Submit Search
Upload
Information Security Lesson 6 - Web Security - Eric Vanderburg
•
Download as PPT, PDF
•
1 like
•
676 views
Eric Vanderburg
Follow
Information Security Lesson 6 - Web Security - Eric Vanderburg
Read less
Read more
Technology
Report
Share
Report
Share
1 of 20
Download now
Recommended
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless Networks
Sam Bowne
Echoworx Encryption Delivery Methods
Echoworx Encryption Delivery Methods
Echoworx
Ch08 Authentication
Ch08 Authentication
Information Technology
Android Firewall project
Android Firewall project
Karunakar Singh Thakur
Fortinet FortiGate 100D
Fortinet FortiGate 100D
Hoai Duyen
gkkSecurity essentials domain 2
gkkSecurity essentials domain 2
Anne Starr
Network security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018
Mohammad Fareed
Recommended
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless Networks
Sam Bowne
Echoworx Encryption Delivery Methods
Echoworx Encryption Delivery Methods
Echoworx
Ch08 Authentication
Ch08 Authentication
Information Technology
Android Firewall project
Android Firewall project
Karunakar Singh Thakur
Fortinet FortiGate 100D
Fortinet FortiGate 100D
Hoai Duyen
gkkSecurity essentials domain 2
gkkSecurity essentials domain 2
Anne Starr
Network security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018
Mohammad Fareed
Wireless Network Security
Wireless Network Security
Gyana Ranjana
Wireless Networking Security
Wireless Networking Security
Anshuman Biswal
NTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New World
North Texas Chapter of the ISSA
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Sachintha Gunasena
Fortinet av
Fortinet av
Lan & Wan Solutions
The Post Covid-19 Cybersecurity World - Where Is It Headed?
The Post Covid-19 Cybersecurity World - Where Is It Headed?
Bangladesh Network Operators Group
Ch06 Wireless Network Security
Ch06 Wireless Network Security
Information Technology
Wireless network security
Wireless network security
Aurobindo Nayak
Application layer Security in IoT: A Survey
Application layer Security in IoT: A Survey
Adeel Ahmed
Network Security Tools
Network Security Tools
Emanuela Boroș
Fortigate Training
Fortigate Training
NCS Computech Ltd.
LAN Security
LAN Security
Syed Ubaid Ali Jafri
Wifi
Wifi
TheSmit Chheda
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
Rishabh Gupta
Firewall Design and Implementation
Firewall Design and Implementation
ajeet singh
Wireless security using wpa2
Wireless security using wpa2
Tushar Anand
Network defenses
Network defenses
G Prachi
Flak+technologies
Flak+technologies
Tatyana Kobets
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
Belsoft
Security standard
Security standard
lyndyv
Security of the database
Security of the database
Pratik Tamgadge
Information security presentation
Information security presentation
HK IT solutions... unlimited...
More Related Content
What's hot
Wireless Network Security
Wireless Network Security
Gyana Ranjana
Wireless Networking Security
Wireless Networking Security
Anshuman Biswal
NTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New World
North Texas Chapter of the ISSA
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Sachintha Gunasena
Fortinet av
Fortinet av
Lan & Wan Solutions
The Post Covid-19 Cybersecurity World - Where Is It Headed?
The Post Covid-19 Cybersecurity World - Where Is It Headed?
Bangladesh Network Operators Group
Ch06 Wireless Network Security
Ch06 Wireless Network Security
Information Technology
Wireless network security
Wireless network security
Aurobindo Nayak
Application layer Security in IoT: A Survey
Application layer Security in IoT: A Survey
Adeel Ahmed
Network Security Tools
Network Security Tools
Emanuela Boroș
Fortigate Training
Fortigate Training
NCS Computech Ltd.
LAN Security
LAN Security
Syed Ubaid Ali Jafri
Wifi
Wifi
TheSmit Chheda
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
Rishabh Gupta
Firewall Design and Implementation
Firewall Design and Implementation
ajeet singh
Wireless security using wpa2
Wireless security using wpa2
Tushar Anand
Network defenses
Network defenses
G Prachi
Flak+technologies
Flak+technologies
Tatyana Kobets
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
Belsoft
Security standard
Security standard
lyndyv
What's hot
(20)
Wireless Network Security
Wireless Network Security
Wireless Networking Security
Wireless Networking Security
NTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New World
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Fortinet av
Fortinet av
The Post Covid-19 Cybersecurity World - Where Is It Headed?
The Post Covid-19 Cybersecurity World - Where Is It Headed?
Ch06 Wireless Network Security
Ch06 Wireless Network Security
Wireless network security
Wireless network security
Application layer Security in IoT: A Survey
Application layer Security in IoT: A Survey
Network Security Tools
Network Security Tools
Fortigate Training
Fortigate Training
LAN Security
LAN Security
Wifi
Wifi
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
Firewall Design and Implementation
Firewall Design and Implementation
Wireless security using wpa2
Wireless security using wpa2
Network defenses
Network defenses
Flak+technologies
Flak+technologies
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
Security standard
Security standard
Viewers also liked
Security of the database
Security of the database
Pratik Tamgadge
Information security presentation
Information security presentation
HK IT solutions... unlimited...
نظام إدارة مؤسسات تعليم القران
نظام إدارة مؤسسات تعليم القران
Trans Gulf information technology
Rfid tech for library | تحديد الهوية بموجات الراديو
Rfid tech for library | تحديد الهوية بموجات الراديو
Trans Gulf information technology
SSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath Control
Mike Thompson
محاولة تأريخ لعلم الأجرام عبر الأنترنت
محاولة تأريخ لعلم الأجرام عبر الأنترنت
الهيئة الوطنية لأمن وسلامة المعلومات
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
Mohammed Almeshekah
حجية الدليل الرقمي وموقع المشروع اليبي
حجية الدليل الرقمي وموقع المشروع اليبي
الهيئة الوطنية لأمن وسلامة المعلومات
Truth and Consequences
Truth and Consequences
Mohammed Almeshekah
منهجية قانون الانترنيت
منهجية قانون الانترنيت
الهيئة الوطنية لأمن وسلامة المعلومات
نظام إدارة المؤسسات التدربية التعليمية
نظام إدارة المؤسسات التدربية التعليمية
Trans Gulf information technology
قضايا معرفية في الأمن السبراني
قضايا معرفية في الأمن السبراني
الهيئة الوطنية لأمن وسلامة المعلومات
امن الشبكات المخاطر والحلول
امن الشبكات المخاطر والحلول
abayazed
Managing System Security
Managing System Security
PIREH
العرض المرئي عن الشركة عبر الخليج لتقنية المعلومات
العرض المرئي عن الشركة عبر الخليج لتقنية المعلومات
Trans Gulf information technology
افاق المعرفة- نظام ادارة المكتبات
افاق المعرفة- نظام ادارة المكتبات
Trans Gulf information technology
مسودة مشروع قانون المعاملات الالكترونية الليبي
مسودة مشروع قانون المعاملات الالكترونية الليبي
الهيئة الوطنية لأمن وسلامة المعلومات
إختبارات في أمن المعلومات It security
إختبارات في أمن المعلومات It security
Sherief Elmetwali
شبكات و أمن المعلومات 1
شبكات و أمن المعلومات 1
emad tawfeek
أساسيات أمن المعلومات
أساسيات أمن المعلومات
Mohammed Almeshekah
Viewers also liked
(20)
Security of the database
Security of the database
Information security presentation
Information security presentation
نظام إدارة مؤسسات تعليم القران
نظام إدارة مؤسسات تعليم القران
Rfid tech for library | تحديد الهوية بموجات الراديو
Rfid tech for library | تحديد الهوية بموجات الراديو
SSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath Control
محاولة تأريخ لعلم الأجرام عبر الأنترنت
محاولة تأريخ لعلم الأجرام عبر الأنترنت
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
حجية الدليل الرقمي وموقع المشروع اليبي
حجية الدليل الرقمي وموقع المشروع اليبي
Truth and Consequences
Truth and Consequences
منهجية قانون الانترنيت
منهجية قانون الانترنيت
نظام إدارة المؤسسات التدربية التعليمية
نظام إدارة المؤسسات التدربية التعليمية
قضايا معرفية في الأمن السبراني
قضايا معرفية في الأمن السبراني
امن الشبكات المخاطر والحلول
امن الشبكات المخاطر والحلول
Managing System Security
Managing System Security
العرض المرئي عن الشركة عبر الخليج لتقنية المعلومات
العرض المرئي عن الشركة عبر الخليج لتقنية المعلومات
افاق المعرفة- نظام ادارة المكتبات
افاق المعرفة- نظام ادارة المكتبات
مسودة مشروع قانون المعاملات الالكترونية الليبي
مسودة مشروع قانون المعاملات الالكترونية الليبي
إختبارات في أمن المعلومات It security
إختبارات في أمن المعلومات It security
شبكات و أمن المعلومات 1
شبكات و أمن المعلومات 1
أساسيات أمن المعلومات
أساسيات أمن المعلومات
Similar to Information Security Lesson 6 - Web Security - Eric Vanderburg
Security - ch5.ppt
Security - ch5.ppt
HabtamuHaileMichael2
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Eric Vanderburg
Minimizing Information Transparency
Minimizing Information Transparency
Usman Arshad
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Honeywell
Network security and protocols
Network security and protocols
Online
6 security
6 security
valency paul
SECURITY PROTOCOLS.ppt
SECURITY PROTOCOLS.ppt
DimpyJindal4
Unit08
Unit08
Nurul Nadirah
How to stay protected against ransomware
How to stay protected against ransomware
Sophos Benelux
Web Security
Web Security
Dr.Florence Dayana
How to write secure code
How to write secure code
Flaskdata.io
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
Eric Vanderburg
Chapter 2 System Security.pptx
Chapter 2 System Security.pptx
RushikeshChikane2
Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric Vanderburg
Eric Vanderburg
Secure email gate way
Secure email gate way
vfmindia
Information Security Lesson 7 - Remote Access - Eric Vanderburg
Information Security Lesson 7 - Remote Access - Eric Vanderburg
Eric Vanderburg
Flak+technologies
Flak+technologies
Tatyana Kobets
Case study about voip
Case study about voip
elmudthir
DDS Secure Intro
DDS Secure Intro
John Breitenbach
Secrity project keyvan
Secrity project keyvan
itrraincity
Similar to Information Security Lesson 6 - Web Security - Eric Vanderburg
(20)
Security - ch5.ppt
Security - ch5.ppt
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Minimizing Information Transparency
Minimizing Information Transparency
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Network security and protocols
Network security and protocols
6 security
6 security
SECURITY PROTOCOLS.ppt
SECURITY PROTOCOLS.ppt
Unit08
Unit08
How to stay protected against ransomware
How to stay protected against ransomware
Web Security
Web Security
How to write secure code
How to write secure code
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
Chapter 2 System Security.pptx
Chapter 2 System Security.pptx
Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric Vanderburg
Secure email gate way
Secure email gate way
Information Security Lesson 7 - Remote Access - Eric Vanderburg
Information Security Lesson 7 - Remote Access - Eric Vanderburg
Flak+technologies
Flak+technologies
Case study about voip
Case study about voip
DDS Secure Intro
DDS Secure Intro
Secrity project keyvan
Secrity project keyvan
More from Eric Vanderburg
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
Eric Vanderburg
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Eric Vanderburg
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Eric Vanderburg
Mobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
Eric Vanderburg
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Eric Vanderburg
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
Eric Vanderburg
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
Eric Vanderburg
Principles of technology management
Principles of technology management
Eric Vanderburg
Japanese railway technology
Japanese railway technology
Eric Vanderburg
Evaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
Eric Vanderburg
Japanese current and future technology management challenges
Japanese current and future technology management challenges
Eric Vanderburg
Technology management in Japan: Robotics
Technology management in Japan: Robotics
Eric Vanderburg
Incident response table top exercises
Incident response table top exercises
Eric Vanderburg
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
Eric Vanderburg
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
Eric Vanderburg
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Eric Vanderburg
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
Eric Vanderburg
More from Eric Vanderburg
(20)
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Mobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
Principles of technology management
Principles of technology management
Japanese railway technology
Japanese railway technology
Evaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
Japanese current and future technology management challenges
Japanese current and future technology management challenges
Technology management in Japan: Robotics
Technology management in Japan: Robotics
Incident response table top exercises
Incident response table top exercises
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
Recently uploaded
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Florian Wilhelm
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Dubai Multi Commodity Centre
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
Lars Bell
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Zilliz
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
charlottematthew16
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Dilum Bandara
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Fwdays
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Manik S Magar
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
NavinnSomaal
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Fwdays
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Rizwan Syed
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
charlottematthew16
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
LoriGlavin3
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
UiPathCommunity
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Enterprise Knowledge
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
2toLead Limited
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
Pixlogix Infotech
Recently uploaded
(20)
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
Information Security Lesson 6 - Web Security - Eric Vanderburg
1.
Information Security Chapter 6 Web
Security Information Security © 2006 Eric Vanderburg
2.
Reasons for software
vulnerability • Large amount of code – Windows 2000 – 20 million lines – Windows XP – 40 million lines – Linux – 55 million lines • Extensibility – Ex: Firefox plug-ins – Drivers (use signed drivers) • Wired (connectivity) – More internet enabled applications which may not be secure. (weather, stocks, media player) Information Security © 2006 Eric Vanderburg
3.
An email message 1.
sender@source.com uses a client to create a message for receiver@destination.com 2. Client connects to mail.source.com SMTP server on port 25 and forwards the message. 3. SMTP server compares the source and destination domain names. If they are the same, the message goes to the POP3 server for source.com via the delivery agent. Information Security © 2006 Eric Vanderburg
4.
An email message 4.
The source.com SMTP server connects to the destination.com SMTP server and passes the message. If the destination.com SMTP server is not responding, the message is queued and sent later. After 4 hours in the queue the sender is notified. 5. Destination.com passes the message to the destination.com POP3 server. 6. The message is stored in the POP3 mailbox for retrieval by receiver@destination.com Information Security © 2006 Eric Vanderburg
5.
Email • POP3 (Post
Office Protocol) – offers a storage place for messages until downloaded from the server. Port 119 • IMAP (Internet Mail Access Protocol) – Messages always reside on the server. Port 143 • E-mail attachments are documents in binary format (word processing documents, spreadsheets, sound files, pictures) Information Security © 2006 Eric Vanderburg
6.
Email • **All the
following operate at the application layer • MIME (Multipurpose Internet Mail Extensions) – standard for embedding email with rich text, graphics, sound, & video. • S/MIME (Secure MIME) – adds encryption and authentication to email. – – – – – Digital signatures Works with different email clients Encrypts messages Encryption & signing is transparent Checksums to protect integrity • PGP (Pretty Good Privacy) – Encrypted with a session key that is encrypted with the recipient’s public key. – Must download a plugin to use with email clients. Information Security © 2006 Eric Vanderburg
7.
Email vulnerabilities • Several
e-mail vulnerabilities can be exploited by attackers: – Malware – Spam – Hoaxes • SMTP relay attacks allow spammers to send thousands of e-mail messages to users Information Security © 2006 Eric Vanderburg
8.
Email vulnerabilities • SPAM –
30 billion daily e-mail messages are spam – 25% of users say the ever-increasing volume of spam has reduced their overall use of e-mail – 52% of users indicate spam has made them less trusting of e-mail in general – 70% of users say spam has made being online unpleasant or annoying – Use a backlist of spammers to block any e-mail that originates from their e-mail addresses – Bayesian filtering – words found in the SPAM bin help define other SPAM messages. Information Security © 2006 Eric Vanderburg
9.
Internet vulnerabilities • Buffer
overflow attacks are common ways to gain unauthorized access to Web servers • Both file names and aliases must be protected if 8.3 aliases are not disabled. Incorrect permissions could be applied. • Dynamic content can also be used by attackers – Repurposed programming - using programming tools in ways more harmful than originally intended (Javascript, ActiveX) Information Security © 2006 Eric Vanderburg
10.
JavaScript • Provides client
side dynamic content • Virtual Machine (VM) - a Java interpreter • JavaScript code is downloaded onto the user’s computer within the HTML code – defense mechanisms: • Cannot read or write to the file system • No networking capabilities – problems: • Can capture and send user information without the user’s knowledge or authorization • Security is through browser. It does not protect code that executes outside a browser. Information Security © 2006 Eric Vanderburg
11.
Java Applet • Separate
program downloaded with but separate from the HTML • Sandbox - Surrounds program and keeps it away from private data and other resources on a local computer • Signed or unsigned Information Security © 2006 Eric Vanderburg
12.
ActiveX • Standard for
information sharing between programs • Installed when referenced by a web page • Do not run in a sandbox. Has full access to the OS • Signed or unsigned – only proves source but not safety • Only run on Windows • Set per computer instead of per user • ActiveX controls as a whole are either disabled or enabled in IE Information Security © 2006 Eric Vanderburg
13.
Cookies • Stores information
from a web site – Sessions – Saved logon • • • • • • Very small (4KB) Has an expiration date First party cookie – A site’s own cookie Third party cookie – Another site’s cookie Disable third party cookie access Many sites require cookies so disabling them will change your online experience but disallowing sites Information Security © 2006 Eric Vanderburg
14.
CGI (Common Gateway
Interface) • CGI script – program code that adheres to CGI rules. – Used for communicating with other server software via web pages. – CGI on the server must be set to not execute remote code statements Information Security © 2006 Eric Vanderburg
15.
Web security • SSL
(Secure Sockets Layer)- v3.0 latest – Disable versions 1 & 2 • TLS (Transport Layer Security) – v1.0 is approximately the same as SSL3.0 • PCT (Personal Communications Technology) – Microsoft technology with longer keys and a better algorithm than SSL. (Not popular) • Application layer protocol so it can run on top of any network but it must be integrated with the program to work. Information Security © 2006 Eric Vanderburg
16.
SSL / TLS
/ PCT Steps 1. 2. 3. 4. 5. 6. Client sends a ClientHello message specifying the list of cipher suites, compression methods and the highest protocol version it supports. Server receives the ClientHello and sends a ServerHello, where selections are made from available suites, compression, and versions. Client and server exchange certificates (depending on the selected public key cipher) The server can request a certificate from the client, so that the connection can be mutually authenticated. Master secret (a common secret used for generating other keys) is negotiated using Diffie-Hellman exchange, or by encrypting a secret with a public key (if using mutual authentication). Data is sent encrypted with a key generated from the master secret and the selected cipher suite. When the connection is terminated a hash of all the exchanged data seen by both parties is sent for verification. Information Security © 2006 Eric Vanderburg
17.
FORTEZZA • Information security
system based on a PC Card security token. • Each individual who is authorized to see protected information is issued a Fortezza card that stores private keys and other data needed to gain access. • Wide in use in Government and Military applications • Latest version is FORTEZZA Plus Information Security © 2006 Eric Vanderburg
18.
HTTP & SSL •
HTTPS - HTTP over SSL/TLS – secures individual messages instead • SSL/TLS secures the entire communication between client and server • Port 443 Information Security © 2006 Eric Vanderburg
19.
Chatting • IM (Instant
Message) • Server contains list of users and their buddies • When connected, a user’s IP & port are sent to all their buddies. • Direct connections can be established to send messages without involving the server. • Most chat programs can log chats (optional) which are stored locally. Google Talk stores chat logs on the server. • Data sent through IM could be malicious (pictures, programs, video, music) Information Security © 2006 Eric Vanderburg
20.
Acronyms • CGI, Common
Gateway Interface • CAN-SPAM, Controlling the Assault of Non Solicited Pornography and Marketing Act of 2003 • IM, Instant Messaging • IMAP, Internet Mail Access Protocol • MIME, Multipurpose Internet Mail Extensions • PCT, Personal Communications Technology • POP, Post Office Protocol • PGP, Pretty Good Privacy • S/MIME, Secure Multipurpose Internet Mail Extensions • SSL, Secure Sockets Layer • SMTP, Simple Mail Transfer Protocol • TLS, Transport Layer Security • VM, Virtual Machine Information Security © 2006 Eric Vanderburg
Download now