3177222
0
Description
A guide to securing modern web applications
Resource summary
The Tangled Web
1 Security in the World of Web Applications
1.1 History of the Web
1.1.1 GML
1.1.1.1 IBM's Generalized Markup Language
1.1.1.1.1 "this is a header", "this is a list"
1.1.1.2 SGML
1.1.1.2.1 Standard Generalized Markup Language
1.1.1.2.2 HTML
1.1.1.2.2.1 Focused on simplicity
1.1.1.2.2.2 Tim Berners-Lee and Dan Connolly
1.1.1.2.2.3 HyperText Markup Language
1.1.1.2.2.4 HTTP
1.1.1.2.2.4.1 HyperText Transfer Protocol
1.1.1.2.2.4.2 Dedicated scheme for accessing HTML resources using TCP/IP, DNS and file pathes concepts
1.1.1.2.2.4.3 Tim's WWW Project
Annotations:
- World Wide Web
1.1.1.2.2.4.3.1 1991-1993
1.1.1.2.2.4.3.2 A browser that parsed HTML and allowed navigation from one page to another
1.1.1.2.2.4.3.3 Tim Berners-Lee
1.1.1.2.2.4.3.4 Mosaic Web Browser
1.1.1.2.2.4.3.4.1 Netscape Navigator
1.1.1.2.2.4.3.4.2 Spyglass Mosaic
1.1.1.2.2.4.3.4.2.1 Microsoft Internet Explorer
1.1.1.3 1960's
1.1.2 Microsoft XMLHttpRequest
1.1.2.1 Web 2.0
1.1.3 W3C - WWW Consortium
1.2 Risk Management
1.2.1 CWE
1.2.1.1 Homeland Security
1.2.1.2 Common Weakness Enumeration
1.2.1.3 "Provide a common language"
1.2.2 CVSS
1.2.2.1 Common Vulnerability Scoring System
1.2.2.1.1 method to quantify and score a vulnerability based on risk
1.2.3 probability * maximum loss = risk
2 Anatomy of the Web
2.1 URLs
2.2 HTTP
2.3 HTML
2.4 CSS
2.5 Browser Scripts
2.6 Doc Types
2.7 Plug-ins
3 Browser Security
3.1 Content Isolation
3.2 Origin Inheritance
3.3 Outside Same-Origin
3.4 Other Boundaries
3.5 Content Recognition
3.6 Rouge Scripts
3.7 Site Privileges
4 Future
4.1 New Security Features
4.2 Other Browser Mechanisms
4.3 Common Web Vulnerabilities
