead of only the address show in address bar  Fetching data have to access many locations to obtain pictures, audio or linked content.  Browser can be malicious or can be corrupted to have malicious functionality  Many browsers support add-ins to add new feature but these add-ins can include malicious code

CSCE Farkas 7 Security Issues for Browsers  Data display involve many commands that control rendering, positioning, motion, layering and even invisibility  Browser can access any data on user’s computer, it generally run with the same privileges as the user  Browsers connect users to outside networks, but few users can monitor what is transmitted  Browser’s effect is immediate and transitory

CSCE Farkas 8 Browser Attacks There are 3 attack vectors:  Target the operating system so it will obstruct the browser’s correct and secure functioning  Target the browser or its component, add-ons or plug-ins, so the browser’s activity is altered  Intercept or modify communication to or from the browser

CSCE Farkas9 Internet Attacks Download browser code Privacy attack Web site attack during surfing

Download browser code JavaScript, Java, ActiveX CSCE Farkas10 Web Server User’s computer Internet HTML document With JavaScript Download HTML document With JavaScript Run JavaScript

JavaScript Not for standalone applications -- Resides inside HTML documents Interpreted into machine understandable code Can be downloaded automatically – Cannot read, write, create, delete, or list files – Has no networking capabilities – Can: capture and send user information CSCE Farkas11

Java Complete programming language – standalone applications Java applets: downloaded with HTML Can perform processing – May harm computer Defense: sandbox Signed vs. unsigned Java applets CSCE Farkas12

ActiveX Rules defining how applications under the Windows OS should share information ActiveX controls (ad-ons): – Specific ways of implementing ActiveX – Can be activated through scripting languages or by HTML commands Can perform functions similar to Java applets but directly access OS Signed vs. unsigned CSCE Farkas13

Privacy Attacks Cookies: Web site to track whether a user has previously visited the site – User specific information, stored on the user’s computer – First-party cookie vs. third-party cookie – Can reveal browsing habits of the individuals Adware: delivers unsolicitated advertising content – Pop-up windows CSCE Farkas14

Attacks while surfing Safe surfing? Passive surfing? Redirecting web traffic: – Typing mistakes – Attacker: registering “wrong” URLs Drive-by downloads – Use scripting to download malicious content – Spreading at an alarming rate CSCE Farkas15

Internet Defenses Popup blocker Browser settings, e.g., IE Web browser: – Configure your browser’s security and privacy settings – Keep your browser updated – Sign up for alerts – Be cautious when installing plug-ins – Install security plug-ins CSCE Farkas16

Next Class Application Security M. Mimoso, XcodeGhost Malware Stirring Up More Trouble, stirring-up-more-trouble/114778/ stirring-up-more-trouble/114778/ CSCE Farkas17

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.