CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Web Security.

Slides:



Advertisements
Similar presentations
Chapter 17: WEB COMPONENTS
Advertisements

Cryptography and Network Security Chapter 16
Don’t get Stung (An introduction to the OWASP Top Ten Project) Barry Dorrans Microsoft Information Security Tools NEW AND IMPROVED!
SEC835 OWASP Top Ten Project.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
SSL Implementation Guide Onno W. Purbo
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Introduction to PKI, Certificates & Public Key Cryptography Erwan Lemonnier.
Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)
Ho Ting Chung, Zeturl ( ) 1.  Authentication  Encryption 2.
Making VLAB Secure Javier I. Roman. What is VLAB?  An interdisciplinary consortium dedicated to the development and promotion of the theory of planetary.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.
Online Security Tuesday April 8, 2003 Maxence Crossley.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.
OWASP Mobile Top 10 Why They Matter and What We Can Do
SSH Secure Login Connections over the Internet
CSCI 6962: Server-side Design and Programming
CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Secure Software Development Mini Zeng University of Alabama in Huntsville 1.
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.
Ryan Dewhurst - 20th March 2012 Web Application (PHP) Security.
Sagar Joshi Senior Security Consultant | ACE Team, Microsoft Information Security
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
By Jonathan….and Darion……….. Reliability Windows File Protection protects core system files from being overwritten by application installs. Driver certification.
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
SEC835 Runtime authentication Secure session management Secure use of cryptomaterials.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Ram Santhanam Application Level Attacks - Session Hijacking & Defences
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Web Security.
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
Lecture 2: Introduction to Cryptography
Potential vulnerabilities of IPsec-based VPN
PHP Secure Communications Web Technologies Computing Science Thompson Rivers University.
Web2.0 Secure Development Practice Bruce Xia
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Digital Signatures and Digital Certificates Monil Adhikari.
Copyright © The OWASP Foundation This work is available under the Creative Commons SA 2.5 license The OWASP Foundation OWASP Denver February 2012.
CS426Fall 2010/Lecture 51 Computer Security CS 426 Lecture 5 Cryptography: Cryptographic Hash Function.
SSL(HandShake) Protocol By J.STEPHY GRAFF IIM.SC(C.S)
2/19/2016clicktechsolution.com Security. 2/19/2016clicktechsolution.com Threats Threats to the security of itself –Loss of confidentiality.
 authenticated transmission  secure tunnel over insecure public channel  host to host transmission is typical  service independent WHAT IS NEEDED?
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
1 E-cash Model Ecash Bank Client Wallet Merchant Software stores coins makes payments accepts payments Goods, Receipt Pay coins sells items accepts payments.
- Richard Bhuleskar “At the end of the day, the goals are simple: safety and security” – Jodi Rell.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Web Applications Security Cryptography 1
Web Application Vulnerabilities
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
An Introduction to Web Application Security
Presentation transcript:

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Web Security

CIT 380: Securing Computer SystemsSlide #2 Insecure Storage Storing sensitive data without encrypting it, or using a weak encryption algorithm, or using a strong encryption system improperly. Problems –Not encrypting sensitive data. –Using home grown cryptography. –Insecure use of weak algorithms. –Storing keys in code or unprotected files.

CIT 380: Securing Computer SystemsSlide #3 Storage Recommendations Hash algorithms –MD5 and SHA1 look insecure. –Use SHA256. Encrypting data –Use AES with 128-bit keys. Key generation –Generate random keys. –Use secure random source.

CIT 380: Securing Computer SystemsSlide #4 Mitigating Insecure Storage 1.Use well studied public algorithms. 2.Use truly random keys. 3.Store keys in protected files. 4.Review code to ensure that all sensitive data is being encrypted. 5.Check database to ensure that all sensitive data is being encrypted.

CIT 380: Securing Computer SystemsSlide #5 Insecure Communication Applications fail to encrypt sensitive data in transit from client to server and vice-versa. Need to protect –User authentication and session data. –Sensitive data (CC numbers, SSNs) Key Idea –Use SSL for all authentication connections.

CIT 380: Securing Computer SystemsSlide #6 Mitigating Insecure Communication 1.Use SSL for all authenticated sessions. 2.Use SSL for all sensitive data. 3.Verify that SSL is used with automated vulnerability scanning tools.

CIT 380: Securing Computer SystemsSlide #7 Proxies and Vulnerability Scanners Achilles OWASP Web Scarab Paros Proxy SPI Dynamics WebInspect Web Browser Web Server Edit Web Data URL Cookies Form Data Web Proxy

CIT 380: Securing Computer SystemsSlide #8 Achilles Proxy Screenshot

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.