Web Applications Security INTRO

Slides:

Advertisements

Similar presentations

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

Advertisements

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

SEEM4570: XAMPP, Eclipse, Summary of Html Kangfei Zhao Room 711,ERB

- Chaitanya Krishna Pappala Enterprise Architect- a tool for Business process modelling.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Intro to PHP at Winthrop CSCI 297 Scripting Languages Day One.

ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.

Copyright © 2006, SAS Institute Inc. All rights reserved. What Is New in SAS Profitability Management (PrM) 2.1? Authors: Jack Zhang Solution & Version:

Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.

Use to Implement: Input validation Page-Level authorization Session Management Audit Logging Use to Implement: Input validation Page-Level authorization.

Milestone III BRIAN WYKA.  Web-based project manager  Ideal for small company  Portal for employees to interact with each other  A way for administrators.

Systems Development Lifecycle Testing and Documentation.

Online Translation Service Capstone Design Eunyoung Ku Jason Roberts Jennifer Pitts Gregory Woodburn Kim Tran.

CakePHP is an open source web development framework. It follows Model-View- Controller and is developed using PHP. IT is the basic for user to create.

Software Project Documentation. Types of Project Documents  Project Charter  Requirements  Mockups and Prototypes  Test Cases  Architecture / Design.

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

OWASP ESAPI SwingSet An introduction by Fabio Cerullo.

Security, Accounting, and Assurance Mahdi N. Bojnordi 2004

© 2007 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. An Open Source ARM 4 Implementation.

ASP (Active Server Pages) by Bülent & Resul. Presentation Outline Introduction What is an ASP file? How does ASP work? What can ASP do? Differences Between.

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

PHP Error Handling & Reporting. Error Handling Never allow a default error message or error number returned by the mysql_error() and mysql_errno() functions.

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University

How much time does it take me to create an incident report in my IT infrastructure?

Software Testing Training Online. Software testing is ruling the software business in current scenario. It provides an objective, independent view of.

Computer Security Introduction

CS457 Introduction to Information Security Systems

Fundamental of Databases

Building Web Applications with Microsoft ASP

Web Applications Security Cryptography 1

Deploying Web Application

Information Security, Theory and Practice.

Outline Basic concepts in computer security

PGT(CS) ,KV JHAGRAKHAND

Information Technology Controls

Secure Software Confidentiality Integrity Data Security Authentication

Information Security.

NETWORK SECURITY Cryptography By: Abdulmalik Kohaji.

Cloud Data platform (Cloud Application Development & Deployment)

Security Shmuel Wimer prepared and instructed by

Web Applications Security What are web Applications?

Introduction to Operating System (OS)

PHP / MySQL Introduction

Graduation Project Kick-off presentation - SET

Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek

Database Driven Websites

Intro to PHP at Winthrop

Security Protection Goals

Chapter 2: System Structures

Content of Presentation

System Analysis and Design

System Analysis and Design

Chapter 29: Program Security

Online Translation Service Capstone Design

…and web frameworks in general

PLANNING A SECURE BASELINE INSTALLATION

Building Web Applications with Microsoft ASP

Web Servers (IIS and Apache)

Divine IT Limited F Haque Tower 107 Bir Uttam C. R

Web Application Development Using PHP

Presentation transcript:

Web Applications Security INTRO IT College, Andres Käver, 2017-2018, autumn semester Web: http://enos.Itcollege.ee/~akaver/WebSec Skype: akaver Email: akaver@itcollege.ee

Technical requirements Projects in git (git.akaver.com) If possible, use personal laptop for everything We will use several platforms and languages during course Java, php, C#, JavaScript, C/C++, Python, etc.. Linux, Windows MySql, MS SQL

What, Why, How, …. Web applications security Security principles Cryptography Input Validation Output Encoding Authentication and Password Management Session Management Access Control Error Handling and Logging Data Protection Communication Security System Configuration Database Security File Management Memory Management General Coding Practices

Security Fundamentals - CIA Confidentiality Only those with the correct authorization can access the data Integrity Protecting data against unauthorized modification, or assuring data trustworthiness Availability Ensuring the presence of information or resources

Security Fundamentals CIA is often extended with Authentication Authentication is about confirming the identity of the entity that wants to interact with a secure system. Authorization Authorization is about specifying access rights to secure resources. It is normally preceded by Authentication. Auditing Auditing is about keeping track of implementation-level events, as well as domain-level events taking place in a system. It can provide not only technical information about the running system, but also proof that particular actions have been performed. "Who did What? When? And potentially How?"

THE END