Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Applications Security Seminar David Evans University of Virginia 28 August 2007.

Published byRandell Small Modified over 8 years ago

Similar presentations

Presentation on theme: "Web Applications Security Seminar David Evans University of Virginia 28 August 2007."— Presentation transcript:

1 Web Applications Security Seminar David Evans University of Virginia 28 August 2007

2 2 http://www.cs.virginia.edu/evans/wass Welcome! Brief Seminar Intro Sign Up Sheets

3 3 http://www.cs.virginia.edu/evans/wass Do Web Applications Change Security?

4 4 http://www.cs.virginia.edu/evans/wass No perimeters HTTP = UFBP

5 5 http://www.cs.virginia.edu/evans/wass Dynamic Rapidly Changing Distributed State

6 6 http://www.cs.virginia.edu/evans/wass Composed content Complex trust models Personal Information

7 7 http://www.cs.virginia.edu/evans/wass (This is a hoax) Real money from virtual actions Competition, fraud, incentives

8 8 http://www.cs.virginia.edu/evans/wass Some things don’t change? Most Classic Security Principles Still Apply (but get much harder...) –Economy of Mechanism –Fail-safe Defaults –Complete Mediation –Open Design –Least Privilege –Psychological Acceptability –Least Common Mechanism –Separation of Privilege Saltzer & Schroeder, The Protection of Information in Computer Systems, 1973

9 9 http://www.cs.virginia.edu/evans/wass Seminar Expectations You already know something about security –Basic understanding of cryptography (e.g., public key crypto, SSL) –System and software security Minimal web application knowledge expected –Java, AJAX, JavaScript, PHP, Python, Ruby

10 10 http://www.cs.virginia.edu/evans/wass Seminar Meetings Tuesdays and Thursday, 11am-12:15 One student (with help from an assistant) will lead a presentation on a topic All students will read focus paper(s)

11 11 http://www.cs.virginia.edu/evans/wass Leading a Topic Topic leader and assistant Focus paper (sometimes two) Background and context papers, other sources, “hands-on” experience Meet with me at least a week before your scheduled presentation –Office Hours: Mondays 10:30am, Tuesdays 12:15pm (or email to schedule other time)

12 12 http://www.cs.virginia.edu/evans/wass Pre-Presentation Meeting Plan for your presentation –What is the main story you want to tell? –What technical nuggets are worth explaining? –What context and background information do you need? Suggestions for the 2-3 response questions

13 13 http://www.cs.virginia.edu/evans/wass Responses Short answers to questions about the focus paper –3 generic questions –1-3 specific questions –Feel free to add any additional brilliant ideas you have Turn in (on paper) at beginning of seminar Come prepared to the seminar to discuss the paper

14 14 http://www.cs.virginia.edu/evans/wass Projects Goal: do something interesting and important enough to write a conference paper Teams: alone or in a small group Topic: anything you can convince me is relevant and worthwhile Start thinking of ideas, finding teammates now: mini-proposal due Oct 2

15 15 http://www.cs.virginia.edu/evans/wass Questions? Sign up on registration sheet Sign up on schedule sheet: –One time as topic leader –One time as assistant –Don’t need to fill in topic now Thursday: MashupOS –Response questions on website

Download ppt "Web Applications Security Seminar David Evans University of Virginia 28 August 2007."

Similar presentations

Welcome to the seminar course

Welcome to the seminar course
Year 4 Eagles and Parrots Welcome Evening. Year 4 Staff Eagles ~ Miss Eames Parrots ~ Mrs. Palmer Supported By: Mrs. Howard, Mrs. Long and Mrs. Smith.

Year 4 Eagles and Parrots Welcome Evening. Year 4 Staff Eagles ~ Miss Eames Parrots ~ Mrs. Palmer Supported By: Mrs. Howard, Mrs. Long and Mrs. Smith.
Suggestion #1 Richard Gonzalez. What do I what to bring to this semester from the last one ? Why ?  I wanted to bring to this semester from the previous.

Suggestion #1 Richard Gonzalez. What do I what to bring to this semester from the last one ? Why ?  I wanted to bring to this semester from the previous.
Peer-led instruction for a qualifying exam preparatory course or: How I learned to stop worrying and love the Ph.D. qualifying exam Warren Christensen.

Peer-led instruction for a qualifying exam preparatory course or: How I learned to stop worrying and love the Ph.D. qualifying exam Warren Christensen.
Class 1 Background, Tools, and Trust CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman

Class 1 Background, Tools, and Trust CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman
1 i206: Distributed Computing Applications & Infrastructure 2012

1 i206: Distributed Computing Applications & Infrastructure 2012
1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.

1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (http://cups.cs.cmu.edu/course-guide/)

Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (
CptS 401, Fall 2010 9/28/2010 Welcome to Term Project Teambuilding Day! 1 Are you here? A: Yes.

CptS 401, Fall /28/2010 Welcome to Term Project Teambuilding Day! 1 Are you here? A: Yes.
Computers in Society Encryption. Shameless Plug Catch the kayak club trip to Glenwood on Saturday. Fun!

Computers in Society Encryption. Shameless Plug Catch the kayak club trip to Glenwood on Saturday. Fun!
213: User Interface Design & Development Professor: Tapan Parikh TA: Eun Kyoung Choe

213: User Interface Design & Development Professor: Tapan Parikh TA: Eun Kyoung Choe
Welcome to CS 450 Internet Security: A Measurement-based Approach.

Welcome to CS 450 Internet Security: A Measurement-based Approach.
Administrivia Turn in ranking sheets, we’ll have group assignments to you as soon as possible Homeworks Programming Assignment 1 due next Tuesday Group.

Administrivia Turn in ranking sheets, we’ll have group assignments to you as soon as possible Homeworks Programming Assignment 1 due next Tuesday Group.
Approaches to Representing and Recognizing Objects Visual Classification CMSC 828J – David Jacobs.

Approaches to Representing and Recognizing Objects Visual Classification CMSC 828J – David Jacobs.
Welcome to CS 395/495 Measurement and Analysis of Online Social Networks.

Welcome to CS 395/495 Measurement and Analysis of Online Social Networks.
Welcome to CS 395/495 Internet Architectures. What is this class about? (1) Goal: to help you understand what the future Internet will look like –What.

Welcome to CS 395/495 Internet Architectures. What is this class about? (1) Goal: to help you understand what the future Internet will look like –What.
Camps Planning, organizing, and running camps for elementary and middle school students. Nancy Moyers John Nguyen.

Camps Planning, organizing, and running camps for elementary and middle school students. Nancy Moyers John Nguyen.
Outreach at the NGS Gillian Sinclair NGS Liaison Officer.

Outreach at the NGS Gillian Sinclair NGS Liaison Officer.
Contacting the UCO Help Desk Welcome to English 101! This brief lesson will explain options for receiving technical support as you participate in this.

Contacting the UCO Help Desk Welcome to English 101! This brief lesson will explain options for receiving technical support as you participate in this.

Similar presentations

Ads by Google