Web Security and Vulnerability Analysis with Adam Doup

web security model n.w
1 / 18
Embed
Share

Explore the intricacies of web security and vulnerability analysis in CSE 591 at Arizona State University with Adam Doup. Dive into web technologies, server-side and client-side code, hacking techniques, and more to grasp the essentials of secure web applications.

  • Web Security
  • Vulnerability Analysis
  • Adam Doup
  • Web Technologies
  • Hacking
rayaanacharya
pmccr Follow

Uploaded on | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Web Security Model CSE 591 Security and Vulnerability Analysis Spring 2015 Adam Doup Arizona State University http://adamdoupe.com

  2. Overview We've studied the technologies that make up the web, including the underlying technologies, server-code code, and client-side code Let's hack all the things! But first, we need to understand the security of web applications Otherwise, how do we know if we're successful Adam Doup , Security and Vulnerability Analysis

  3. Web Ecosystem HTTP Request HTTP Response Web Application Web Server Client Adam Doup , Security and Vulnerability Analysis

  4. Client Adam Doup , Security and Vulnerability Analysis

  5. Client Adam Doup , Security and Vulnerability Analysis

  6. Client Adam Doup , Security and Vulnerability Analysis

  7. Who's Security is it Anyways? Adam Doup , Security and Vulnerability Analysis

  8. Client Adam Doup , Security and Vulnerability Analysis

  9. HTML Frames Ability to tie multiple separate URLs together on one page Used in the early days to provide a banner or navigation element Adam Doup , Security and Vulnerability Analysis

  10. frameset <frameset cols="85%, 15%"> <frame src="frame1.html" name="frame_1"> <frame src="frame2.html" name="frame_2"> <noframes> Text to be displayed in browsers that do not support frames </noframes> </frameset> Adam Doup , Security and Vulnerability Analysis

  11. The Frames frame1.html I am frame 1 frame2.html I am frame two Adam Doup , Security and Vulnerability Analysis

  12. Adam Doup, Security and Vulnerability Analysis

  13. iframes Inline frames Similar to frames, but does not need a frameset <iframe src="frame1.html" name="frame_1" frameBorder="0"></iframe> <iframe src="frame2.html" name="frame_2" frameBorder="0"></iframe> Adam Doup , Security and Vulnerability Analysis

  14. Adam Doup, Security and Vulnerability Analysis

  15. JavaScript Security Browsers are downloading and running foreign (JavaScript) code, sometimes concurrently The security of JavaScript code execution is guaranteed by a sandboxing mechanism (similar to what we saw in Java applets) No access to local files No access to (most) network resources No incredibly small windows No access to the browser's history The details of the sandbox depend on the browser Adam Doup , Security and Vulnerability Analysis

  16. Same Origin Policy (SOP) Standard security policy for JavaScript across browsers Incredibly important to web security If you learn only one thing from this class, let it be the Same Origin Policy Every frame or tab in a browser's window is associated with a domain A domain is determined by the tuple: <protocol, server, port> from which the frame content was downloaded Code downloaded in a frame can only access the resources associated with that domain If a frame explicitly includes external code, this code will execute within the SOP On adamdoupe.com, the following JavaScript code has access to the <http, adamdoupe.com, 80> SOP <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/j query.min.js"></script> Adam Doup , Security and Vulnerability Analysis

  17. Web Security Model Same Origin Policy (SOP) Adam Doup , Security and Vulnerability Analysis

  18. Technologies URI Percent Encoding HTTP Request HTTP Response HTTP Authentication HTML HTML Character References Form Urlencoding Cookies CGI ASP Servlets JSP PHP SQL SOP Adam Doup , Security and Vulnerability Analysis

Related


BCA 601(N): Computer Network Security

BCA 601(N): Computer Network Security

danna
OWASP Bricks - Web Application Security Learning Platform

OWASP Bricks - Web Application Security Learning Platform

aleia
Role of Security Champions in Organizations

Role of Security Champions in Organizations

irvin
Roles of a Security Partner

Roles of a Security Partner

zaara
The Fundamentals of Web Front-End Development

The Fundamentals of Web Front-End Development

goodwine_n
Internet Basics and Web Browsers

Internet Basics and Web Browsers

riur595
Web Hosting and Server Types

Web Hosting and Server Types

trac_189
Web Accessibility and Its Importance

Web Accessibility and Its Importance

kate_555
Fundamentals of Web Engineering

Fundamentals of Web Engineering

smcli
REST and RESTful Web Services

REST and RESTful Web Services

amais
Web Browsers and Internet Explorer

Web Browsers and Internet Explorer

tyre_nks
Silverlight for Web Hosting Companies

Silverlight for Web Hosting Companies

decla
Web Security Essentials

Web Security Essentials

zdev
Importance of Security in Web Development

Importance of Security in Web Development

kharmync
Web Security: Same-Origin Policy in Web Applications

Web Security: Same-Origin Policy in Web Applications

lavellewo
An Empirical Evaluation of Security Indicators in Mobile Web Browsers

An Empirical Evaluation of Security Indicators in Mobile Web Browsers

czad
HTTP Security Headers for Web Apps

HTTP Security Headers for Web Apps

pembroke_l
Basic Web Security Model for Secure Electronic Commerce

Basic Web Security Model for Secure Electronic Commerce

ezikiel
Web Security: Threats and Protections

Web Security: Threats and Protections

wetherby_m
Ultimate Guide to Own Web Now's Web Hosting Platform

Ultimate Guide to Own Web Now's Web Hosting Platform

ariz_728
Exploring Web Hosting Security: Principles, Layers, and Monitoring

Exploring Web Hosting Security: Principles, Layers, and Monitoring

jac_662
ASP.NET Web API Security and Authentication Overview

ASP.NET Web API Security and Authentication Overview

dray_514

More Related Content