60707
Description
Computer
Security U10 -
Web Security
- Web basics
- HTTP
- HTML
- URL
- URL
- TCP/IP
protocol
- stateless
- unprotected
- HTML
- security
issues
- C I A
- availability
- availability
- C I A
- HTTP
- Web applications
- functionality
- server-side
- SQL
Injection
attack
- SQL
Injection
attack
- client -side
- server-side
- active
content
- mobile
code
- attack =
"jumping the
firewall
- attack =
"jumping the
firewall
- safeguards
- blocking/filtering
before
execution
- restricting
functionality
- Sandboxing
- code
signing
- digital
signature
- assumes fully
implemented PKI
- assumes fully
implemented PKI
- digital
signature
- Java Virtual
Machine
(JVM)
- code
signing
- Sandboxing
- restricting
functionality
- blocking/filtering
before
execution
- mobile
code
- trusted
sources
- attacks
- Parameter
injection
- Cross-site
scripting
- File
traversals
- File
traversals
- Cross-site
scripting
- Parameter
injection
- functionality
- Authentication
- SSL
- SSO
- local
password
storage
- proprietary,
vendor-specific
solutions
- centralised
approach
- federated
approach
- federated
approach
- centralised
approach
- proprietary,
vendor-specific
solutions
- Library
Alliance
- local
password
storage
- MS Passport
- Pros
- no special
s/ware
needed
- no special
s/ware
needed
- Cons
- central
server =
single point of
failure
- data mining
- data mining
- central
server =
single point of
failure
- Pros
- SSL
- Privacy
- Web session
traces
- cookies
- session
management
- personalised
web offers
- authentication
- session
management
- server
logs
- cached web
pages
- cookies
- Web session
traces
- Transmission security
- Secure Socket
Layer (SSL) & Transport
Layer Security
(TLS)
- security
services
- strong
authentication
- integrity
- confidentiality
(encryption)
- strong
authentication
- stops: spoofing
eavesdropping
manipulation
- deployment
- not a
single
solution
- security
ends outside
tunnel
- dependent
on PKI
- not a
single
solution
- security
services
- Secure Socket
Layer (SSL) & Transport
Layer Security
(TLS)
- Browser security
- settings
- SSL
- cookies
- active content
- caching
- passwords
- passwords
- caching
- active content
- cookies
- complex/numerous
- SSL
- settings
- Web services
- idea
- services in
machine-readable
form
- services in
machine-readable
form
- technology
- HTTP
- XML
- SOAP
- WSDL
- UDDI
- UDDI
- WSDL
- SOAP
- XML
- HTTP
- security
- initiatives
- add security
mechanisms
- web services
- web services
- add security
mechanisms
- issues
- delegation
- over
company
borders
- transaction
- end-to-end
- message-level
- for open infrastructure
- between "strangers"
- between "strangers"
- for open infrastructure
- message-level
- end-to-end
- transaction
- over
company
borders
- delegation
- initiatives
- idea
0 comments
Want to create your own Mind Maps for free with GoConqr? Learn more.