Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS526Topic 9: Web Security (2)1 Information Security CS 526 Topic 9 Web Security Part 2.

Published byAntonia Spencer Modified over 9 years ago

Similar presentations

Presentation on theme: "CS526Topic 9: Web Security (2)1 Information Security CS 526 Topic 9 Web Security Part 2."— Presentation transcript:

1 CS526Topic 9: Web Security (2)1 Information Security CS 526 Topic 9 Web Security Part 2

2 CS526Topic 9: Web Security (2)2 Readings for This Lecture Optional Reading –Bandhakavi et al.: CANDID : Preventing SQL Injection Attacks Using Dynamic Candidate EvaluationsCANDID : Preventing SQL Injection Attacks Using Dynamic Candidate Evaluations –Chen et al.: Side-Channel Leaks in Web Applications: a Reality Today, a Challenge TomorrowSide-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow

3 Other Web Threats SQL Injection –See slides by Venkat Side channel leakages –See slides from MSR Web browsing privacy: third-party cookies CS526Topic 9: Web Security (2)3

4 Browser Cookie Management Cookie Same-origin ownership –Once a cookie is saved on your computer, only the Web site that created the cookie can read it. Variations –Temporary cookies Stored until you quit your browser –Persistent cookies Remain until deleted or expire –Third-party cookies Originates on or sent to a web site other than the one that provided the current page CS526Topic 9: Web Security (2)4

5 Third-party cookies Get a page from merchant.com –Contains –Image fetched from DoubleClick.com DoubleClick knows IP address and page you were looking at DoubleClick sends back a suitable advertisement –Stores a cookie that identifies "you" at DoubleClick Next time you get page with a doubleclick.com image –Your DoubleClick cookie is sent back to DoubleClick –DoubleClick could maintain the set of sites you viewed –Send back targeted advertising (and a new cookie) Cooperating sites –Can pass information to DoubleClick in URL, … CS526Topic 9: Web Security (2)5

6 Cookie issues Cookies maintain record of your browsing habits –Cookie stores information as set of name/value pairs –May include any information a web site knows about you –Sites track your activity from multiple visits to site Sites can share this information (e.g., DoubleClick) Browser attacks could invade your “privacy” CS526Topic 9: Web Security (2)6

7 CS526Topic 9: Web Security (2)7 Coming Attractions … Secure communication & key distribution

Download ppt "CS526Topic 9: Web Security (2)1 Information Security CS 526 Topic 9 Web Security Part 2."

Similar presentations

CookiesPHPMay-2007 : [‹#›] Maintaining State in PHP Part I - Cookies.

CookiesPHPMay-2007 : [‹#›] Maintaining State in PHP Part I - Cookies.
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Parameter Tampering. Attacking the Ecommerce Shopping Cart In the above image we see that a user who wants to purchase a Television visits an online Store.

Parameter Tampering. Attacking the Ecommerce Shopping Cart In the above image we see that a user who wants to purchase a Television visits an online Store.
CC3.12 Lecture 12 Erdal KOSE Based of Prof. Ziegler Lectures.

CC3.12 Lecture 12 Erdal KOSE Based of Prof. Ziegler Lectures.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?

6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
Servlets and a little bit of Web Services Russell Beale.

Servlets and a little bit of Web Services Russell Beale.
What are cookies? Cookies are text files stored on one’s computer after visiting a website Used for: -Storing information such as a unique visitor ID -Allowing.

What are cookies? Cookies are text files stored on one’s computer after visiting a website Used for: -Storing information such as a unique visitor ID -Allowing.
Internet Cookies: Changing Internet Use and Privacy Lindsay Maidment & Katherine Hollander November 8, 2006.

Internet Cookies: Changing Internet Use and Privacy Lindsay Maidment & Katherine Hollander November 8, 2006.
20/1/12.  Cookies are a useful way of storing information on the client’s computer  Initially feared, when they first appeared and were considered a.

20/1/12.  Cookies are a useful way of storing information on the client’s computer  Initially feared, when they first appeared and were considered a.
XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.

XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.
Amount of daily searches on Google 150 million searches per day from 100 different countries 150 million searches per day from 100 different countries.

Amount of daily searches on Google 150 million searches per day from 100 different countries 150 million searches per day from 100 different countries.
Chapter 10 Maintaining State Information Using Cookies.

Chapter 10 Maintaining State Information Using Cookies.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.

Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.
INLS 200 today’s line-up online privacy short video discussion questions from you? ethics cases? Ulrich’s Guide to Periodicals.

INLS 200 today’s line-up online privacy short video discussion questions from you? ethics cases? Ulrich’s Guide to Periodicals.
Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.

Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.
IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.

IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.
JavaScript, Fourth Edition

JavaScript, Fourth Edition
Working with Cookies Managing Data in a Web Site Using JavaScript Cookies* *Check and comply with the current legislation regarding handling cookies.

Working with Cookies Managing Data in a Web Site Using JavaScript Cookies* *Check and comply with the current legislation regarding handling cookies.

Similar presentations

Ads by Google