1. Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities

2. Client Browser Operating System Secondary Software Server Web Server Operating System Secondary Software Network Protocol Transport Vulnerabilities

3. Web Browsers Internet Explorer > 90% market share Mozilla Derivatives < 5% market share Operating Systems Windows > 90% market share Macintosh < 5% market share Linux < 1% market share Secondary Software Email clients Browser add-ons Types of Clients

4. HyperText Transfer Protocol (HTTP) versions 1.0, 1.1 stateless TCP/IP protocol cookies basic authentication features transfer encodings keep-alive, pipelining Secure Socket Layers (SSL) encrypts connections identity verified by server certificate certificate issued by certification authority Browser Protocol

5. HTML rendering HTML 1.0, 2.0, 3.2, 4.01, XHTML 1.0, 1.1 XML + XSL CSS 1.0, 2.0 Embedded Dynamic Features JavaScript, Java, ActiveX Media Players, other Plug-Ins Browser Content

6. Social engineering Spoofing Can exploit DNS, or look-alike URLs Embedding Weaknesses Java, ActiveX security policy Plug-in Security Policy Buffer overflows Can affect browser, OS, or add-on software Could be “remote root exploit” Client Vulnerabilities

7. Scripting Weaknesses JavaScript security policy Cross site scripting (XSS) Attacks Targeted towards personal info site Often exploits unfiltered user input (comment areas, forums, etc) Inject malicious scripts which can steal cookies/other info Client Vulnerabilities

8. Privacy Policies Cookies Usage tracking Browser control over advertising Content Filtering Privacy/Content

9. Estimated 35 million servers on the web Includes virtual hosts Apache Microsoft IIS* Sun ONE* Types of Servers © 2003, Netcraft *Business sites more likely using commercial servers

10. Linux, BSD variants Windows flavor-of-the-week Solaris, other high-end Unixes Operating Systems

11. Database Servers MySQL, SQL Server, Oracle, DB2 Web Applications Implementation platforms Scripting PHP, Perl, Python, ASP, JSP, XSP Java Frameworks J2EE, WebSphere, WebLogic, WebObjects Other Frameworks.NET Secondary Services

12. Exploitable Web Applications Source of many serious targeted exploits Invalidated Parameters Broken Access Control Session Hijacking Cross-Site Scripting Flaws Command Injection Flaws Error Handling Problems Insecure Use of Cryptography Remote Administration Flaws Web and Application Server Misconfiguration Server Vulnerabilities

13. Other attacks Denial of Service Remote Root Exploits Network Topology, Protocols Worms Limited ability to enforce acceptable use policies Server Vulnerabilities

14. IIS Vulnerability, worm deployed July, 2001 Distributed denial of service (DDOS) attack Worm Example Code Red

15. Internet uses TCP/IP, UDP Connected Networks Routers Domain Name Servers (DNS) Firewalls Virtual Private Networks (VPN) Proxy Servers Load Balancers Networks

16. Availability Attacks on key routers Attacks on DNS Confidentiality Sniffing clear-text traffic Network Vulnerabilities

17. W3 Consortium - http://w3c.org w3schools browser stats - http://www.w3schools.com/browsers/browsers_stats.asp Thawte - http://thawte.com Cross-site scripting FAQ - http://www.cgisecurity.com/articles/xss-faq.shtml Netcraft Web Server Survey - http://netcraft.co.uk/survey/ CERT - http://www.cert.org/ CAIDA Analysis of Code Red - http://www.caida.org/analysis/security/code-red/ OWASP Top 10 Vulnerabilities - http://www.serverwatch.com/news/article.php/1568761 Personal experience, 3+ years at: MacFixIt.com MacCentral.com VersionTracker.com Bibliography