Presentation is loading. Please wait.

Presentation is loading. Please wait.

Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)

Published byMildred Atkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)"— Presentation transcript:

1 csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)

2 csci5931 Web Security2 A Hacked E-commerce Site  A security officer’s nightmare!  Users’ passwords got stolen!  Customers’ credit card numbers were exposed.  Merchandize were purchased on line using the stolen credit cards.  The company’s reputation was ruined.  The CIO or security officer’s job is at stake.  …

3 csci5931 Web Security3 Case Study: A Forensic Log  page 2 of the MSS book:  Five groups of log entries (a, b, …, f)  The company’s firewall was configured to prevent any traffic but HTTP traffic via port 80 (HTTP) and port 443 (SSL).  The intruder exploited a vulnerability in the index.cgi script to list the content of the system password file.  Q: What vulnerability was exploited?

4 csci5931 Web Security4 Analysis of the Hacking Incident  pages 2 to 9  What knowledge and skills does a “successful” hacker need to possess?  Understanding of Web server operation, scripting language used, activation mechanisms  Understanding of operating system commands  Lots of patience and some luck  Anything missing from the list?

5 csci5931 Web Security5 Can the Incident Have Been Prevented?  Yes. There exist “stronger” security technology to counter the potential attacks. Examples?  Elimination of source code exposure  Set-up of a DMZ  Enforcement of access control list  The “least privilege” rule  …  See an overview of common solutions in GS Chapter 1.

6 csci5931 Web Security6 Lessons Learned from the Case Study  A firewall does not guarantee a secure e-commerce site. Why?  Security auditing has its limits. Why?  Strong password protection may not be enough. Why?  The bottom line: The secure operation of a web site requires a mixture of protection mechanisms, each taking care of one of the many components and links in a N-tier web-based application and all together deliver a secure web site.

7 csci5931 Web Security7 Next  Review of the N-tier web based applications  Review of cryptography  Java security model

Download ppt "Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)"

Similar presentations

Zenith Visa Web Acquiring A quick over view. Web Acquiring Allows merchants to receive payments for goods and services through the Internet Allows customers.

Zenith Visa Web Acquiring A quick over view. Web Acquiring Allows merchants to receive payments for goods and services through the Internet Allows customers.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.

1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Hacking Case Study Sungchul Hong. Acme Art, Inc. Case October 31, 2001 www.acme-art.com A hacker stole credit card numbers from the online store’s database.

Hacking Case Study Sungchul Hong. Acme Art, Inc. Case October 31, A hacker stole credit card numbers from the online store’s database.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
EECS 598-2 Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
Uniqueness of user names is enforced Customer information logged to database Require contact information as well as email address Email address will.

Uniqueness of user names is enforced Customer information logged to database Require contact information as well as address address will.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Instructions for Weds. Jan. 10 1.Get your Century 21 Jr. textbook 2.Log in to the computers 3.On page 80, read the Objectives listed under “Lesson 13:

Instructions for Weds. Jan Get your Century 21 Jr. textbook 2.Log in to the computers 3.On page 80, read the Objectives listed under “Lesson 13:
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Similar presentations

Ads by Google