Computer Security U10 - Web Security

Description

Mind Map on Computer Security U10 - Web Security, created by Nick.Bell2013 on 28/04/2013.
Nick.Bell2013
Mind Map by Nick.Bell2013, updated more than 1 year ago
Nick.Bell2013
Created by Nick.Bell2013 about 12 years ago
56
8
1 2 3 4 5 (0)

Resource summary

Computer Security U10 - Web Security
  1. Web basics
    1. HTTP
      1. HTML
        1. URL
        2. TCP/IP protocol
          1. stateless
            1. unprotected
            2. security issues
              1. C I A
                1. availability
            3. Web applications
              1. functionality
                1. server-side
                  1. SQL Injection attack
                  2. client -side
                  3. active content
                    1. mobile code
                      1. attack = "jumping the firewall
                      2. safeguards
                        1. blocking/filtering before execution
                          1. restricting functionality
                            1. Sandboxing
                              1. code signing
                                1. digital signature
                                  1. assumes fully implemented PKI
                                2. Java Virtual Machine (JVM)
                        2. trusted sources
                          1. attacks
                            1. Parameter injection
                              1. Cross-site scripting
                                1. File traversals
                          2. Authentication
                            1. SSL
                              1. SSO
                                1. local password storage
                                  1. proprietary, vendor-specific solutions
                                    1. centralised approach
                                      1. federated approach
                                  2. Library Alliance
                                  3. MS Passport
                                    1. Pros
                                      1. no special s/ware needed
                                      2. Cons
                                        1. central server = single point of failure
                                          1. data mining
                                    2. Privacy
                                      1. Web session traces
                                        1. cookies
                                          1. session management
                                            1. personalised web offers
                                              1. authentication
                                              2. server logs
                                                1. cached web pages
                                              3. Transmission security
                                                1. Secure Socket Layer (SSL) & Transport Layer Security (TLS)
                                                  1. security services
                                                    1. strong authentication
                                                      1. integrity
                                                        1. confidentiality (encryption)
                                                        2. stops: spoofing eavesdropping manipulation
                                                          1. deployment
                                                            1. not a single solution
                                                              1. security ends outside tunnel
                                                                1. dependent on PKI
                                                            2. Browser security
                                                              1. settings
                                                                1. SSL
                                                                  1. cookies
                                                                    1. active content
                                                                      1. caching
                                                                        1. passwords
                                                                  2. complex/numerous
                                                                2. Web services
                                                                  1. idea
                                                                    1. services in machine-readable form
                                                                    2. technology
                                                                      1. HTTP
                                                                        1. XML
                                                                          1. SOAP
                                                                            1. WSDL
                                                                              1. UDDI
                                                                      2. security
                                                                        1. initiatives
                                                                          1. add security mechanisms
                                                                            1. web services
                                                                          2. issues
                                                                            1. delegation
                                                                              1. over company borders
                                                                                1. transaction
                                                                                  1. end-to-end
                                                                                    1. message-level
                                                                                      1. for open infrastructure
                                                                                        1. between "strangers"
                                                                        Show full summary Hide full summary

                                                                        0 comments

                                                                        There are no comments, be the first and leave one below:

                                                                        Similar

                                                                        SSCP Domains
                                                                        Abdul Issa
                                                                        Computer Security Potential Flaws
                                                                        Rob Speirs
                                                                        English Language
                                                                        livbennett
                                                                        A2 Ethics - Virtue Ethics
                                                                        Heloise Tudor
                                                                        PE AQA GCSE REVISION FLASHCARDS
                                                                        ellie.baumber
                                                                        Aparatos y sistemas del cuerpo humano
                                                                        Mai Sin Más
                                                                        Physics: Energy resources and energy transfer
                                                                        katgads
                                                                        GCSE REVISION TIMETABLE
                                                                        megangeorgia03
                                                                        Salesforce Admin 201 Exam Chunk 5 (126-155)
                                                                        Brianne Wright
                                                                        Macbeth Quotes To Learn
                                                                        Sophie Brokenshire