The login prompt

410 views

Published on

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
410
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

The login prompt

  1. 1. null Delhi Meet, 25th Dec ‘11 Nitin Munjal nitinmunjal@gmail.com
  2. 2.  (Prerequisites) Web attack vectors [Text] Authentication mechanisms [Text] [Demo] Session management [Text] [Demo]
  3. 3.  Eavesdropping Replay attack Online dictionary attack Man in the middle attack Chosen plaintext attack Pre-computed dictionary attack
  4. 4.  HTTP basic authentication  RFC 1945 (Hypertext Transfer Protocol – HTTP/1.0)  RFC 2616 (Hypertext Transfer Protocol – HTTP/1.1)  RFC 2617 (HTTP Authentication: Basic and Digest Access Authentication) Demo and evaluation
  5. 5.  Digest access authentication  RFC 2069 (An Extension to HTTP: Digest Access Authentication) Demo and evaluation
  6. 6.  SSL/TLS authentication  Client / server / mutual authentication  RFC 5246 (The Transport Layer Security (TLS) Protocol Version 1.2) Evaluation
  7. 7.  Cookies  Persistent, non-persistent  Secure, non-secure Session tokens  Session token transmission  Time out  Regeneration of session token  Session token on logout SSL/TLS session
  8. 8.  Credit card authentication  ISO/IEC 7810, ISO/IEC 7811, ISO/IEC 7812, ISO/IEC 7813, ISO 8583, and ISO/IEC 4909 Google’s authentication and session management scheme
  9. 9.  A Guide to Building Secure Web Applications [online] RFC 2617 - HTTP Authentication: Basic and Digest Access Authentication RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2

×