Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Information Security

Published by彩奄 费 Modified over 6 years ago

Similar presentations

Presentation on theme: "Introduction to Information Security"— Presentation transcript:

1 Introduction to Information Security
Web Vulnerabilities

2 It's Everywhere So obviously, we want to examine it from an information security perspective Outline HTTP HTML, CSS, JS PHP, SQL

3 Overview We have a server machine, with some OS, running a web server
That's just a program that listens on port 80/443 for requests, and generates responses We have a client machine, with some OS, running a web browser That's just a program that sends requests to web servers, and renders their responses nicely The request/response protocol is called HTTP (HyperText Transfer Protocol) The client side (frontend) usually uses HTML (HyperText Markup Language), CSS (Cascading Style Sheets) and JS (JavaScript) The server side (backend) usually uses PHP (PHP: Hypertext Preprocessor) and SQL (Structured Query Language) – although a myriad of new technologies emerge (Django, Ruby on Rails, Node.js, Mongo, Redis, Elastic, Hadoop)

4 HTTP Request [method] [URI] HTTP/1.1\r\n [header\r\n]* \r\n [content]
Method: what to do – mainly GET and POST (but also PUT, DELETE and some others) URI (Unique Resource Identifier): what to do it on – a path, like / or /index.html Headers: Host, User-Agent, Accept-Language, ...

5 HTTP Response HTTP/1.1 [status code] [status message]\r\n
[header\r\n]* \r\n [content] Status: success indicator (200 OK, 500 Server Error, 404 Not Found, 302 Redirect, ...) Headers: Content-Type, Content-Length, Expires, ...

6 More on HTTP Cookies A way for the web server to store something on the client side Has a domain, a key, a value, and an expiration date For example, given a username and a password, the server validates them and generates a cookie, which preserves the user's identity though the site If I steal your cookie, I become you HTTPS SSL + HTTP

7 HTML <html> <head>
<title>My First Web Page</title> </head> <body> <p>Hello, world!</p> </body> </html> <tag></tag> or <tag /> <tag key="value" key="value" ...> <tag>content</tag> In other words, XML that represents the structure of the DOM (Document Object Model)

8 CSS <head> <style> p { color: #ff0000 }
#foo { text-weight: bold } .bar { width: 100px; height: 100px; border-style: solid } </style> <link href="style.css" rel="stylesheet" /> </head> <body> <p>This is red</p> <div id="foo">This is bold</div> <div class="bar">This is a bordered box</div> </body> selector { property: value }

9 JS <script> function foo() { if (1 + 1 >= 2) {
alert('Hello, world!') } foo() </script> A full fledges (albeit, pretty weird) programming language JQuery – a powerful JS library $('#foo').append('<p></p>').css('backgroundColor', 'red') $.post('/foo', {'x': 1}, function(data) { alert(data) })

10 Chrome Developer Tools
Settings > More Tools > Developer Tools (ctrl + shift + i)

11 Exploits Cookies CSRF (Cross-Site Request Forgery) Login CSRF
Solution: SOP (Same Origin Policy) Sniffing Cookies (HTTPS) Phishing (HTTPS?) UI Redressing (lmageshack, favicon) XSS (Escaping?) Social Engineering Guessing... Daisy Chaining

Download ppt "Introduction to Information Security"

Similar presentations

HTTP Request/Response Process 1.Enter URL (http://server.com) in your browser’s address bar. 2.Your browser uses DNS to look up IP address of server.com.

HTTP Request/Response Process 1.Enter URL ( in your browser’s address bar. 2.Your browser uses DNS to look up IP address of server.com.
How the web works: HTTP and CGI explained

How the web works: HTTP and CGI explained
HTTP Overview Vijayan Sugumaran School of Business Administration Oakland University.

HTTP Overview Vijayan Sugumaran School of Business Administration Oakland University.
 What is it ? What is it ?  URI,URN,URL URI,URN,URL  HTTP – methods HTTP – methods  HTTP Request Packets HTTP Request Packets  HTTP Request Headers.

 What is it ? What is it ?  URI,URN,URL URI,URN,URL  HTTP – methods HTTP – methods  HTTP Request Packets HTTP Request Packets  HTTP Request Headers.
INTRO TO MAKING A WEBSITE Mark Zhang.  HTML  CSS  Javascript  PHP  MySQL  …That’s a lot of stuff!

INTRO TO MAKING A WEBSITE Mark Zhang.  HTML  CSS  Javascript  PHP  MySQL  …That’s a lot of stuff!
WEB DESIGN SOME FOUNDATIONS. SO WHAT IS THIS INTERNET.

WEB DESIGN SOME FOUNDATIONS. SO WHAT IS THIS INTERNET.
CSCI 323 – Web Development Chapter 1 - Setting the Scene We’re going to move through the first few chapters pretty quick since they are a review for most.

CSCI 323 – Web Development Chapter 1 - Setting the Scene We’re going to move through the first few chapters pretty quick since they are a review for most.
Introduction to InfoSec – Recitation 8 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 8 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Copyright © cs-tutorial.com. Introduction to Web Development In 1990 and 1991,Tim Berners-Lee created the World Wide Web at the European Laboratory for.

Copyright © cs-tutorial.com. Introduction to Web Development In 1990 and 1991,Tim Berners-Lee created the World Wide Web at the European Laboratory for.
Chapter 1: Introduction to Web

Chapter 1: Introduction to Web
WEB SECURITY WEEK 3 Computer Security Group University of Texas at Dallas.

WEB SECURITY WEEK 3 Computer Security Group University of Texas at Dallas.
With your friendly Web Developer, Chris.. Terminology  HTML - > Hypertext Markup Language  CSS -> Cascading Style Sheet  open tag  close tag  HTTP->Hypertext.

With your friendly Web Developer, Chris.. Terminology  HTML - > Hypertext Markup Language  CSS -> Cascading Style Sheet  open tag  close tag  HTTP->Hypertext.
Introduction to InfoSec – Recitation 7 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 7 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
HTML. Principle of Programming  Interface with PC 2 English Japanese Chinese Machine Code Compiler / Interpreter C++ Perl Assembler Machine Code.

HTML. Principle of Programming  Interface with PC 2 English Japanese Chinese Machine Code Compiler / Interpreter C++ Perl Assembler Machine Code.
Kingdom of Saudi Arabia Ministry of Higher Education Al-Imam Muhammad Ibn Saud Islamic University College of Computer and Information Sciences Chapter.

Kingdom of Saudi Arabia Ministry of Higher Education Al-Imam Muhammad Ibn Saud Islamic University College of Computer and Information Sciences Chapter.
Session I Chapter 1 - Introduction to Web Development

Session I Chapter 1 - Introduction to Web Development
Web Design (1) Terminology. Coding ‘languages’ (1) HTML - Hypertext Markup Language - describes the content of a web page CSS - Cascading Style Sheets.

Web Design (1) Terminology. Coding ‘languages’ (1) HTML - Hypertext Markup Language - describes the content of a web page CSS - Cascading Style Sheets.
Where does PHP code get executed?. Where does JavaScript get executed?

Where does PHP code get executed?. Where does JavaScript get executed?
Operating Systems Lesson 12. HTTP vs HTML HTML: hypertext markup language ◦ Definitions of tags that are added to Web documents to control their appearance.

Operating Systems Lesson 12. HTTP vs HTML HTML: hypertext markup language ◦ Definitions of tags that are added to Web documents to control their appearance.
Session 1 Chapter 1 - Introduction to Web Development ITI 133: HTML5 Desktop and Mobile Level I www.profburnett.com.

Session 1 Chapter 1 - Introduction to Web Development ITI 133: HTML5 Desktop and Mobile Level I

Similar presentations

Ads by Google