Date : 2/12/2010 Web Technology Solutions Class: Adding Security and Authentication Features to Your Application.

Slides:



Advertisements
Similar presentations
Members Only & Login Modules Members Only works with the Login module to provide password protection to Web pages and files. Login Groups may be created.
Advertisements

V 1.0 OE NIK 2013 PHP+SQL 5. Password management (password hashing) Stateless HTTP, storage methods Login form 1.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.
Web Application Security An Introduction. OWASP Top Ten Exploits *Unvalidated Input Broken Access Control Broken Authentication and Session Management.
FlexForm Login form integration Copyright ©2008 Collective Software, LLC.
Nikolay Kostov Telerik Corporation
STOCKDOC Advanced Stock Management System
Chapter 9 Collecting Data with Forms. A form on a web page consists of form objects such as text boxes or radio buttons into which users type information.
PHP Tutorials 02 Olarik Surinta Management Information System Faculty of Informatics.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University
Web Server Administration Chapter 7 Installing and Testing a Programming Environment.
Sofia, Bulgaria | 9-10 October Writing Secure Code for ASP.NET Stephen Forte CTO, Corzen Inc Microsoft Regional Director NY/NJ (USA) Stephen Forte CTO,
Sayed Ahmed Computer Engineering, BUET, Bangladesh MSc., Computer Science, Canada
Goals One ASP.NET Membership story – Web APIs and Web Apps Profile. Extensibility allows for non SQL persistence model. Improve unit testability of.
Authentication Key HMAC(MK, “auth”) Server Encryption Key HMAC(MK, “server_enc”) User Password Master Key (MK) Client Encryption Key HMAC(MK, “client_enc”)
12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.
Feedback #2 (under assignments) Lecture Code:
School of Computing and Information Systems CS 371 Web Application Programming PHP – Forms, Cookies, Sessions and Database.
Web Scripting [PHP] CIS166AE Wednesdays 6:00pm – 9:50pm Rob Loy.
Week seven CIT 354 Internet II. 2 Objectives Database_Driven User Authentication Using Cookies Session Basics Summary Homework and Project 2.
Monitor's Secret Key Crypto - KARN, encrypt 512 bit Secret.
Date : 3/3/2010 Web Technology Solutions Class: Application Syndication: Parse and Publish RSS & XML Data.
Nic Shulver, Introduction to Sessions in PHP Sessions What is a session? Example Software Software Organisation The login HTML.
All Input is Evil (Part 1) Introduction Will not cover everything Healthy level of paranoia Use my DVD Swap Shop application (week 2)
Web Scripting [PHP] CIS166AE Wednesdays 6:00pm – 9:50pm Rob Loy.
Chapter 9 Session Tracking. Session Tracking Basics Accessing the session object associated with the current request: Call request.getSession to get an.
October 3, 2008IMI Security Symposium Application Security through a Hacker’s Eyes James Walden Northern Kentucky University
CIS166AE : PHP Web Scripting Rob Loy. Tonight’s Agenda Housekeeping items Housekeeping items PHP basics PHP basics Student connection to server Student.
Web Database Programming Week 7 Session Management & Authentication.
Cookies and Sessions IDIA 618 Fall 2014 Bridget M. Blodgett.
GOAL User Interactive Web Interface Update Pages by Club Officers Two Level of Authentication.
Date : 02/03/2014 Web Technology Solutions Class: OOP PHP, Design Patterns and CRUD.
PHP-based Authentication
PHP Secure Communications Web Technologies Computing Science Thompson Rivers University.
June 22, 2002The Winning Way!1 The Winning Way Seattle Orlando.
From “Control Panel”, launch “Programs and Features” then select “Turn Windows features on or off” Lab 2: Setup Lab Environment.
Date : 3/04/2010 Web Technology Solutions Class: PHP Web Application Frameworks.
Various Notes on PHP Several useful tidbits not discussed in class.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Our Mission: to secure these applications Against…  Direct observation of the login process  Network snoopers  Tailgating proxy  Keystroke logging.
ASSIGNMENT 02 – Week of Nov 16 th IDEAS SQL insert and update statements Programmers-defined functions in PHP PHP safe IO functions: mysql_real_escape_string.
ASSIGNMENT 2 Salim Malakouti. Ticketing Website  User submits tickets  Admins answer tickets or take appropriate actions.
PHP Form Processing * referenced from
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
Secure Transactions Chapter 17. The user's machine No control over security of user's machine –Might be in very insecure: library, school, &c. Users disable.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
COOKIES AND SESSIONS.
PHP: Further Skills 02 By Trevor Adams. Topics covered Persistence What is it? Why do we need it? Basic Persistence Hidden form fields Query strings Cookies.
1-way String Encryption Rainbows (a.k.a. Spectrums) Public Private Key Encryption HTTPS Encryption.
Web Technology Solutions
Web Technology Solutions
CAS and Web Single Sign-on at UConn
Chapter 5: The Art of Ensuring Integrity
Instructor Materials Chapter 5: The Art of Ensuring Integrity
PHP Overview PHP: Hypertext Preprocessor Server-Side Scripting
Using SSL – Secure Socket Layer
Bigpond Contact Number  Support to update account features  Receive error messages during.
HTML Forms and User Input
Login & administration page
Web Systems Development (CSC-215)
PHP: Security issues FdSc Module 109 Server side scripting and
Instructor Materials Chapter 5: The Art of Ensuring Integrity
Cookies and sessions Saturday, February 23, 2019Saturday, February 23,
Exercise: Hashing, Password security, And File Integrity
Presentation transcript:

Date : 2/12/2010 Web Technology Solutions Class: Adding Security and Authentication Features to Your Application

Tonight ✤ DB Review PHP User RegistrationPHP User Login PHP User Password ResetLab

Lab Preview ✤ Continue CRUD on Final ✤ Create Single Survey ✤ Create, Update and Delete Questions ✤ Create Responses, View Responses ✤ Build a User Auth System for Final ✤ Build Registration Page ✤ Build Login Script ✤ Build Password Reset

Final Project Review ✤ Final Project - Web App (link) ✤ registration feature ✤ login logout ✤ admin ability to create\read\update\delete (CRUD) ✤ Maintain State throughout app (cookies\sessions) ✤ XML and RSS feeds ✤ Valid HTML and CSS design

PHP Output Control ✤ Output Control allows you to tell PHP when to submit information to the browser. ✤ Great: ✤ Working with header(), avoid errors ✤ Controlling Browser Output ✤ Cons: ✤ Buffer Limits (default bite size of 4096kb) ✤ Memory Limits

Output Buffering ✤ ob_start(); ✤ Turns on output buffering ✤ data is held within internal “buffer” waiting to be published to the browser. ✤ Call at start of script ✤ Can have a callback function ✤ Can nest buffers

Output Buffering ✤ ob_end_flush() ✤ Sends the data in the buffer to the browser ✤ Turns off output buffer. ✤ Loop through ob_end_flush() to close all jobs

Output Buffering ✤ ob_end_clean() ✤ //removes data from the buffer (doesn’t go to browser) ✤ ob_flush() ✤ //send data to the browser but buffer remains on ✤ ob_get_contents() ✤ //get the content of the buffer (no browser or erase)

String Encryption ✤ Add additional security by using string encryption on secure data. ✤ Passwords. Credit Cards, etc. ✤ md5() //creates a 32 hex-dex char ✤ apple = 1f3870be274f6c49b3e31a0c f ✤ Good for one way matching ✤ Cannot “reverse”

String Encryption ✤ The sha1() function calculates the SHA-1 hash of a string. ✤ Stronger encryption that md5. ✤ Hackers and Rainbow Tables ✤ $str = 'Hello'; ✤ echo sha1($str); //f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0

Salts ✤ In cryptography, a salt consists of random bits that are used as one of the inputs to a key derivation function.cryptographyrandombitskey derivation function ✤ $str = 'Hello'; ✤ $salt = “World”; ✤ $storage = $str. $salt; ✤ echo sha1($storage); //fwd8s23jd9sfjk9sdfljk3jsd8kdwv

Lab & Next Week ✤ Lab ✤ Create Login system ✤ Properly Encrypt Password. ✤ Add Security and Authorization into your app. ✤ Reading: Chapter 11 See you Tuesday!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.