The Tangled Web

Description

A guide to securing modern web applications
Ron Kuper
Mind Map by Ron Kuper, updated more than 1 year ago
Ron Kuper
Created by Ron Kuper about 9 years ago
45
0

Resource summary

The Tangled Web
  1. Security in the World of Web Applications
    1. History of the Web
      1. GML
        1. IBM's Generalized Markup Language
          1. "this is a header", "this is a list"
          2. SGML
            1. Standard Generalized Markup Language
              1. HTML
                1. Focused on simplicity
                  1. Tim Berners-Lee and Dan Connolly
                    1. HyperText Markup Language
                      1. HTTP
                        1. HyperText Transfer Protocol
                          1. Dedicated scheme for accessing HTML resources using TCP/IP, DNS and file pathes concepts
                            1. Tim's WWW Project

                              Annotations:

                              • World Wide Web
                              1. 1991-1993
                                1. A browser that parsed HTML and allowed navigation from one page to another
                                  1. Tim Berners-Lee
                                    1. Mosaic Web Browser
                                      1. Netscape Navigator
                                        1. Spyglass Mosaic
                                          1. Microsoft Internet Explorer
                                2. 1960's
                                3. Microsoft XMLHttpRequest
                                  1. Web 2.0
                                  2. W3C - WWW Consortium
                                  3. Risk Management
                                    1. CWE
                                      1. Homeland Security
                                        1. Common Weakness Enumeration
                                          1. "Provide a common language"
                                          2. CVSS
                                            1. Common Vulnerability Scoring System
                                              1. method to quantify and score a vulnerability based on risk
                                            2. probability * maximum loss = risk
                                          3. Anatomy of the Web
                                            1. URLs
                                              1. HTTP
                                                1. HTML
                                                  1. CSS
                                                    1. Browser Scripts
                                                      1. Doc Types
                                                        1. Plug-ins
                                                        2. Browser Security
                                                          1. Content Isolation
                                                            1. Origin Inheritance
                                                              1. Outside Same-Origin
                                                                1. Other Boundaries
                                                                  1. Content Recognition
                                                                    1. Rouge Scripts
                                                                      1. Site Privileges
                                                                      2. Future
                                                                        1. New Security Features
                                                                          1. Other Browser Mechanisms
                                                                            1. Common Web Vulnerabilities
                                                                            Show full summary Hide full summary

                                                                            Similar

                                                                            1.5 Application and Security Controls
                                                                            DJ Perrone
                                                                            "The 1 Min Manager" Flashcards
                                                                            Rafael Testai
                                                                            "Enchantment" by Guy Kawasaki Flashcards
                                                                            Rafael Testai
                                                                            transition metals
                                                                            Ella Wolf
                                                                            GCSE PE - 4
                                                                            lydia_ward
                                                                            GCSE PE - 6
                                                                            lydia_ward
                                                                            Chemistry Equations / Maths
                                                                            Georgia B
                                                                            Yr 12 Biology Mid-Year Exam Notes Part 1
                                                                            gbridgland
                                                                            P1 quiz
                                                                            I M Wilson
                                                                            Learn My Language: Korean-English
                                                                            kang.s.724