1 Figure 9-3: Webserver and E-Commerce Security Importance of Webservice and E-Commerce Security  Cost of disruptions  The cost of loss of reputation.

Slides:

Advertisements

Similar presentations

Chapter 17: WEB COMPONENTS

Advertisements

1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

DT211/3 Internet Application Development Active Server Pages & IIS Web server.

Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.

System and Network Security Practices COEN 351 E-Commerce Security.

ASP Tutorial. What is ASP? ASP (Active Server Pages) is a Microsoft technology that enables you to make dynamic and interactive web pages. –ASP usually.

Web Server Hardware and Software

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.

1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.

Introduction To Windows NT ® Server And Internet Information Server.

Application Security Chapter 8 Copyright Pearson Prentice Hall 2013.

Chapter 4 Application Security Knowledge and Test Prep

Advanced Web 2012 Lecture 2 Sean Costain How the Web Works - Refresh Sean Costain 2012 The web is a matrix of servers that handle client requests.

Electronic Commerce Last Week Internet utility programs

Hands-On Ethical Hacking and Network Defense

TOPIC 1 – SERVER SIDE APPLICATIONS IFS 234 – SERVER SIDE APPLICATION DEVELOPMENT.

 2000 Deitel & Associates, Inc. All rights reserved. Chapter 24 – Web Servers (PWS, IIS, Apache, Jigsaw) Outline 24.1Introduction 24.2Microsoft Personal.

Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as .

1 Application Security: Electronic Commerce and Chapter 9 Copyright 2003 Prentice-Hall.

1 CS 3870/CS 5870 Static and Dynamic Web Pages ASP.NET and IIS.

Application Security: Web service and (April 11, 2011) © Abdou Illia – Spring 2011.

Application Security: General apps &Web service (April 11, 2012) © Abdou Illia – Spring 2012.

Basics of Web Databases With the advent of Web database technology, Web pages are no longer static, but dynamic with connection to a back-end database.

About Dynamic Sites (Front End / Back End Implementations) by Janssen & Associates Affordable Website Solutions for Individuals and Small Businesses.

Chapter 8.  Some attacks inevitably get through network protections and reach individual hosts  In Chapter 7, we looked at operating system and data.

1 Application Security: Electronic Commerce and Chapter 9 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall.

5 Chapter Five Web Servers. 5 Chapter Objectives Learn about the Microsoft Personal Web Server Software Learn how to improve Web site performance Learn.

BZUPAGES.COM Presentation on Content Management System (CMS) Presented to. Sir Ahmad Kareem.

IST 210 Web Application Security. IST 210 Introduction Security is a process of authenticating users and controlling what a user can see or do.

 2001 Prentice Hall, Inc. All rights reserved. 1 Chapter 21 - Web Servers (IIS, PWS and Apache) Outline 21.1 Introduction 21.2 HTTP Request Types 21.3.

ASP Introduction Y.-H. Chen International College Ming-Chuan University Fall, 2004.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Application Security Chapter 8 Copyright Pearson Prentice Hall 2013.

1 Application Security: Electronic Commerce and Chapter 9 Copyright 2003 Prentice-Hall.

Lecture Note 1: Getting Started With ASP.  Introduction to ASP  Introduction to ASP An ASP file can contain text, HTML tags and scripts. Scripts in.

Payment Systems Unit 34: E-commerce M2 - Compare two different payment systems used in e-commerce systems.

SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.

1 Figure 9-6: Security Technology  Clients and Mail Servers (Figure 9-7) Mail server software: Sendmail on UNIX, Microsoft Exchange,

HOW THE WEB WORKS Reference: Learning Web Design (4 th edition) by Robbins 2012 – Chapter 2 (pp. 21 – 32)

Security fundamentals Topic 8 Securing network applications.

ECMM6018 Enterprise Networking for Electronic Commerce Tutorial 7

UNIT-3 1.Web server software and Tools 1IT2031 UNIT-3.

WEB SERVER SOFTWARE FEATURE SETS

ASP. ASP is a powerful tool for making dynamic and interactive Web pages An ASP file can contain text, HTML tags and scripts. Scripts in an ASP file are.

Web Technology – Web Server Setup : Chris Uriarte Meeting 4: Advanced Topics, Continued: Securing the Apache Server and Apache Performance Tuning Rutgers.

Web Security. Introduction Webserver hacking refers to attackers taking advantage of vulnerabilities inherent to the web server software itself These.

Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.

1 Figure 9-3: Webserver and E-Commerce Security Browser Attacks  Take over a client via the browser Interesting information on the client Can use browser.

Web Page Designing With Dreamweaver MX\Session 1\1 of 9 Session 1 Introduction to PHP Hypertext Preprocessor - PHP.

© 2015 Pearson Education Ltd. Chapter 8 Chapter 8.

Web Server Administration Chapter 6 Configuring a Web Server.

1 Chapter 1 INTRODUCTION TO WEB. 2 Objectives In this chapter, you will: Become familiar with the architecture of the World Wide Web Learn about communication.

2nd year Computer Science & Engineer

Application Security: Web service and

Tonga Institute of Higher Education IT 141: Information Systems

WWW and HTTP King Fahd University of Petroleum & Minerals

World Wide Web policy.

Database Driven Websites

Tonga Institute of Higher Education IT 141: Information Systems

Configuring Internet-related services

Web Servers / Deployment

Tonga Institute of Higher Education IT 141: Information Systems

Designing IIS Security (IIS – Internet Information Service)

Web Servers (IIS and Apache)

Presentation transcript:

1 Figure 9-3: Webserver and E-Commerce Security Importance of Webservice and E-Commerce Security  Cost of disruptions  The cost of loss of reputation and market capitalization  Cost of privacy violations  Links to internal corporate servers

2 Figure 9-3: Webserver and E-Commerce Security Importance of Webservice and E-Commerce Security  Customer fraud (including credit card fraud) Loss of revenues when product is not paid for Credit card company charge-back fees Must use external firm to check credit card numbers

3 Figure 9-3: Webserver and E-Commerce Security Webservers Versus E-Commerce Servers  Webservice provides basic user interactions Microsoft Internet Information Server (IIS) Apache on UNIX Other webserver programs

4 Figure 9-3: Webserver and E-Commerce Security Webservers Versus E-Commerce Servers  E-commerce servers add functionality: Order entry, shopping cart, payment, etc.  Custom programs written for special purposes

5 Figure 9-4: Webservice Versus E-Commerce Service E-Commerce Software Subsidiary E-Commerce Software Component (PHP, etc.) Custom Programs Webserver Software

6 Figure 9-3: Webserver and E-Commerce Security Some Webserver Attacks  Website defacement  Numerous IIS buffer overflow attacks, many of which take over the computer  IIS directory traversal attacks Normally, paths start at the WWW root directory Adding../ might take the attacker up a level, out of the WWW root box

7 Figure 9-3: Webserver and E-Commerce Security Some Webserver Attacks  IIS directory traversal attacks If traverse to command prompt directory in Windows 2000 or NT, can execute any command with system privileges Companies filter out / and \ Attackers respond with hexadecimal and UNICODE representations for / and \

8 Figure 9-3: Webserver and E-Commerce Security Some Webserver Attacks  Apache has problems, too

9 Figure 9-3: Webserver and E-Commerce Security Patching the Webserver and E-Commerce Software and Its Components  Patching the webserver software is not enough  Also must patch e-commerce software  E-commerce software might use third-party component software that must be patched

10 Figure 9-3: Webserver and E-Commerce Security Controlling Dynamic Webpage Development  Static versus dynamic webpages  For static webpages: GET /path/filename.extension HTTP / version  CGI to pass parameters to a program GET /path/programname.exe?variable1= “value”&variable2=“value”… Inefficient. Starts new copy of program with each request

11 Figure 9-3: Webserver and E-Commerce Security Controlling Dynamic Webpage Development  ASP is Microsoft’s server-side scripting language  ISAPI from Microsoft starts a.dll component Component continues to run; no need to start a new copy with each request  Controlling software development Programmer training in safe programming methods Auditing for security weaknesses

12 Figure 9-3: Webserver and E-Commerce Security Controlling Dynamic Webpage Development  Deployment Development servers: Developers must have wide privileges Staging servers: Only testers and systems administrators should have privileges Production servers: Only systems administrators should have privileges

13 Figure 9-3: Webserver and E-Commerce Security User Authentication  None: No burden on customer  Username and password provide some protection but may be given out without checking customer quality  IPsec and digital certificates: Expensive and difficult for customers  TLS with client digital certificates: Less expensive than IPsec but difficult for customers