Submit Search
Upload
Information Security Lesson 6 - Web Security - Eric Vanderburg
•
Download as PPT, PDF
•
1 like
•
676 views
Eric Vanderburg
Follow
Information Security Lesson 6 - Web Security - Eric Vanderburg
Read less
Read more
Technology
Report
Share
Report
Share
1 of 20
Download now
Recommended
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless Networks
Sam Bowne
Echoworx Encryption Delivery Methods
Echoworx Encryption Delivery Methods
Echoworx
Ch08 Authentication
Ch08 Authentication
Information Technology
Android Firewall project
Android Firewall project
Karunakar Singh Thakur
Fortinet FortiGate 100D
Fortinet FortiGate 100D
Hoai Duyen
gkkSecurity essentials domain 2
gkkSecurity essentials domain 2
Anne Starr
Network security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018
Mohammad Fareed
Recommended
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless Networks
Sam Bowne
Echoworx Encryption Delivery Methods
Echoworx Encryption Delivery Methods
Echoworx
Ch08 Authentication
Ch08 Authentication
Information Technology
Android Firewall project
Android Firewall project
Karunakar Singh Thakur
Fortinet FortiGate 100D
Fortinet FortiGate 100D
Hoai Duyen
gkkSecurity essentials domain 2
gkkSecurity essentials domain 2
Anne Starr
Network security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018
Mohammad Fareed
Wireless Network Security
Wireless Network Security
Gyana Ranjana
Wireless Networking Security
Wireless Networking Security
Anshuman Biswal
NTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New World
North Texas Chapter of the ISSA
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Sachintha Gunasena
Fortinet av
Fortinet av
Lan & Wan Solutions
The Post Covid-19 Cybersecurity World - Where Is It Headed?
The Post Covid-19 Cybersecurity World - Where Is It Headed?
Bangladesh Network Operators Group
Ch06 Wireless Network Security
Ch06 Wireless Network Security
Information Technology
Wireless network security
Wireless network security
Aurobindo Nayak
Application layer Security in IoT: A Survey
Application layer Security in IoT: A Survey
Adeel Ahmed
Network Security Tools
Network Security Tools
Emanuela Boroș
Fortigate Training
Fortigate Training
NCS Computech Ltd.
LAN Security
LAN Security
Syed Ubaid Ali Jafri
Wifi
Wifi
TheSmit Chheda
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
Rishabh Gupta
Firewall Design and Implementation
Firewall Design and Implementation
ajeet singh
Wireless security using wpa2
Wireless security using wpa2
Tushar Anand
Network defenses
Network defenses
G Prachi
Flak+technologies
Flak+technologies
Tatyana Kobets
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
Belsoft
Security standard
Security standard
lyndyv
Security of the database
Security of the database
Pratik Tamgadge
Information security presentation
Information security presentation
HK IT solutions... unlimited...
More Related Content
What's hot
Wireless Network Security
Wireless Network Security
Gyana Ranjana
Wireless Networking Security
Wireless Networking Security
Anshuman Biswal
NTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New World
North Texas Chapter of the ISSA
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Sachintha Gunasena
Fortinet av
Fortinet av
Lan & Wan Solutions
The Post Covid-19 Cybersecurity World - Where Is It Headed?
The Post Covid-19 Cybersecurity World - Where Is It Headed?
Bangladesh Network Operators Group
Ch06 Wireless Network Security
Ch06 Wireless Network Security
Information Technology
Wireless network security
Wireless network security
Aurobindo Nayak
Application layer Security in IoT: A Survey
Application layer Security in IoT: A Survey
Adeel Ahmed
Network Security Tools
Network Security Tools
Emanuela Boroș
Fortigate Training
Fortigate Training
NCS Computech Ltd.
LAN Security
LAN Security
Syed Ubaid Ali Jafri
Wifi
Wifi
TheSmit Chheda
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
Rishabh Gupta
Firewall Design and Implementation
Firewall Design and Implementation
ajeet singh
Wireless security using wpa2
Wireless security using wpa2
Tushar Anand
Network defenses
Network defenses
G Prachi
Flak+technologies
Flak+technologies
Tatyana Kobets
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
Belsoft
Security standard
Security standard
lyndyv
What's hot
(20)
Wireless Network Security
Wireless Network Security
Wireless Networking Security
Wireless Networking Security
NTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New World
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Fortinet av
Fortinet av
The Post Covid-19 Cybersecurity World - Where Is It Headed?
The Post Covid-19 Cybersecurity World - Where Is It Headed?
Ch06 Wireless Network Security
Ch06 Wireless Network Security
Wireless network security
Wireless network security
Application layer Security in IoT: A Survey
Application layer Security in IoT: A Survey
Network Security Tools
Network Security Tools
Fortigate Training
Fortigate Training
LAN Security
LAN Security
Wifi
Wifi
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
Firewall Design and Implementation
Firewall Design and Implementation
Wireless security using wpa2
Wireless security using wpa2
Network defenses
Network defenses
Flak+technologies
Flak+technologies
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
Security standard
Security standard
Viewers also liked
Security of the database
Security of the database
Pratik Tamgadge
Information security presentation
Information security presentation
HK IT solutions... unlimited...
نظام إدارة مؤسسات تعليم القران
نظام إدارة مؤسسات تعليم القران
Trans Gulf information technology
Rfid tech for library | تحديد الهوية بموجات الراديو
Rfid tech for library | تحديد الهوية بموجات الراديو
Trans Gulf information technology
SSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath Control
Mike Thompson
محاولة تأريخ لعلم الأجرام عبر الأنترنت
محاولة تأريخ لعلم الأجرام عبر الأنترنت
الهيئة الوطنية لأمن وسلامة المعلومات
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
Mohammed Almeshekah
حجية الدليل الرقمي وموقع المشروع اليبي
حجية الدليل الرقمي وموقع المشروع اليبي
الهيئة الوطنية لأمن وسلامة المعلومات
Truth and Consequences
Truth and Consequences
Mohammed Almeshekah
منهجية قانون الانترنيت
منهجية قانون الانترنيت
الهيئة الوطنية لأمن وسلامة المعلومات
نظام إدارة المؤسسات التدربية التعليمية
نظام إدارة المؤسسات التدربية التعليمية
Trans Gulf information technology
قضايا معرفية في الأمن السبراني
قضايا معرفية في الأمن السبراني
الهيئة الوطنية لأمن وسلامة المعلومات
امن الشبكات المخاطر والحلول
امن الشبكات المخاطر والحلول
abayazed
Managing System Security
Managing System Security
PIREH
العرض المرئي عن الشركة عبر الخليج لتقنية المعلومات
العرض المرئي عن الشركة عبر الخليج لتقنية المعلومات
Trans Gulf information technology
افاق المعرفة- نظام ادارة المكتبات
افاق المعرفة- نظام ادارة المكتبات
Trans Gulf information technology
مسودة مشروع قانون المعاملات الالكترونية الليبي
مسودة مشروع قانون المعاملات الالكترونية الليبي
الهيئة الوطنية لأمن وسلامة المعلومات
إختبارات في أمن المعلومات It security
إختبارات في أمن المعلومات It security
Sherief Elmetwali
شبكات و أمن المعلومات 1
شبكات و أمن المعلومات 1
emad tawfeek
أساسيات أمن المعلومات
أساسيات أمن المعلومات
Mohammed Almeshekah
Viewers also liked
(20)
Security of the database
Security of the database
Information security presentation
Information security presentation
نظام إدارة مؤسسات تعليم القران
نظام إدارة مؤسسات تعليم القران
Rfid tech for library | تحديد الهوية بموجات الراديو
Rfid tech for library | تحديد الهوية بموجات الراديو
SSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath Control
محاولة تأريخ لعلم الأجرام عبر الأنترنت
محاولة تأريخ لعلم الأجرام عبر الأنترنت
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
حجية الدليل الرقمي وموقع المشروع اليبي
حجية الدليل الرقمي وموقع المشروع اليبي
Truth and Consequences
Truth and Consequences
منهجية قانون الانترنيت
منهجية قانون الانترنيت
نظام إدارة المؤسسات التدربية التعليمية
نظام إدارة المؤسسات التدربية التعليمية
قضايا معرفية في الأمن السبراني
قضايا معرفية في الأمن السبراني
امن الشبكات المخاطر والحلول
امن الشبكات المخاطر والحلول
Managing System Security
Managing System Security
العرض المرئي عن الشركة عبر الخليج لتقنية المعلومات
العرض المرئي عن الشركة عبر الخليج لتقنية المعلومات
افاق المعرفة- نظام ادارة المكتبات
افاق المعرفة- نظام ادارة المكتبات
مسودة مشروع قانون المعاملات الالكترونية الليبي
مسودة مشروع قانون المعاملات الالكترونية الليبي
إختبارات في أمن المعلومات It security
إختبارات في أمن المعلومات It security
شبكات و أمن المعلومات 1
شبكات و أمن المعلومات 1
أساسيات أمن المعلومات
أساسيات أمن المعلومات
Similar to Information Security Lesson 6 - Web Security - Eric Vanderburg
Security - ch5.ppt
Security - ch5.ppt
HabtamuHaileMichael2
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Eric Vanderburg
Minimizing Information Transparency
Minimizing Information Transparency
Usman Arshad
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Honeywell
Network security and protocols
Network security and protocols
Online
6 security
6 security
valency paul
SECURITY PROTOCOLS.ppt
SECURITY PROTOCOLS.ppt
DimpyJindal4
Unit08
Unit08
Nurul Nadirah
How to stay protected against ransomware
How to stay protected against ransomware
Sophos Benelux
Web Security
Web Security
Dr.Florence Dayana
How to write secure code
How to write secure code
Flaskdata.io
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
Eric Vanderburg
Chapter 2 System Security.pptx
Chapter 2 System Security.pptx
RushikeshChikane2
Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric Vanderburg
Eric Vanderburg
Secure email gate way
Secure email gate way
vfmindia
Information Security Lesson 7 - Remote Access - Eric Vanderburg
Information Security Lesson 7 - Remote Access - Eric Vanderburg
Eric Vanderburg
Flak+technologies
Flak+technologies
Tatyana Kobets
Case study about voip
Case study about voip
elmudthir
DDS Secure Intro
DDS Secure Intro
John Breitenbach
Secrity project keyvan
Secrity project keyvan
itrraincity
Similar to Information Security Lesson 6 - Web Security - Eric Vanderburg
(20)
Security - ch5.ppt
Security - ch5.ppt
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Minimizing Information Transparency
Minimizing Information Transparency
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Network security and protocols
Network security and protocols
6 security
6 security
SECURITY PROTOCOLS.ppt
SECURITY PROTOCOLS.ppt
Unit08
Unit08
How to stay protected against ransomware
How to stay protected against ransomware
Web Security
Web Security
How to write secure code
How to write secure code
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
Chapter 2 System Security.pptx
Chapter 2 System Security.pptx
Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric Vanderburg
Secure email gate way
Secure email gate way
Information Security Lesson 7 - Remote Access - Eric Vanderburg
Information Security Lesson 7 - Remote Access - Eric Vanderburg
Flak+technologies
Flak+technologies
Case study about voip
Case study about voip
DDS Secure Intro
DDS Secure Intro
Secrity project keyvan
Secrity project keyvan
More from Eric Vanderburg
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
Eric Vanderburg
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Eric Vanderburg
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Eric Vanderburg
Mobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
Eric Vanderburg
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Eric Vanderburg
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
Eric Vanderburg
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
Eric Vanderburg
Principles of technology management
Principles of technology management
Eric Vanderburg
Japanese railway technology
Japanese railway technology
Eric Vanderburg
Evaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
Eric Vanderburg
Japanese current and future technology management challenges
Japanese current and future technology management challenges
Eric Vanderburg
Technology management in Japan: Robotics
Technology management in Japan: Robotics
Eric Vanderburg
Incident response table top exercises
Incident response table top exercises
Eric Vanderburg
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
Eric Vanderburg
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
Eric Vanderburg
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Eric Vanderburg
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
Eric Vanderburg
More from Eric Vanderburg
(20)
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Mobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
Principles of technology management
Principles of technology management
Japanese railway technology
Japanese railway technology
Evaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
Japanese current and future technology management challenges
Japanese current and future technology management challenges
Technology management in Japan: Robotics
Technology management in Japan: Robotics
Incident response table top exercises
Incident response table top exercises
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
Recently uploaded
Slack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
soniya singh
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
ThousandEyes
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Padma Pradeep
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Ridwan Fadjar
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Alan Dix
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
shyamraj55
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Safe Software
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
BookNet Canada
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
OnBoard
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
HostedbyConfluent
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Mark Billinghurst
Recently uploaded
(20)
Slack Application Development 101 Slides
Slack Application Development 101 Slides
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Information Security Lesson 6 - Web Security - Eric Vanderburg
1.
Information Security Chapter 6 Web
Security Information Security © 2006 Eric Vanderburg
2.
Reasons for software
vulnerability • Large amount of code – Windows 2000 – 20 million lines – Windows XP – 40 million lines – Linux – 55 million lines • Extensibility – Ex: Firefox plug-ins – Drivers (use signed drivers) • Wired (connectivity) – More internet enabled applications which may not be secure. (weather, stocks, media player) Information Security © 2006 Eric Vanderburg
3.
An email message 1.
sender@source.com uses a client to create a message for receiver@destination.com 2. Client connects to mail.source.com SMTP server on port 25 and forwards the message. 3. SMTP server compares the source and destination domain names. If they are the same, the message goes to the POP3 server for source.com via the delivery agent. Information Security © 2006 Eric Vanderburg
4.
An email message 4.
The source.com SMTP server connects to the destination.com SMTP server and passes the message. If the destination.com SMTP server is not responding, the message is queued and sent later. After 4 hours in the queue the sender is notified. 5. Destination.com passes the message to the destination.com POP3 server. 6. The message is stored in the POP3 mailbox for retrieval by receiver@destination.com Information Security © 2006 Eric Vanderburg
5.
Email • POP3 (Post
Office Protocol) – offers a storage place for messages until downloaded from the server. Port 119 • IMAP (Internet Mail Access Protocol) – Messages always reside on the server. Port 143 • E-mail attachments are documents in binary format (word processing documents, spreadsheets, sound files, pictures) Information Security © 2006 Eric Vanderburg
6.
Email • **All the
following operate at the application layer • MIME (Multipurpose Internet Mail Extensions) – standard for embedding email with rich text, graphics, sound, & video. • S/MIME (Secure MIME) – adds encryption and authentication to email. – – – – – Digital signatures Works with different email clients Encrypts messages Encryption & signing is transparent Checksums to protect integrity • PGP (Pretty Good Privacy) – Encrypted with a session key that is encrypted with the recipient’s public key. – Must download a plugin to use with email clients. Information Security © 2006 Eric Vanderburg
7.
Email vulnerabilities • Several
e-mail vulnerabilities can be exploited by attackers: – Malware – Spam – Hoaxes • SMTP relay attacks allow spammers to send thousands of e-mail messages to users Information Security © 2006 Eric Vanderburg
8.
Email vulnerabilities • SPAM –
30 billion daily e-mail messages are spam – 25% of users say the ever-increasing volume of spam has reduced their overall use of e-mail – 52% of users indicate spam has made them less trusting of e-mail in general – 70% of users say spam has made being online unpleasant or annoying – Use a backlist of spammers to block any e-mail that originates from their e-mail addresses – Bayesian filtering – words found in the SPAM bin help define other SPAM messages. Information Security © 2006 Eric Vanderburg
9.
Internet vulnerabilities • Buffer
overflow attacks are common ways to gain unauthorized access to Web servers • Both file names and aliases must be protected if 8.3 aliases are not disabled. Incorrect permissions could be applied. • Dynamic content can also be used by attackers – Repurposed programming - using programming tools in ways more harmful than originally intended (Javascript, ActiveX) Information Security © 2006 Eric Vanderburg
10.
JavaScript • Provides client
side dynamic content • Virtual Machine (VM) - a Java interpreter • JavaScript code is downloaded onto the user’s computer within the HTML code – defense mechanisms: • Cannot read or write to the file system • No networking capabilities – problems: • Can capture and send user information without the user’s knowledge or authorization • Security is through browser. It does not protect code that executes outside a browser. Information Security © 2006 Eric Vanderburg
11.
Java Applet • Separate
program downloaded with but separate from the HTML • Sandbox - Surrounds program and keeps it away from private data and other resources on a local computer • Signed or unsigned Information Security © 2006 Eric Vanderburg
12.
ActiveX • Standard for
information sharing between programs • Installed when referenced by a web page • Do not run in a sandbox. Has full access to the OS • Signed or unsigned – only proves source but not safety • Only run on Windows • Set per computer instead of per user • ActiveX controls as a whole are either disabled or enabled in IE Information Security © 2006 Eric Vanderburg
13.
Cookies • Stores information
from a web site – Sessions – Saved logon • • • • • • Very small (4KB) Has an expiration date First party cookie – A site’s own cookie Third party cookie – Another site’s cookie Disable third party cookie access Many sites require cookies so disabling them will change your online experience but disallowing sites Information Security © 2006 Eric Vanderburg
14.
CGI (Common Gateway
Interface) • CGI script – program code that adheres to CGI rules. – Used for communicating with other server software via web pages. – CGI on the server must be set to not execute remote code statements Information Security © 2006 Eric Vanderburg
15.
Web security • SSL
(Secure Sockets Layer)- v3.0 latest – Disable versions 1 & 2 • TLS (Transport Layer Security) – v1.0 is approximately the same as SSL3.0 • PCT (Personal Communications Technology) – Microsoft technology with longer keys and a better algorithm than SSL. (Not popular) • Application layer protocol so it can run on top of any network but it must be integrated with the program to work. Information Security © 2006 Eric Vanderburg
16.
SSL / TLS
/ PCT Steps 1. 2. 3. 4. 5. 6. Client sends a ClientHello message specifying the list of cipher suites, compression methods and the highest protocol version it supports. Server receives the ClientHello and sends a ServerHello, where selections are made from available suites, compression, and versions. Client and server exchange certificates (depending on the selected public key cipher) The server can request a certificate from the client, so that the connection can be mutually authenticated. Master secret (a common secret used for generating other keys) is negotiated using Diffie-Hellman exchange, or by encrypting a secret with a public key (if using mutual authentication). Data is sent encrypted with a key generated from the master secret and the selected cipher suite. When the connection is terminated a hash of all the exchanged data seen by both parties is sent for verification. Information Security © 2006 Eric Vanderburg
17.
FORTEZZA • Information security
system based on a PC Card security token. • Each individual who is authorized to see protected information is issued a Fortezza card that stores private keys and other data needed to gain access. • Wide in use in Government and Military applications • Latest version is FORTEZZA Plus Information Security © 2006 Eric Vanderburg
18.
HTTP & SSL •
HTTPS - HTTP over SSL/TLS – secures individual messages instead • SSL/TLS secures the entire communication between client and server • Port 443 Information Security © 2006 Eric Vanderburg
19.
Chatting • IM (Instant
Message) • Server contains list of users and their buddies • When connected, a user’s IP & port are sent to all their buddies. • Direct connections can be established to send messages without involving the server. • Most chat programs can log chats (optional) which are stored locally. Google Talk stores chat logs on the server. • Data sent through IM could be malicious (pictures, programs, video, music) Information Security © 2006 Eric Vanderburg
20.
Acronyms • CGI, Common
Gateway Interface • CAN-SPAM, Controlling the Assault of Non Solicited Pornography and Marketing Act of 2003 • IM, Instant Messaging • IMAP, Internet Mail Access Protocol • MIME, Multipurpose Internet Mail Extensions • PCT, Personal Communications Technology • POP, Post Office Protocol • PGP, Pretty Good Privacy • S/MIME, Secure Multipurpose Internet Mail Extensions • SSL, Secure Sockets Layer • SMTP, Simple Mail Transfer Protocol • TLS, Transport Layer Security • VM, Virtual Machine Information Security © 2006 Eric Vanderburg
Download now