Presentation is loading. Please wait.

Presentation is loading. Please wait.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Published byClare Bradley Modified over 9 years ago

Similar presentations

Presentation on theme: "Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,"— Presentation transcript:

1 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Web Components Chapter 17

2 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Objectives Describe the functioning of the SSL/TLS protocol suite. Explain web applications, plug-ins, and associated security issues. Describe secure file transfer options. Explain directory usage for data retrieval. Explain scripting and other Internet functions that present security concerns. Use cookies to maintain parameters between web pages. Examine web-based application security issues.

3 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Key Terms Active Server Pages (ASP) ActiveX ASP.NET Buffer overflow Code signing Common Gateway Interface (CGI) JAVA vulnerabilities

4 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Key Terms (continued) Cookies File Transfer Protocol (FTP) Hypertext Markup Language (HTML) Internet Engineering Task Force (IETF) Java JavaScript

5 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Key Terms for Security+ Exam 4.1 Application Security –Fuzzing –Cross-site scripting –Input and field validation 3.5 Application attacks –SQL injection –Buffer overflow –Zero day –Cookies a security risk? (ever cookie)

6 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Current Web Components and Concerns Security concerns can be grouped into three main tasks: Securing a server that delivers content to users over the Web. Securing the transport of information between users and servers over the Web. Securing the user’s computer from attack over a web connection.

7 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Encryption (SSL and TLS) Secure Sockets Layer (SSL) is a general-purpose protocol developed by Netscape for managing the encryption of information being transmitted over the Internet. Transport Layer Security (TLS) SSL and TLS are essentially the same, although not interchangeable. Cryptographic methods are an ever-evolving field, and because both parties must agree on an implementation method, SSL/TLS has embraced an open, extensible, and adaptable method to allow flexibility and strength.

8 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Encryption (SSL and TLS) Firefox SSL Cipher Options

9 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition SSL/TLS Handshake

10 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Firefox Certificate Options

11 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Firefox Certificate Store

12 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition The Web (HTTP and HTTPS) HTTP is used for the transfer of hyperlinked data over the Internet, from web servers to browsers. When a secure connection is needed, SSL/TLS is used and appears in the address as https://.

13 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition The Web (HTTP and HTTPS) ( continued) High-assurance notification in IE 7 High-assurance notification in Firefox

14 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition File Transfer (FTP and SFTP) FTP is a standard network protocol used to exchange and manipulate files over a TCP/IP based network. Secure FTP (SFTP) is used when confidential transfer is required and combines both the Secure Shell (SSH) protocol and FTP.

15 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Buffer Overflows The buffer overflow vulnerability is a result of poor coding practices on the part of software programmers. This occurs when an application can accept more input than it has assigned storage space, and the input data overwrites other program areas.

16 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Java Java is a computer language invented by Sun Microsystems as an alternative to Microsoft’s development languages (owned by Oracle now). Designed to be platform-independent Java offered a low learning curve and a way of implementing programs across an enterprise. Although platform independence never fully materialized, Java has found itself to be a leader in object-oriented programming languages. Java can still perform malicious activities, and the fact that many users falsely believe it is safe increases its usefulness for attackers.

17 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition JavaScript JavaScript is a scripting language developed to be operated within a browser instance. The primary purpose is to enable features such as validation of forms. Enterprising programmers found many other uses for JavaScript, such as manipulating the browser history files, now prohibited by design. JavaScript actually runs within the browser, and the code is executed by the browser itself. This has led to compatibility problems.

18 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition CGI & Server-Side Scripts Common Gateway Interface (CGI) is a method for having a web server execute a program outside the web server process, yet on the same server. Server-side scripting allows programs to be run outside the web server and to return data to the web server to be served to end users via a web page. This is replacing CGI.

19 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Cookies Cookies are small chunks of ASCII text passed within an HTTP stream to store data temporarily in a web browser instance. It a series of name-value pairs that is stored in memory during a browser instance. –Expires –Domain –Path –Secure

20 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Chapter Summary Describe the functioning of the SSL/TLS protocol suite. Explain web applications, plug-ins, and associated security issues. Describe secure file transfer options. Explain directory usage for data retrieval. Explain scripting and other Internet functions that present security concerns. Use cookies to maintain parameters between web pages. Examine web-based application security issues.

Download ppt "Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,"

Similar presentations

Overview Environment for Internet database connectivity

Overview Environment for Internet database connectivity
PowerPoint presentation of first 25 pages of instructional manual Edith Fabiyi Essentials of Internet Access.

PowerPoint presentation of first 25 pages of instructional manual Edith Fabiyi Essentials of Internet Access.
Lecture plan Information retrieval (from week 11)

Lecture plan Information retrieval (from week 11)
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
Internet Security Protocols

Internet Security Protocols
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Lesson 17-Web Components. Background  The World Wide Web was invented in 1990 by Tim Berners- Lee to give physicists a convenient method of exchanging.

Lesson 17-Web Components. Background  The World Wide Web was invented in 1990 by Tim Berners- Lee to give physicists a convenient method of exchanging.
IIS Technologies.

IIS Technologies.
© 2010, Robert K. Moniot Chapter 1 Introduction to Computers and the Internet 1.

© 2010, Robert K. Moniot Chapter 1 Introduction to Computers and the Internet 1.
15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.

15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.
INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.

INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.
Introduction to Web Database Processing

Introduction to Web Database Processing
Kashif Jalal CA-240 (072) Web Development Using ASP.NET CA – 240 Kashif Jalal Welcome to week – 2 of…

Kashif Jalal CA-240 (072) Web Development Using ASP.NET CA – 240 Kashif Jalal Welcome to week – 2 of…
Outline IS400: Development of Business Applications on the Internet Fall 2004 Instructor: Dr. Boris Jukic Server Side Web Technologies: Part 2.

Outline IS400: Development of Business Applications on the Internet Fall 2004 Instructor: Dr. Boris Jukic Server Side Web Technologies: Part 2.
INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.

INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.
Introduction to Web Interface Technology (CSE2030)

Introduction to Web Interface Technology (CSE2030)
Introduction to Web Based Application. Web-based application TCP/IP (HTTP) protocol Using WWW technology & software Distributed environment.

Introduction to Web Based Application. Web-based application TCP/IP (HTTP) protocol Using WWW technology & software Distributed environment.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
WWW and Internet The Internet Creation of the Web Languages for document description Active web pages.

WWW and Internet The Internet Creation of the Web Languages for document description Active web pages.

Similar presentations

Ads by Google