Presentation is loading. Please wait.

Presentation is loading. Please wait.

Team - CA CSCI 5234 Web Security.  Collect and document information of ecommerce security mechanisms.  Using: wiki engine for collaboration.

Published byAbner Lamb Modified over 9 years ago

Similar presentations

Presentation on theme: "Team - CA CSCI 5234 Web Security.  Collect and document information of ecommerce security mechanisms.  Using: wiki engine for collaboration."— Presentation transcript:

1 Team - CA CSCI 5234 Web Security

2  Collect and document information of ecommerce security mechanisms.  Using: wiki engine for collaboration

3

4 Conceptual Design

5 Detailed Design

6 Security Measures Included  HTTPS – Authenticate server to the client Demo - SSL certificate invocation  Database Firewall – Port management rules limit vulnerability of direct attack on database Illustrate – rules and ports  Database SSH – Secure tunnel between the application and the database Demo – SSH tunnel creation

7 Security Measures  Application Security – user access, database information hiding, cookie and session timeouts  Cross Side Scripting – Disable unused features on the wiki. Limit access to the scripting variables. E.g $wguseFilesCss  Hide database information – put the database information on a separate file, then include it during runtime. require_once (“c:\mysql_info.php”); $db_name=”wikidb”;

8 Statistics and Ranking  Implement ranking using extensions  Add the extensions to the./extensions folder.  Call the extension at runtime using require_once() function  Contributions.php  ContributionsScore.php  Ranking can be based on the number of edits or the volume contained in each edit a user posts to the wiki.

9

Download ppt "Team - CA CSCI 5234 Web Security.  Collect and document information of ecommerce security mechanisms.  Using: wiki engine for collaboration."

Similar presentations

The OWASP Foundation Web Application Security Host Apps Firewall Host Apps Database Host Web serverApp serverDB server Securing the.

The OWASP Foundation Web Application Security Host Apps Firewall Host Apps Database Host Web serverApp serverDB server Securing the.
HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
File Server Organization and Best Practices IT Partners June, 02, 2010.

File Server Organization and Best Practices IT Partners June, 02, 2010.
Introduction to PHP MIS 3501, Fall 2014 Jeremy Shafer

Introduction to PHP MIS 3501, Fall 2014 Jeremy Shafer
Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)

Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.

Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.
Chapter 4 Application Security Knowledge and Test Prep

Chapter 4 Application Security Knowledge and Test Prep
Chapter 6 Security & Privacy Web servers continue to be attractive target for hacker for variety of reasons –Most easy target –Personal satisfaction –Political.

Chapter 6 Security & Privacy Web servers continue to be attractive target for hacker for variety of reasons –Most easy target –Personal satisfaction –Political.
July 16 th, 2005 Software Architecture in Practice RiSE’s Seminars Bass’s at all Book :: Chapters 13 Fred Durão.

July 16 th, 2005 Software Architecture in Practice RiSE’s Seminars Bass’s at all Book :: Chapters 13 Fred Durão.
Move your Data Anywhere: Getting Data to and From Diverse Systems Presenter: Win Worrall Senior Applications Engineer.

Move your Data Anywhere: Getting Data to and From Diverse Systems Presenter: Win Worrall Senior Applications Engineer.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.

4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.
Martin Kruliš 2. 4. 2015 by Martin Kruliš (v1.0)1.

Martin Kruliš by Martin Kruliš (v1.0)1.
CMPS 435 F08 These slides are designed to accompany Web Engineering: A Practitioner’s Approach (McGraw-Hill 2008) by Roger Pressman and David Lowe, copyright.

CMPS 435 F08 These slides are designed to accompany Web Engineering: A Practitioner’s Approach (McGraw-Hill 2008) by Roger Pressman and David Lowe, copyright.
Www.netfort.com NetFort Customer Webinar Getting back to basics – Using LANGuardian Aisling Brennan 26 th Feb 2015.

NetFort Customer Webinar Getting back to basics – Using LANGuardian Aisling Brennan 26 th Feb 2015.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
Securing Large Applications CSCI 5931 Web Security Rungang Mo, Yingying Sun.

Securing Large Applications CSCI 5931 Web Security Rungang Mo, Yingying Sun.
1 Dr. Markus Hillenbrand, ICSY Lab, University of Kaiserslautern, Germany A Generic Database Web Service for the Venice Service Grid Michael Koch, Markus.

1 Dr. Markus Hillenbrand, ICSY Lab, University of Kaiserslautern, Germany A Generic Database Web Service for the Venice Service Grid Michael Koch, Markus.

Similar presentations

Ads by Google