Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Figure 9-3: Webserver and E-Commerce Security Importance of Webservice and E-Commerce Security  Cost of disruptions  The cost of loss of reputation.

Published byIsabella Shaw Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Figure 9-3: Webserver and E-Commerce Security Importance of Webservice and E-Commerce Security  Cost of disruptions  The cost of loss of reputation."— Presentation transcript:

1

2 1 Figure 9-3: Webserver and E-Commerce Security Importance of Webservice and E-Commerce Security  Cost of disruptions  The cost of loss of reputation and market capitalization  Cost of privacy violations  Links to internal corporate servers

3 2 Figure 9-3: Webserver and E-Commerce Security Importance of Webservice and E-Commerce Security  Customer fraud (including credit card fraud) Loss of revenues when product is not paid for Credit card company charge-back fees Must use external firm to check credit card numbers

4 3 Figure 9-3: Webserver and E-Commerce Security Webservers Versus E-Commerce Servers  Webservice provides basic user interactions Microsoft Internet Information Server (IIS) Apache on UNIX Other webserver programs

5 4 Figure 9-3: Webserver and E-Commerce Security Webservers Versus E-Commerce Servers  E-commerce servers add functionality: Order entry, shopping cart, payment, etc.  Custom programs written for special purposes

6 5 Figure 9-4: Webservice Versus E-Commerce Service E-Commerce Software Subsidiary E-Commerce Software Component (PHP, etc.) Custom Programs Webserver Software

7 6 Figure 9-3: Webserver and E-Commerce Security Some Webserver Attacks  Website defacement  Numerous IIS buffer overflow attacks, many of which take over the computer  IIS directory traversal attacks Normally, paths start at the WWW root directory Adding../ might take the attacker up a level, out of the WWW root box

8 7 Figure 9-3: Webserver and E-Commerce Security Some Webserver Attacks  IIS directory traversal attacks If traverse to command prompt directory in Windows 2000 or NT, can execute any command with system privileges Companies filter out / and \ Attackers respond with hexadecimal and UNICODE representations for / and \

9 8 Figure 9-3: Webserver and E-Commerce Security Some Webserver Attacks  Apache has problems, too

10 9 Figure 9-3: Webserver and E-Commerce Security Patching the Webserver and E-Commerce Software and Its Components  Patching the webserver software is not enough  Also must patch e-commerce software  E-commerce software might use third-party component software that must be patched

11 10 Figure 9-3: Webserver and E-Commerce Security Controlling Dynamic Webpage Development  Static versus dynamic webpages  For static webpages: GET /path/filename.extension HTTP / version  CGI to pass parameters to a program GET /path/programname.exe?variable1= “value”&variable2=“value”… Inefficient. Starts new copy of program with each request

12 11 Figure 9-3: Webserver and E-Commerce Security Controlling Dynamic Webpage Development  ASP is Microsoft’s server-side scripting language  ISAPI from Microsoft starts a.dll component Component continues to run; no need to start a new copy with each request  Controlling software development Programmer training in safe programming methods Auditing for security weaknesses

13 12 Figure 9-3: Webserver and E-Commerce Security Controlling Dynamic Webpage Development  Deployment Development servers: Developers must have wide privileges Staging servers: Only testers and systems administrators should have privileges Production servers: Only systems administrators should have privileges

14 13 Figure 9-3: Webserver and E-Commerce Security User Authentication  None: No burden on customer  Username and password provide some protection but may be given out without checking customer quality  IPsec and digital certificates: Expensive and difficult for customers  TLS with client digital certificates: Less expensive than IPsec but difficult for customers

Download ppt "1 Figure 9-3: Webserver and E-Commerce Security Importance of Webservice and E-Commerce Security  Cost of disruptions  The cost of loss of reputation."

Similar presentations

Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.

1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
DT211/3 Internet Application Development Active Server Pages & IIS Web server.

DT211/3 Internet Application Development Active Server Pages & IIS Web server.
Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.

Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
ASP Tutorial. What is ASP? ASP (Active Server Pages) is a Microsoft technology that enables you to make dynamic and interactive web pages. –ASP usually.

ASP Tutorial. What is ASP? ASP (Active Server Pages) is a Microsoft technology that enables you to make dynamic and interactive web pages. –ASP usually.
Web Server Hardware and Software

Web Server Hardware and Software
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.

INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.
1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.

1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.
Introduction To Windows NT ® Server And Internet Information Server.

Introduction To Windows NT ® Server And Internet Information Server.
Application Security Chapter 8 Copyright Pearson Prentice Hall 2013.

Application Security Chapter 8 Copyright Pearson Prentice Hall 2013.
Chapter 4 Application Security Knowledge and Test Prep

Chapter 4 Application Security Knowledge and Test Prep
Advanced Web 2012 Lecture 2 Sean Costain 2012. How the Web Works - Refresh Sean Costain 2012 The web is a matrix of servers that handle client requests.

Advanced Web 2012 Lecture 2 Sean Costain How the Web Works - Refresh Sean Costain 2012 The web is a matrix of servers that handle client requests.
Electronic Commerce Last Week Internet utility programs

Electronic Commerce Last Week Internet utility programs
Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense
TOPIC 1 – SERVER SIDE APPLICATIONS IFS 234 – SERVER SIDE APPLICATION DEVELOPMENT.

TOPIC 1 – SERVER SIDE APPLICATIONS IFS 234 – SERVER SIDE APPLICATION DEVELOPMENT.
 2000 Deitel & Associates, Inc. All rights reserved. Chapter 24 – Web Servers (PWS, IIS, Apache, Jigsaw) Outline 24.1Introduction 24.2Microsoft Personal.

 2000 Deitel & Associates, Inc. All rights reserved. Chapter 24 – Web Servers (PWS, IIS, Apache, Jigsaw) Outline 24.1Introduction 24.2Microsoft Personal.

Similar presentations

Ads by Google