Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security CS 526 Topic 9

Published byΆφροδίτη Δασκαλοπούλου Modified over 5 years ago

Similar presentations

Presentation on theme: "Information Security CS 526 Topic 9"— Presentation transcript:

1 Information Security CS 526 Topic 9
Web Security Part 2 CS526 Topic 12: Web Security (2)

2 Readings for This Lecture
Optional Reading Bandhakavi et al.: CANDID : Preventing SQL Injection Attacks Using Dynamic Candidate Evaluations Chen et al.: Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow CS526 Topic 12: Web Security (2)

3 Other Web Threats SQL Injection Side channel leakages
See slides by Venkat Side channel leakages See slides from MSR Web browsing privacy: third-party cookies CS526 Topic 12: Web Security (2)

4 Browser Cookie Management
Cookie Same-origin ownership Once a cookie is saved on your computer, only the Web site that created the cookie can read it. Variations Temporary cookies Stored until you quit your browser Persistent cookies Remain until deleted or expire Third-party cookies Originates on or sent to a web site other than the one that provided the current page CS526 Topic 12: Web Security (2)

5 Third-party cookies Get a page from merchant.com
Contains <img src= Image fetched from DoubleClick.com DoubleClick knows IP address and page you were looking at DoubleClick sends back a suitable advertisement Stores a cookie that identifies "you" at DoubleClick Next time you get page with a doubleclick.com image Your DoubleClick cookie is sent back to DoubleClick DoubleClick could maintain the set of sites you viewed Send back targeted advertising (and a new cookie) Cooperating sites Can pass information to DoubleClick in URL, … CS526 Topic 12: Web Security (2)

6 Cookie issues Cookies maintain record of your browsing habits
Cookie stores information as set of name/value pairs May include any information a web site knows about you Sites track your activity from multiple visits to site Sites can share this information (e.g., DoubleClick) Browser attacks could invade your “privacy” CS526 Topic 12: Web Security (2)

7 Coming Attractions … Malware defenses CS526 Topic 12: Web Security (2)

Download ppt "Information Security CS 526 Topic 9"

Similar presentations

Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.

Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.
CookiesPHPMay-2007 : [‹#›] Maintaining State in PHP Part I - Cookies.

CookiesPHPMay-2007 : [‹#›] Maintaining State in PHP Part I - Cookies.
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Parameter Tampering. Attacking the Ecommerce Shopping Cart In the above image we see that a user who wants to purchase a Television visits an online Store.

Parameter Tampering. Attacking the Ecommerce Shopping Cart In the above image we see that a user who wants to purchase a Television visits an online Store.
CC3.12 Lecture 12 Erdal KOSE Based of Prof. Ziegler Lectures.

CC3.12 Lecture 12 Erdal KOSE Based of Prof. Ziegler Lectures.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?

6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
Servlets and a little bit of Web Services Russell Beale.

Servlets and a little bit of Web Services Russell Beale.
What are cookies? Cookies are text files stored on one’s computer after visiting a website Used for: -Storing information such as a unique visitor ID -Allowing.

What are cookies? Cookies are text files stored on one’s computer after visiting a website Used for: -Storing information such as a unique visitor ID -Allowing.
Internet Cookies: Changing Internet Use and Privacy Lindsay Maidment & Katherine Hollander November 8, 2006.

Internet Cookies: Changing Internet Use and Privacy Lindsay Maidment & Katherine Hollander November 8, 2006.
20/1/12.  Cookies are a useful way of storing information on the client’s computer  Initially feared, when they first appeared and were considered a.

20/1/12.  Cookies are a useful way of storing information on the client’s computer  Initially feared, when they first appeared and were considered a.
Amount of daily searches on Google 150 million searches per day from 100 different countries 150 million searches per day from 100 different countries.

Amount of daily searches on Google 150 million searches per day from 100 different countries 150 million searches per day from 100 different countries.
CS526Topic 9: Web Security (2)1 Information Security CS 526 Topic 9 Web Security Part 2.

CS526Topic 9: Web Security (2)1 Information Security CS 526 Topic 9 Web Security Part 2.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.

Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
By: Mr Hashem Alaidaros MKT 445 Lecture 3 Title: Affiliate Marketing.

By: Mr Hashem Alaidaros MKT 445 Lecture 3 Title: Affiliate Marketing.
 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.
INLS 200 today’s line-up online privacy short video discussion questions from you? ethics cases? Ulrich’s Guide to Periodicals.

INLS 200 today’s line-up online privacy short video discussion questions from you? ethics cases? Ulrich’s Guide to Periodicals.
IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.

IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.
INTERNET PRIVACY Marketing companies www.doubleclick.net The cookie leak security hole in the HTML Email messages The Web Bug Can we trust the privacy.

INTERNET PRIVACY Marketing companies The cookie leak security hole in the HTML messages The Web Bug Can we trust the privacy.
JavaScript, Fourth Edition

JavaScript, Fourth Edition

Similar presentations

Ads by Google