Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 17: WEB COMPONENTS

Published byDiana Nute Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 17: WEB COMPONENTS"— Presentation transcript:

1 Chapter 17: WEB COMPONENTS
By Chuong Vu

2 Chapter Contents Current Web Components and Concerns Web protocols
SSL/TLS, HTTP/HTTPS, DAP/LDAP, FTP/SFTP Code-Based Vulnerabilities Buffer Overflows, Java/Javascript, ActiveX, Securing the Browser, CGI, Server-Side Scritps, Cookies, Signed Applets, Browser Plug-ins. Application-Base Weaknesses OVAL, Web 2.0

3 Current Web Components and Concerns
Web is not just to browsers, but also to web components that enable services for end users through their browser interfaces. They offers users an easy-to-use, secure method of conducting data transfer over the Internet. They have three main tasks: Securing a server provide a webserver. Securing the data transport between servers and users via web. Securing the user’s computer from attack.

4 Web Protocols When two computer communicate, several things must happen for the communication to be effective: They must use the same and correctly language that both the parties can understand. Protocols are very important and from basic by which all the separate parts can work together.

5 Encryption (SSL and TLS)
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet.

6 How SSL/TLS Works? TLS/SSL authenticates and secures data transfers by using certificate-based authentication and symmetric encryption keys. One authentication is established, the channel is secured with symmetric key cryptographic methods and hashes: RC4 or 3DES is use for symmetric key. MD5 or SHA-1 is use for hash functions.

7 SSL/TLS Attacks Even SSL/TLS is specifically designed to provide protection from man-in-the-middle attacks, it is not completely security solution and can be defeated. A Trojan/Keylogger program can copies keystrokes and echoes them to another TCP/IP address with the intended communication can defeat SSL/TLS.

8 The Web (HTTP/HTTPS) The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. It is used for transfer hyperlinked data over Internet. Hypertext Transfer Protocol Secure (HTTPS) is used to secure the connection with SSL/TLS.

9 Directory Service (DAP/LDAP)
Directory Access Protocol (DAP) is a computer networking standard promulgated use for accessing an X.500 directory service. The Lightweight Directory Access Protocol (LDAP) is an application protocol describing interaction with directory services. SSL/TLS LDAP LDAP required SSL/TLS to achieve over for connection between client and server.

10 File Transfer (FTP/SFTP)
File Transfer Protocol (FTP) is an application-level protocol that operates over a wide range of lower-level protocols. SSH File Transfer Protocol (SFTP) combines the file transfer application with Secure Shell (SSH) application to provide for a means of confidential FTP operations. Blind FTP (Anonymous FTP) allows unlimited public access to the files and commonly use when you want to have unlimited distribution.

11 Code-Based Vulnerabilities
The ability to connect many machines together to transfer data is what makes the Internet so functional for so many users. Web Browsers have become powerful programming environments that perform many actions behind the scenes for a user. Example: DDOS (botnet)

12 Buffer Overflows The buffer overflow vulnerability is a product of poorly constructed software programs. When code in the stack-buffer overflows into another application’s process. It can cause applications to crash or execute malicious code.

13 Java and JavaScript Java is computer language invented by Sun Microsystems. It is a software package installed separately from the browser. JavaScript is a scripting language developed by Netscape. JavaScript is generally built in to the browser.

14 Different between Java and JavaScript
Java and JavaScript are completely different. Java is designed for safety, reducing the opportunity for system crashes. JavaScript is used to control the look, feel and function of web pages displayed inside the browser.

15 ActiveX ActiveX is a software framework developed by Microsoft.
It is a tool for the Windows environment and can be extremely powerful. ActiveX can be used to create complex application then embedded into other container objects such as a web browser.

16 CGI/Server-Side Script
The Common Gateway Interface (CGI) is a standard method for web server software to delegate the generation of web content to executable files. They are usually written in a scripting language. Allows programs to be run outside the web server and to return data to the web server to be served to end users via a web page.

17 Cookies Cookies are small chunks of ASCII text passed within an HTTP stream to store data temporarily in a Web Browser instance. Cookies can be set for persistent (last for a defined time period) or session (Expire when the session is closed).

18 Signed Applets/Browser Plug-ins
Code signing is the process of digitally signing executable and scripts to bring the security of shrink-wrapped software to software downloaded from the Internet. Browser Plugins are small application programs that increase a browser’s ability to handle new data types and add new functionality. (Example: Adobe PDF, NoScript, etc..)

19 Application-Based Weaknesses
Beside the Web Browser, the application software written to run on servers and serve up the content for users is also abused by crackers. Open Vulnerability and Assessment Language (OVAL) are an XML-based languages that provides a standard for how to check for the presence of vulnerabilities and configuration issues on computer systems.

20 Web 2.0 Web 2.0 websites allow users to do more than just retrieve information. They provide the users with more user-interface, software and storage facilities, all through their browser.

21 Questions?

Download ppt "Chapter 17: WEB COMPONENTS"

Similar presentations

Overview Environment for Internet database connectivity

Overview Environment for Internet database connectivity
PowerPoint presentation of first 25 pages of instructional manual Edith Fabiyi Essentials of Internet Access.

PowerPoint presentation of first 25 pages of instructional manual Edith Fabiyi Essentials of Internet Access.
Section 10.1 Identify how Web sites are structured Explain the role of URLs Describe the function of HTTP Section 10.2 Explain how the Web has affected.

Section 10.1 Identify how Web sites are structured Explain the role of URLs Describe the function of HTTP Section 10.2 Explain how the Web has affected.
Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Internet Security Protocols

Internet Security Protocols
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
DT228/3 Web Development WWW and Client server model.

DT228/3 Web Development WWW and Client server model.
Lesson 17-Web Components. Background  The World Wide Web was invented in 1990 by Tim Berners- Lee to give physicists a convenient method of exchanging.

Lesson 17-Web Components. Background  The World Wide Web was invented in 1990 by Tim Berners- Lee to give physicists a convenient method of exchanging.
Building Applications using ASP.NET and C# / Session 1 / 1 of 21 Session 1.

Building Applications using ASP.NET and C# / Session 1 / 1 of 21 Session 1.
The Internet Useful Definitions and Concepts About the Internet.

The Internet Useful Definitions and Concepts About the Internet.
INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.

INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.
Internet…issues Managing the Internet

Internet…issues Managing the Internet
Introduction to Web Application Architectures Web Application Architectures 18 th March 2005 Bogdan L. Vrusias

Introduction to Web Application Architectures Web Application Architectures 18 th March 2005 Bogdan L. Vrusias
INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.

INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.
Active X Microsoft’s Answer to Dynamic Content Reference: Using Active X by Brian Farrar QUE

Active X Microsoft’s Answer to Dynamic Content Reference: Using Active X by Brian Farrar QUE
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
WWW and Internet The Internet Creation of the Web Languages for document description Active web pages.

WWW and Internet The Internet Creation of the Web Languages for document description Active web pages.

Similar presentations

Ads by Google