Kopieren und bearbeiten

Computer Security U10 - Web Security

Beschreibung

Mindmap am Computer Security U10 - Web Security, erstellt von Nick.Bell2013 am 28/04/2013.
Nick.Bell2013
Mindmap von Nick.Bell2013, aktualisiert more than 1 year ago
Nick.Bell2013
Erstellt von Nick.Bell2013 vor etwa 12 Jahre
56
8
0
1 2 3 4 5 (0)

Zusammenfassung der Ressource

Computer Security U10 - Web Security
  1. Web basics
    1. HTTP
      1. HTML
        1. URL
        2. TCP/IP protocol
          1. stateless
            1. unprotected
            2. security issues
              1. C I A
                1. availability
            3. Web applications
              1. functionality
                1. server-side
                  1. SQL Injection attack
                  2. client -side
                  3. active content
                    1. mobile code
                      1. attack = "jumping the firewall
                      2. safeguards
                        1. blocking/filtering before execution
                          1. restricting functionality
                            1. Sandboxing
                              1. code signing
                                1. digital signature
                                  1. assumes fully implemented PKI
                                2. Java Virtual Machine (JVM)
                        2. trusted sources
                          1. attacks
                            1. Parameter injection
                              1. Cross-site scripting
                                1. File traversals
                          2. Authentication
                            1. SSL
                              1. SSO
                                1. local password storage
                                  1. proprietary, vendor-specific solutions
                                    1. centralised approach
                                      1. federated approach
                                  2. Library Alliance
                                  3. MS Passport
                                    1. Pros
                                      1. no special s/ware needed
                                      2. Cons
                                        1. central server = single point of failure
                                          1. data mining
                                    2. Privacy
                                      1. Web session traces
                                        1. cookies
                                          1. session management
                                            1. personalised web offers
                                              1. authentication
                                              2. server logs
                                                1. cached web pages
                                              3. Transmission security
                                                1. Secure Socket Layer (SSL) & Transport Layer Security (TLS)
                                                  1. security services
                                                    1. strong authentication
                                                      1. integrity
                                                        1. confidentiality (encryption)
                                                        2. stops: spoofing eavesdropping manipulation
                                                          1. deployment
                                                            1. not a single solution
                                                              1. security ends outside tunnel
                                                                1. dependent on PKI
                                                            2. Browser security
                                                              1. settings
                                                                1. SSL
                                                                  1. cookies
                                                                    1. active content
                                                                      1. caching
                                                                        1. passwords
                                                                  2. complex/numerous
                                                                2. Web services
                                                                  1. idea
                                                                    1. services in machine-readable form
                                                                    2. technology
                                                                      1. HTTP
                                                                        1. XML
                                                                          1. SOAP
                                                                            1. WSDL
                                                                              1. UDDI
                                                                      2. security
                                                                        1. initiatives
                                                                          1. add security mechanisms
                                                                            1. web services
                                                                          2. issues
                                                                            1. delegation
                                                                              1. over company borders
                                                                                1. transaction
                                                                                  1. end-to-end
                                                                                    1. message-level
                                                                                      1. for open infrastructure
                                                                                        1. between "strangers"
                                                                        Zusammenfassung anzeigen Zusammenfassung ausblenden

                                                                        0 Kommentare

                                                                        There are no comments, be the first and leave one below:

                                                                        Möchten Sie kostenlos Ihre eigenen Mindmaps mit GoConqr erstellen? Mehr erfahren.

                                                                        ähnlicher Inhalt

                                                                        SSCP Domains
                                                                        Abdul Issa
                                                                        Computer Security Potential Flaws
                                                                        Rob Speirs
                                                                        Italienisch -Vokabeln
                                                                        w.knogler
                                                                        Epochen und Literaturströmungen für das Abitur 2016
                                                                        Laura Overhoff
                                                                        1 Grundlagen der Finanzbuchhaltung
                                                                        Ella Wandao
                                                                        WIRK III
                                                                        luis r
                                                                        WERB Uni Wien 2017/18
                                                                        Denise Schmid
                                                                        BM6 Fröhlich SS 19
                                                                        Daniel Martinovic
                                                                        Vetie Geflügel 2017
                                                                        Johanna Müller
                                                                        Vetie - Spezielle Pathologie 2021
                                                                        Svea Schill
                                                                        Bibliothek durchsuchen