Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security concerns of web applications with database access

Published byJúlio Oliveira Martins Modified over 6 years ago

Similar presentations

Presentation on theme: "Security concerns of web applications with database access"— Presentation transcript:

1 Security concerns of web applications with database access
By Oscar Rivera Fall 2008

2 SSL/TSL Secure layer over the internet Use Digital Certificates
Trust in the companies Man in the middle attacks

3 3 Tier architecture Protect DBMS from outside users Code division
Scalability

4 Logging in Brute force attacks Images Additional personal information

5 Database users Level of access Groups of users
Security for the database Guest user

6 SQL Injection Search = query Intruders get access to the database
Check the validity of the values on the web site Regular expressions .*\.txt$.

7 Triggers Specification for execution of a function when the database is accessed Execution authorization Re-check the validity of values

8 Uses Various levels of logs Logs on Databases
Find responsible people after an attack Recover from disaster Various levels of logs

9 Cookies Text files Store preferences and user’s information Plain text
Broadcast every request

10 Sending data from web forms
GET/POST When use POST? When use GET?

11 Sessions Table per user Dynamic size Time of duration

12 Status Bar When in frames When with JavaScript When GET-type links
Using Document Object Model

Download ppt "Security concerns of web applications with database access"

Similar presentations

Past, Present and Future By Eoin Keary and Jim Manico

Past, Present and Future By Eoin Keary and Jim Manico
COMP 321 Week 12. Overview Web Application Security  Authentication  Authorization  Confidentiality Cross-Site Scripting Lab 12-1 Introduction.

COMP 321 Week 12. Overview Web Application Security  Authentication  Authorization  Confidentiality Cross-Site Scripting Lab 12-1 Introduction.
Online Security Tuesday April 8, 2003 Maxence Crossley.

Online Security Tuesday April 8, 2003 Maxence Crossley.
An Overview of Database Access on the Web An Overview of Database Access on the Web Using ASP and Microsoft Database Technology Sheffield Hallam University.

An Overview of Database Access on the Web An Overview of Database Access on the Web Using ASP and Microsoft Database Technology Sheffield Hallam University.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.

INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.
Database Connectivity Rose-Hulman Institute of Technology Curt Clifton.

Database Connectivity Rose-Hulman Institute of Technology Curt Clifton.
Building Enterprise Information Portal using Oracle Portal 3

Building Enterprise Information Portal using Oracle Portal 3
Multiple Tiers in Action

Multiple Tiers in Action
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Chapter 4 Application Security Knowledge and Test Prep

Chapter 4 Application Security Knowledge and Test Prep
Security in SQL Jon Holmes CIS 407 Fall 2007. Outline Surface Area Connection Strings Authenticating Permissions Data Storage Injections.

Security in SQL Jon Holmes CIS 407 Fall Outline Surface Area Connection Strings Authenticating Permissions Data Storage Injections.
CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?

CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?
Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software

Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software
11 CONFIGURE INTERNET EXPLORER Chapter 5. Chapter 5: Configure Internet Explorer2 CHAPTER OVERVIEW AND OBJECTIVES  Configuring Accessibility and Language.

11 CONFIGURE INTERNET EXPLORER Chapter 5. Chapter 5: Configure Internet Explorer2 CHAPTER OVERVIEW AND OBJECTIVES  Configuring Accessibility and Language.
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Web-based Document Management System By Group 3 Xinyi Dong Matthew Downs Joshua Ferguson Sriram Gopinath Sayan Kole.

Web-based Document Management System By Group 3 Xinyi Dong Matthew Downs Joshua Ferguson Sriram Gopinath Sayan Kole.
Prevent Cross-Site Scripting (XSS) attack

Prevent Cross-Site Scripting (XSS) attack
WEB SECURITY WEEK 3 Computer Security Group University of Texas at Dallas.

WEB SECURITY WEEK 3 Computer Security Group University of Texas at Dallas.
Server-side Scripting Powering the webs favourite services.

Server-side Scripting Powering the webs favourite services.

Similar presentations

Ads by Google