Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Applications Security INTRO

Published byClare Quinn Modified over 5 years ago

Similar presentations

Presentation on theme: "Web Applications Security INTRO"— Presentation transcript:

1 Web Applications Security INTRO
IT College, Andres Käver, , autumn semester Web: Skype: akaver

2 Technical requirements
Projects in git (git.akaver.com) If possible, use personal laptop for everything We will use several platforms and languages during course Java, php, C#, JavaScript, C/C++, Python, etc.. Linux, Windows MySql, MS SQL

3 What, Why, How, …. Web applications security Security principles
Cryptography Input Validation Output Encoding Authentication and Password Management Session Management Access Control Error Handling and Logging Data Protection Communication Security System Configuration Database Security File Management Memory Management General Coding Practices

4 Security Fundamentals - CIA
Confidentiality Only those with the correct authorization can access the data Integrity Protecting data against unauthorized modification, or assuring data trustworthiness Availability Ensuring the presence of information or resources

5 Security Fundamentals
CIA is often extended with Authentication Authentication is about confirming the identity of the entity that wants to interact with a secure system. Authorization Authorization is about specifying access rights to secure resources. It is normally preceded by Authentication. Auditing Auditing is about keeping track of implementation-level events, as well as domain-level events taking place in a system. It can provide not only technical information about the running system, but also proof that particular actions have been performed. "Who did What? When? And potentially How?"

6 THE END

7

8

9

10

11

12

13

14

Download ppt "Web Applications Security INTRO"

Similar presentations

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
SEEM4570: XAMPP, Eclipse, Summary of Html Kangfei Zhao Room 711,ERB

SEEM4570: XAMPP, Eclipse, Summary of Html Kangfei Zhao Room 711,ERB
- Chaitanya Krishna Pappala Enterprise Architect- a tool for Business process modelling.

- Chaitanya Krishna Pappala Enterprise Architect- a tool for Business process modelling.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
Intro to PHP at Winthrop CSCI 297 Scripting Languages Day One.

Intro to PHP at Winthrop CSCI 297 Scripting Languages Day One.
ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.

ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.
Copyright © 2006, SAS Institute Inc. All rights reserved. What Is New in SAS Profitability Management (PrM) 2.1? Authors: Jack Zhang Solution & Version:

Copyright © 2006, SAS Institute Inc. All rights reserved. What Is New in SAS Profitability Management (PrM) 2.1? Authors: Jack Zhang Solution & Version:
Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.

Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.
Use to Implement: Input validation Page-Level authorization Session Management Audit Logging Use to Implement: Input validation Page-Level authorization.

Use to Implement: Input validation Page-Level authorization Session Management Audit Logging Use to Implement: Input validation Page-Level authorization.
Milestone III BRIAN WYKA.  Web-based project manager  Ideal for small company  Portal for employees to interact with each other  A way for administrators.

Milestone III BRIAN WYKA.  Web-based project manager  Ideal for small company  Portal for employees to interact with each other  A way for administrators.
Systems Development Lifecycle Testing and Documentation.

Systems Development Lifecycle Testing and Documentation.
Online Translation Service Capstone Design Eunyoung Ku Jason Roberts Jennifer Pitts Gregory Woodburn Kim Tran.

Online Translation Service Capstone Design Eunyoung Ku Jason Roberts Jennifer Pitts Gregory Woodburn Kim Tran.
CakePHP is an open source web development framework. It follows Model-View- Controller and is developed using PHP. IT is the basic for user to create.

CakePHP is an open source web development framework. It follows Model-View- Controller and is developed using PHP. IT is the basic for user to create.
Software Project Documentation. Types of Project Documents  Project Charter  Requirements  Mockups and Prototypes  Test Cases  Architecture / Design.

Software Project Documentation. Types of Project Documents  Project Charter  Requirements  Mockups and Prototypes  Test Cases  Architecture / Design.

Similar presentations

Ads by Google