Computer Security U10 - Web Security

Nick.Bell2013
Mind Map by Nick.Bell2013, updated more than 1 year ago
Nick.Bell2013
Created by Nick.Bell2013 almost 7 years ago
41
8

Description

Mind Map on Computer Security U10 - Web Security, created by Nick.Bell2013 on 04/28/2013.

Resource summary

Computer Security U10 - Web Security
1 Web basics
1.1 HTTP
1.1.1 HTML
1.1.1.1 URL
1.1.2 TCP/IP protocol
1.1.3 stateless
1.1.4 unprotected
1.2 security issues
1.2.1 C I A
1.2.1.1 availability
2 Web applications
2.1 functionality
2.1.1 server-side
2.1.1.1 SQL Injection attack
2.1.2 client -side
2.2 active content
2.2.1 mobile code
2.2.1.1 attack = "jumping the firewall
2.2.2 safeguards
2.2.2.1 blocking/filtering before execution
2.2.2.1.1 restricting functionality
2.2.2.1.1.1 Sandboxing
2.2.2.1.1.1.1 code signing
2.2.2.1.1.1.1.1 digital signature
2.2.2.1.1.1.1.1.1 assumes fully implemented PKI
2.2.2.1.1.1.2 Java Virtual Machine (JVM)
2.3 trusted sources
2.4 attacks
2.4.1 Parameter injection
2.4.1.1 Cross-site scripting
2.4.1.1.1 File traversals
3 Authentication
3.1 SSL
3.2 SSO
3.2.1 local password storage
3.2.1.1 proprietary, vendor-specific solutions
3.2.1.1.1 centralised approach
3.2.1.1.1.1 federated approach
3.2.2 Library Alliance
3.3 MS Passport
3.3.1 Pros
3.3.1.1 no special s/ware needed
3.3.2 Cons
3.3.2.1 central server = single point of failure
3.3.2.1.1 data mining
4 Privacy
4.1 Web session traces
4.1.1 cookies
4.1.1.1 session management
4.1.1.2 personalised web offers
4.1.1.3 authentication
4.1.2 server logs
4.1.3 cached web pages
5 Transmission security
5.1 Secure Socket Layer (SSL) & Transport Layer Security (TLS)
5.1.1 security services
5.1.1.1 strong authentication
5.1.1.2 integrity
5.1.1.3 confidentiality (encryption)
5.1.2 stops: spoofing eavesdropping manipulation
5.1.3 deployment
5.1.3.1 not a single solution
5.1.3.2 security ends outside tunnel
5.1.3.3 dependent on PKI
6 Browser security
6.1 settings
6.1.1 SSL
6.1.1.1 cookies
6.1.1.1.1 active content
6.1.1.1.1.1 caching
6.1.1.1.1.1.1 passwords
6.1.2 complex/numerous
7 Web services
7.1 idea
7.1.1 services in machine-readable form
7.2 technology
7.2.1 HTTP
7.2.1.1 XML
7.2.1.1.1 SOAP
7.2.1.1.1.1 WSDL
7.2.1.1.1.1.1 UDDI
7.3 security
7.3.1 initiatives
7.3.1.1 add security mechanisms
7.3.1.1.1 web services
7.3.2 issues
7.3.2.1 delegation
7.3.2.1.1 over company borders
7.3.2.1.1.1 transaction
7.3.2.1.1.1.1 end-to-end
7.3.2.1.1.1.1.1 message-level
7.3.2.1.1.1.1.1.1 for open infrastructure
7.3.2.1.1.1.1.1.1.1 between "strangers"
Show full summary Hide full summary

Similar

Certified Information Systems Security Professional (CISSP)
GoAsk Chaz
SSCP Domains
Abdul Issa
Computer Security Potential Flaws
Rob Speirs
transition metals
Ella Wolf
Question Words - GCSE German
lucykatewarman1227
The Elements of Drama
amz.krust
Blood brothers-Context
umber_k
History- Home Front WW1
jessmitchell
Types and Components of Computer Systems
Jess Peason
GCSE CHEMISTRY UNIT 2 STRUCTURE AND BONDING
mustafizk
Unit 1 Chapter 1 Items
Gene G. Dydasco