Introduction to Information Security

Slides:

Advertisements

Similar presentations

HTTP Request/Response Process 1.Enter URL ( in your browser’s address bar. 2.Your browser uses DNS to look up IP address of server.com.

Advertisements

How the web works: HTTP and CGI explained

HTTP Overview Vijayan Sugumaran School of Business Administration Oakland University.

 What is it ? What is it ?  URI,URN,URL URI,URN,URL  HTTP – methods HTTP – methods  HTTP Request Packets HTTP Request Packets  HTTP Request Headers.

INTRO TO MAKING A WEBSITE Mark Zhang.  HTML  CSS  Javascript  PHP  MySQL  …That’s a lot of stuff!

WEB DESIGN SOME FOUNDATIONS. SO WHAT IS THIS INTERNET.

CSCI 323 – Web Development Chapter 1 - Setting the Scene We’re going to move through the first few chapters pretty quick since they are a review for most.

Introduction to InfoSec – Recitation 8 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Copyright © cs-tutorial.com. Introduction to Web Development In 1990 and 1991,Tim Berners-Lee created the World Wide Web at the European Laboratory for.

Chapter 1: Introduction to Web

WEB SECURITY WEEK 3 Computer Security Group University of Texas at Dallas.

With your friendly Web Developer, Chris.. Terminology  HTML - > Hypertext Markup Language  CSS -> Cascading Style Sheet  open tag  close tag  HTTP->Hypertext.

Introduction to InfoSec – Recitation 7 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

HTML. Principle of Programming  Interface with PC 2 English Japanese Chinese Machine Code Compiler / Interpreter C++ Perl Assembler Machine Code.

Kingdom of Saudi Arabia Ministry of Higher Education Al-Imam Muhammad Ibn Saud Islamic University College of Computer and Information Sciences Chapter.

Session I Chapter 1 - Introduction to Web Development

Web Design (1) Terminology. Coding ‘languages’ (1) HTML - Hypertext Markup Language - describes the content of a web page CSS - Cascading Style Sheets.

Where does PHP code get executed?. Where does JavaScript get executed?

Operating Systems Lesson 12. HTTP vs HTML HTML: hypertext markup language ◦ Definitions of tags that are added to Web documents to control their appearance.

Session 1 Chapter 1 - Introduction to Web Development ITI 133: HTML5 Desktop and Mobile Level I

IS-907 Java EE World Wide Web - Overview. World Wide Web - History Tim Berners-Lee, CERN, 1990 Enable researchers to share information: Remote Access.

Module: Software Engineering of Web Applications Chapter 2: Technologies 1.

Introduction to HTML. _______________________________________________________________________________________________________________ 2 Outline Key issues.

HTML A brief introduction HTML1. HTML, what is? HTML is a markup language for describing web documents (web pages). HTML stands for Hyper Text Markup.

Overview Web Technologies Computing Science Thompson Rivers University.

1 Chapter 22 World Wide Web (HTTP) Chapter 22 World Wide Web (HTTP) Mi-Jung Choi Dept. of Computer Science and Engineering

1/7/2016www.infocampus.co.in1. 1/7/2016www.infocampus.co.in2 Web Development training gives you and all-round training in both the design and the development.

CSCI 3100 Tutorial 2 Web Development Tools 1 HTML 5 & CSS 3 1.

National College of Science & Information Technology.

Web Security (cont.) 1. Referral issues r HTTP referer (originally referrer) – HTTP header that designates calling resource  Page on which a link is.

Web Development. Agenda Web History Network Architecture Types of Server The languages of the web Protocols API 2.

Dive into web development

4.01 How Web Pages Work.

4.01 How Web Pages Work.

Web Technologies Computing Science Thompson Rivers University

Objective % Select and utilize tools to design and develop websites.

Javascript and Dynamic Web Pages: Client Side Processing

Introduction to Dynamic Web Programming

HTTP – An overview.

World Wide Web policy.

CISC103 Web Development Basics: Web site:

How does it work ?.

API Security Auditing Be Aware,Be Safe

1993 version of Mosaic browser.

Web Languages What Is a Web Page?

Lecture 11. Web Standards Continued

>> CSS Rules Selection

Hypertext Transfer Protocol

What is REST API ? A REST (Representational State Transfer) Server simply provides access to resources and the REST client accesses and presents the.

Objective % Select and utilize tools to design and develop websites.

Web Languages What Is a Web Page?

CISC103 Web Development Basics: Web site:

Chapter 27 WWW and HTTP.

CSC 495/583 Topics of Software Security Intro to Web Security

HTML5 Level I Session I Chapter 1 - Introduction to Web Development

Lecture 26: Web Security CS /2/2018.

Secure Web Programming

Introduction to World Wide Web

HTML5 and Local Storage.

Web Development 101 Workshop

Architecture of the web

BOF #1 – Fundamentals of the Web

Johan Ng and Muhammad Hazzry

Web Technologies Computing Science Thompson Rivers University

4.01 How Web Pages Work.

Web Servers (IIS and Apache)

Web Application Development Using PHP

Presentation transcript:

Introduction to Information Security Web Vulnerabilities

It's Everywhere So obviously, we want to examine it from an information security perspective Outline HTTP HTML, CSS, JS PHP, SQL

Overview We have a server machine, with some OS, running a web server That's just a program that listens on port 80/443 for requests, and generates responses We have a client machine, with some OS, running a web browser That's just a program that sends requests to web servers, and renders their responses nicely The request/response protocol is called HTTP (HyperText Transfer Protocol) The client side (frontend) usually uses HTML (HyperText Markup Language), CSS (Cascading Style Sheets) and JS (JavaScript) The server side (backend) usually uses PHP (PHP: Hypertext Preprocessor) and SQL (Structured Query Language) – although a myriad of new technologies emerge (Django, Ruby on Rails, Node.js, Mongo, Redis, Elastic, Hadoop)

HTTP Request [method] [URI] HTTP/1.1\r\n [header\r\n]* \r\n [content] Method: what to do – mainly GET and POST (but also PUT, DELETE and some others) URI (Unique Resource Identifier): what to do it on – a path, like / or /index.html Headers: Host, User-Agent, Accept-Language, ...

HTTP Response HTTP/1.1 [status code] [status message]\r\n [header\r\n]* \r\n [content] Status: success indicator (200 OK, 500 Server Error, 404 Not Found, 302 Redirect, ...) Headers: Content-Type, Content-Length, Expires, ...

More on HTTP Cookies A way for the web server to store something on the client side Has a domain, a key, a value, and an expiration date For example, given a username and a password, the server validates them and generates a cookie, which preserves the user's identity though the site If I steal your cookie, I become you HTTPS SSL + HTTP

HTML <html> <head> <title>My First Web Page</title> </head> <body> <p>Hello, world!</p> </body> </html> <tag></tag> or <tag /> <tag key="value" key="value" ...> <tag>content</tag> In other words, XML that represents the structure of the DOM (Document Object Model)

CSS <head> <style> p { color: #ff0000 } #foo { text-weight: bold } .bar { width: 100px; height: 100px; border-style: solid } </style> <link href="style.css" rel="stylesheet" /> </head> <body> <p>This is red</p> <div id="foo">This is bold</div> <div class="bar">This is a bordered box</div> </body> selector { property: value }

JS <script> function foo() { if (1 + 1 >= 2) { alert('Hello, world!') } foo() </script> A full fledges (albeit, pretty weird) programming language JQuery – a powerful JS library $('#foo').append('<p></p>').css('backgroundColor', 'red') $.post('/foo', {'x': 1}, function(data) { alert(data) })

Chrome Developer Tools Settings > More Tools > Developer Tools (ctrl + shift + i)

Exploits Cookies CSRF (Cross-Site Request Forgery) Login CSRF Solution: SOP (Same Origin Policy) Sniffing Cookies (HTTPS) Phishing (HTTPS?) UI Redressing (lmageshack, favicon) XSS (Escaping?) Social Engineering Guessing... Daisy Chaining