This document provides a summary of key concepts related to web application technologies. It discusses HTTP and HTTP requests/responses, including common headers. It also covers client-side technologies like HTML, CSS, JavaScript, and how they interact with the server via HTTP. On the server-side, it discusses programming languages and frameworks like Java, ASP.NET, PHP, and common databases. It also covers concepts like cookies, sessions, and different encoding schemes used to transmit data.
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms Sam Bowne
Â
This document discusses core defense mechanisms for securing web applications, including limiting user access and input, and administrative monitoring. It covers authentication, session management, access control, input validation techniques like whitelisting and sanitization, boundary validation to divide trusted and untrusted zones, handling errors, maintaining audit logs, alerting administrators, and reacting to attacks. It also notes security risks of management interfaces and importance of securing the entire application, not just the user-facing parts.
The Windows Logging Cheat Sheet is the definitive guide on learning where to start with Windows Logging. How to Enable, Configure, Gather and Harvest events so you can catch a hacker in the act.
SQL injection is a code injection technique, used to attack data-driven applications,
in which malicious SQL statements are inserted into an entry field for execution.
This is a method to attack web applications that have a data repository.The
attacker would send a specially crafted SQL statement that is designed to cause
some malicious action.SQL injection is an attack technique that exploits a security
vulnerability occurring in the database layer of an application and a service. This
is most often found within web pages with dynamic content.
SSL and TLS provide end-to-end security for applications using TCP. They operate at the transport layer and provide services like data encryption, message integrity, and client/server authentication. The key components are the handshake protocol for negotiating encryption parameters and exchanging keys, the record protocol for fragmenting and encrypting application data, and alert and change cipher spec protocols for signaling errors and key changes. Common algorithms include RSA and Diffie-Hellman for key exchange, RC4, 3DES and AES for encryption, and MD5 or SHA for hashing. Sessions define a connection's cryptographic settings while connections are the actual data streams.
The Cordova framework
Recurrent app architecture
Cordova CLI
Debugging Cordova applications
My development environment
Cordova APIs
This presentation has been developed in the context of the Mobile Applications Development course, DISIM, University of L'Aquila (Italy), Spring 2014.
http://www.ivanomalavolta.com
Talk about how to design code that helps one to avoid some of the issues identified on OWASP top 10. Domain Driven Security is one of the main tools to achieve this.
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms Sam Bowne
Â
This document discusses core defense mechanisms for securing web applications, including limiting user access and input, and administrative monitoring. It covers authentication, session management, access control, input validation techniques like whitelisting and sanitization, boundary validation to divide trusted and untrusted zones, handling errors, maintaining audit logs, alerting administrators, and reacting to attacks. It also notes security risks of management interfaces and importance of securing the entire application, not just the user-facing parts.
The Windows Logging Cheat Sheet is the definitive guide on learning where to start with Windows Logging. How to Enable, Configure, Gather and Harvest events so you can catch a hacker in the act.
SQL injection is a code injection technique, used to attack data-driven applications,
in which malicious SQL statements are inserted into an entry field for execution.
This is a method to attack web applications that have a data repository.The
attacker would send a specially crafted SQL statement that is designed to cause
some malicious action.SQL injection is an attack technique that exploits a security
vulnerability occurring in the database layer of an application and a service. This
is most often found within web pages with dynamic content.
SSL and TLS provide end-to-end security for applications using TCP. They operate at the transport layer and provide services like data encryption, message integrity, and client/server authentication. The key components are the handshake protocol for negotiating encryption parameters and exchanging keys, the record protocol for fragmenting and encrypting application data, and alert and change cipher spec protocols for signaling errors and key changes. Common algorithms include RSA and Diffie-Hellman for key exchange, RC4, 3DES and AES for encryption, and MD5 or SHA for hashing. Sessions define a connection's cryptographic settings while connections are the actual data streams.
The Cordova framework
Recurrent app architecture
Cordova CLI
Debugging Cordova applications
My development environment
Cordova APIs
This presentation has been developed in the context of the Mobile Applications Development course, DISIM, University of L'Aquila (Italy), Spring 2014.
http://www.ivanomalavolta.com
Talk about how to design code that helps one to avoid some of the issues identified on OWASP top 10. Domain Driven Security is one of the main tools to achieve this.
The document discusses CRLF injection and SSRF vulnerabilities. CRLF injection occurs when user input is directly parsed into response headers without sanitization, allowing special characters to be injected. SSRF is when a server is induced to make HTTP requests to domains of an attacker's choosing, potentially escalating access. Mitigations include sanitizing user input, implementing whitelists for allowed domains/protocols, and input validation.
Checkmarx meetup API Security - API Security top 10 - Erez YalonAdar Weidman
Â
The document summarizes API security topics presented by Erez Yalon at a Checkmarx Meetup event. Yalon discusses how API-based applications are different from traditional apps and deserve their own security focus. He outlines the OWASP API Security Project and the proposed API Security Top 10 risks, including broken object level authorization, excessive data exposure, lack of resources/rate limiting, and improper asset management. Yalon calls for community contributions to further develop the Top 10 and other API security resources.
Secure web programming plus end users' awareness are the last line of defense against attacks targeted at the corporate systems, particularly web applications, in the era of world-wide web.
Most web application attacks occur through Cross Site Scripting (XSS), and SQL Injection. On the other hand, most web application vulnerabilities arise from weak coding with failure to properly validate users' input, and failure to properly sanitize output while displaying the data to the visitors.
The literature also confirms the following web application weaknesses in 2010: 26% improper output handling, 22% improper input handling, and 15% insufficient authentication, and others.
Abdul Rahman Sherzad, lecturer at Computer Science Faculty of Herat University, and Ph.D. student at Technical University of Berlin gave a presentation at 12th IT conference on Higher Education for Afghanistan in MoHE, and then conducted a seminar at Hariwa Institute of Higher Education in Herat, Afghanistan introducing web application security threats by demonstrating the security problems that exist in corporate systems with a strong emphasis on secure development. Major security vulnerabilities, secure design and coding best practices when designing and developing web-based applications were covered.
The main objective of the presentation was raising awareness about the problems that might occur in web-application systems, as well as secure coding practices and principles. The presentation's aims were to build security awareness for web applications, to discuss the threat landscape and the controls users should use during the software development lifecycle, to introduce attack methods, to discuss approaches for discovering security vulnerabilities, and finally to discuss the basics of secure web development techniques and principles.
HTTP Request Header and HTTP Status CodeAbhishek L.R
Â
This document provides information about HTTP and HTTPS request headers and status codes. It defines HTTP and HTTPS, describing HTTPS as HTTP plus cryptographic protocols for security. It lists some important HTTP request headers and their descriptions, as well as HTTPS status codes grouped into classes: informational (1xx), successful (2xx), redirects (3xx), client errors (4xx), and server errors (5xx). Each status code class is summarized with example response codes and descriptions.
Nmap is a network exploration tool that collects information about target hosts including open ports, services, OS detection, and running scripts. It offers various host discovery techniques like ICMP ping, TCP and UDP ping to find active systems on the network. Once hosts are identified, nmap performs port scanning using TCP SYN, ACK, and UDP scans to determine open and closed ports. It can also detect services, versions, and OS on each host. Nmap scripts provide additional information gathering capabilities for vulnerabilities and exploits.
Stormpath .NET Developer Evangelist, Nate Barbettini, presents Token Authentication with ASP.NET Core. Nate will explain how Token Authentication can be used to secure web applications built with ASP.NET Core, REST APIs, and 'unsafe' clients while supporting security best practices and even improving performance and scale.
Brute force attacks try a large number of password combinations to gain unauthorized access to a system. For a 2 character password, there are 3,844 possible guesses using letters, numbers, and case variations. While brute force attacks have a high chance of success due to trying many options, they are also hardware intensive and can take a long time. To prevent brute force cracking, users should make long, random passwords using a variety of characters that are not based on personal details.
CNIT 129S: 9: Attacking Data Stores (Part 1 of 2)Sam Bowne
Â
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/129S/129S_F16.shtml
The document discusses various anti-disassembly techniques used by malware authors to obscure disassembly and prevent automated analysis. These include using jump instructions to trick linear disassemblers into the wrong offset, abusing return pointers and structured exception handlers, and misleading analysis of stack frames. Flow-oriented disassembly is more robust but can still be confused by techniques like impossible disassembly combinations and obscuring true flow control. Manual cleanup in a tool like IDA Pro is often needed to recover the correct disassembly.
This document introduces REST APIs and provides best practices for designing them. It defines REST as a network API that uses HTTP and URIs but has few strict rules. It recommends using HTTP verbs like GET, POST, PUT and DELETE to perform CRUD operations on resources. It also provides guidance on API design practices like versioning, error handling, authentication and documentation.
OllyDbg is a free debugger that can be used to analyze malware. It was originally developed over a decade ago for cracking software but is now widely used for malware analysis and exploit development. OllyDbg allows users to load EXEs and DLLs directly or attach to running processes to debug malware. It provides useful interfaces like a disassembler, register and memory views. OllyDbg also supports setting various breakpoints, calling functions, modifying data, and tracing program execution which helps analysts understand malware behavior.
This document provides an overview of firewall concepts including:
- Learning objectives around firewall types, functions, and deployment of policies.
- The basic types of firewalls: packet filtering, stateful packet inspection, application proxies, and hybrids.
- Details on packet filtering firewalls including pros, cons, and how they examine packets.
- Pros and cons of application proxies.
- Background on OSI and TCP/IP models, the three-way TCP handshake, common ports/services, and the STRIDE threat model.
- How to respond to threats and build a firewall port matrix.
- An introduction to iptables and examples of basic packet filtering rules.
- An overview of the network scanning
Web application attacks can take many forms, including cross-site scripting (XSS), SQL injection, parameter tampering, command injection, session management issues, cookie poisoning, directory traversal, cross-site request forgery, and buffer overflows. XSS is a vulnerability that allows malicious JavaScript code to be injected and run in a user's browser, potentially accessing data. SQL injection involves inserting SQL commands into a database query to gain unauthorized access. Parameter tampering modifies URL parameters to change expected behavior.
Fileless malware infections are possible without dropping files by storing malicious code in non-file locations or executing it remotely from memory. A fileless pentest operation should aim to infect systems without files, install fileless backdoors, and achieve fileless persistence using small artifacts hidden in the registry, alternate data streams, environment variables or other unconventional locations. Real world examples of fileless malware include worms that spread entirely in memory as well as advanced persistent threats that used techniques like Windows Management Instrumentation events and process hollowing to avoid writing to disk.
These slides guides you through the tools and techniques one can use for footprinting websites or people.You will find amazing tools and techniques have a look
Building microservices sample applicationAnil Allewar
Â
The slides provide details on how to build the sample Microservices application that covers the whole distributed system paradigm.
Please refer to the introduction to Microservices before following the contents in this slide
https://www.slideshare.net/anilallewar/introduction-to-microservices-78270318
Cookies are used to maintain state in HTTP, which is a stateless protocol. Cookies are small pieces of data stored in a user's browser by a website. They help identify users and customize web pages for that user. There are different types of cookies like session cookies, persistent cookies, and third-party cookies. Cookies can store information to remember items in a shopping cart, login credentials, and browsing preferences. However, cookies also present security and privacy risks if not properly implemented.
A Brute Force Attack is the simplest method to gain access to a site or server (or anything that is password protected). It tries various combinations of usernames and passwords until it gets in. This repetitive action is like an army attacking a fort.
Name-based virtual hosting allows multiple websites to be hosted on a single server using a single IP address. To set this up, Apache must first be installed on the system. Virtual host files are then created for each domain and enabled in Apache's configuration. The host files on local and remote systems must also be edited to resolve website names to the server's IP address. Potential issues that could arise include problems with network interfaces, updating, installing Apache, or restarting Apache when hosting multiple sites.
CNIT 129S - Ch 3: Web Application TechnologiesSam Bowne
Â
For a college course at CCSF taught by Sam Bowne.
https://samsclass.info/129S/129S_S18.shtml
Based on "The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 2nd Edition", by Dafydd Stuttard , Marcus Pinto; ISBN-10: 1118026470
CNIT 129S: Ch 3: Web Application TechnologiesSam Bowne
Â
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed.
Teacher: Sam Bowne
Website: https://samsclass.info/129S/129S_F16.shtml
The document discusses CRLF injection and SSRF vulnerabilities. CRLF injection occurs when user input is directly parsed into response headers without sanitization, allowing special characters to be injected. SSRF is when a server is induced to make HTTP requests to domains of an attacker's choosing, potentially escalating access. Mitigations include sanitizing user input, implementing whitelists for allowed domains/protocols, and input validation.
Checkmarx meetup API Security - API Security top 10 - Erez YalonAdar Weidman
Â
The document summarizes API security topics presented by Erez Yalon at a Checkmarx Meetup event. Yalon discusses how API-based applications are different from traditional apps and deserve their own security focus. He outlines the OWASP API Security Project and the proposed API Security Top 10 risks, including broken object level authorization, excessive data exposure, lack of resources/rate limiting, and improper asset management. Yalon calls for community contributions to further develop the Top 10 and other API security resources.
Secure web programming plus end users' awareness are the last line of defense against attacks targeted at the corporate systems, particularly web applications, in the era of world-wide web.
Most web application attacks occur through Cross Site Scripting (XSS), and SQL Injection. On the other hand, most web application vulnerabilities arise from weak coding with failure to properly validate users' input, and failure to properly sanitize output while displaying the data to the visitors.
The literature also confirms the following web application weaknesses in 2010: 26% improper output handling, 22% improper input handling, and 15% insufficient authentication, and others.
Abdul Rahman Sherzad, lecturer at Computer Science Faculty of Herat University, and Ph.D. student at Technical University of Berlin gave a presentation at 12th IT conference on Higher Education for Afghanistan in MoHE, and then conducted a seminar at Hariwa Institute of Higher Education in Herat, Afghanistan introducing web application security threats by demonstrating the security problems that exist in corporate systems with a strong emphasis on secure development. Major security vulnerabilities, secure design and coding best practices when designing and developing web-based applications were covered.
The main objective of the presentation was raising awareness about the problems that might occur in web-application systems, as well as secure coding practices and principles. The presentation's aims were to build security awareness for web applications, to discuss the threat landscape and the controls users should use during the software development lifecycle, to introduce attack methods, to discuss approaches for discovering security vulnerabilities, and finally to discuss the basics of secure web development techniques and principles.
HTTP Request Header and HTTP Status CodeAbhishek L.R
Â
This document provides information about HTTP and HTTPS request headers and status codes. It defines HTTP and HTTPS, describing HTTPS as HTTP plus cryptographic protocols for security. It lists some important HTTP request headers and their descriptions, as well as HTTPS status codes grouped into classes: informational (1xx), successful (2xx), redirects (3xx), client errors (4xx), and server errors (5xx). Each status code class is summarized with example response codes and descriptions.
Nmap is a network exploration tool that collects information about target hosts including open ports, services, OS detection, and running scripts. It offers various host discovery techniques like ICMP ping, TCP and UDP ping to find active systems on the network. Once hosts are identified, nmap performs port scanning using TCP SYN, ACK, and UDP scans to determine open and closed ports. It can also detect services, versions, and OS on each host. Nmap scripts provide additional information gathering capabilities for vulnerabilities and exploits.
Stormpath .NET Developer Evangelist, Nate Barbettini, presents Token Authentication with ASP.NET Core. Nate will explain how Token Authentication can be used to secure web applications built with ASP.NET Core, REST APIs, and 'unsafe' clients while supporting security best practices and even improving performance and scale.
Brute force attacks try a large number of password combinations to gain unauthorized access to a system. For a 2 character password, there are 3,844 possible guesses using letters, numbers, and case variations. While brute force attacks have a high chance of success due to trying many options, they are also hardware intensive and can take a long time. To prevent brute force cracking, users should make long, random passwords using a variety of characters that are not based on personal details.
CNIT 129S: 9: Attacking Data Stores (Part 1 of 2)Sam Bowne
Â
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/129S/129S_F16.shtml
The document discusses various anti-disassembly techniques used by malware authors to obscure disassembly and prevent automated analysis. These include using jump instructions to trick linear disassemblers into the wrong offset, abusing return pointers and structured exception handlers, and misleading analysis of stack frames. Flow-oriented disassembly is more robust but can still be confused by techniques like impossible disassembly combinations and obscuring true flow control. Manual cleanup in a tool like IDA Pro is often needed to recover the correct disassembly.
This document introduces REST APIs and provides best practices for designing them. It defines REST as a network API that uses HTTP and URIs but has few strict rules. It recommends using HTTP verbs like GET, POST, PUT and DELETE to perform CRUD operations on resources. It also provides guidance on API design practices like versioning, error handling, authentication and documentation.
OllyDbg is a free debugger that can be used to analyze malware. It was originally developed over a decade ago for cracking software but is now widely used for malware analysis and exploit development. OllyDbg allows users to load EXEs and DLLs directly or attach to running processes to debug malware. It provides useful interfaces like a disassembler, register and memory views. OllyDbg also supports setting various breakpoints, calling functions, modifying data, and tracing program execution which helps analysts understand malware behavior.
This document provides an overview of firewall concepts including:
- Learning objectives around firewall types, functions, and deployment of policies.
- The basic types of firewalls: packet filtering, stateful packet inspection, application proxies, and hybrids.
- Details on packet filtering firewalls including pros, cons, and how they examine packets.
- Pros and cons of application proxies.
- Background on OSI and TCP/IP models, the three-way TCP handshake, common ports/services, and the STRIDE threat model.
- How to respond to threats and build a firewall port matrix.
- An introduction to iptables and examples of basic packet filtering rules.
- An overview of the network scanning
Web application attacks can take many forms, including cross-site scripting (XSS), SQL injection, parameter tampering, command injection, session management issues, cookie poisoning, directory traversal, cross-site request forgery, and buffer overflows. XSS is a vulnerability that allows malicious JavaScript code to be injected and run in a user's browser, potentially accessing data. SQL injection involves inserting SQL commands into a database query to gain unauthorized access. Parameter tampering modifies URL parameters to change expected behavior.
Fileless malware infections are possible without dropping files by storing malicious code in non-file locations or executing it remotely from memory. A fileless pentest operation should aim to infect systems without files, install fileless backdoors, and achieve fileless persistence using small artifacts hidden in the registry, alternate data streams, environment variables or other unconventional locations. Real world examples of fileless malware include worms that spread entirely in memory as well as advanced persistent threats that used techniques like Windows Management Instrumentation events and process hollowing to avoid writing to disk.
These slides guides you through the tools and techniques one can use for footprinting websites or people.You will find amazing tools and techniques have a look
Building microservices sample applicationAnil Allewar
Â
The slides provide details on how to build the sample Microservices application that covers the whole distributed system paradigm.
Please refer to the introduction to Microservices before following the contents in this slide
https://www.slideshare.net/anilallewar/introduction-to-microservices-78270318
Cookies are used to maintain state in HTTP, which is a stateless protocol. Cookies are small pieces of data stored in a user's browser by a website. They help identify users and customize web pages for that user. There are different types of cookies like session cookies, persistent cookies, and third-party cookies. Cookies can store information to remember items in a shopping cart, login credentials, and browsing preferences. However, cookies also present security and privacy risks if not properly implemented.
A Brute Force Attack is the simplest method to gain access to a site or server (or anything that is password protected). It tries various combinations of usernames and passwords until it gets in. This repetitive action is like an army attacking a fort.
Name-based virtual hosting allows multiple websites to be hosted on a single server using a single IP address. To set this up, Apache must first be installed on the system. Virtual host files are then created for each domain and enabled in Apache's configuration. The host files on local and remote systems must also be edited to resolve website names to the server's IP address. Potential issues that could arise include problems with network interfaces, updating, installing Apache, or restarting Apache when hosting multiple sites.
CNIT 129S - Ch 3: Web Application TechnologiesSam Bowne
Â
For a college course at CCSF taught by Sam Bowne.
https://samsclass.info/129S/129S_S18.shtml
Based on "The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 2nd Edition", by Dafydd Stuttard , Marcus Pinto; ISBN-10: 1118026470
CNIT 129S: Ch 3: Web Application TechnologiesSam Bowne
Â
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed.
Teacher: Sam Bowne
Website: https://samsclass.info/129S/129S_F16.shtml
The document provides an introduction to basic web technologies including URIs, HTTP, HTML, CSS, and JavaScript. It discusses how web pages are built using HTML elements and tags to provide structure, CSS for styling, and JavaScript for client-side interactivity. URIs and HTTP are used to identify and transfer web resources, with HTTP methods like GET and POST determining the type of request. JSON and JavaScript APIs allow dynamic client-server communication.
HTTP is an application layer protocol used to transfer web pages from a web server to a web client like a browser. It uses URLs to identify resources on the web. A URL contains the protocol, host, port, path, parameters, and anchor to uniquely identify a resource. Common elements of a URL include the http protocol, domain name or IP as the host, optional port 80, file path, query parameters, and anchor within a page. HTTP allows rapid transfer of text, images, audio, video and other data between servers and clients.
The document discusses the evolution of the web platform and browser security. It covers the basic technologies that underlie the web like HTML, CSS, JavaScript, and HTTP. It describes how these technologies work together to deliver content to users and allow for client-side interactivity. Key elements covered include HTML elements and tags, how CSS and JavaScript are used in web pages, JSON for data formatting, URIs for resource identification, the HTTP request/response protocol, and common HTTP methods and headers.
This document provides an overview of the World Wide Web (WWW) and the Hypertext Transfer Protocol (HTTP). It discusses the architecture of the WWW including web clients, servers, and documents. It describes the Uniform Resource Locator (URL) format and explains static, dynamic, and active web documents. The document then focuses on HTTP, describing request and response message formats, methods, status codes, headers, cookies, caching with proxy servers, and HTTP security with SSL.
A browser allows users to view and interact with resources on the World Wide Web. It displays HTML pages and other web content by making HTTP requests and rendering the responses. Key components of a browser include a user interface, layout engine, rendering engine, JavaScript interpreter, and networking components. When a user enters a URL, the browser looks up the IP address and sends HTTP requests to retrieve and display the requested content, including linked resources. Common browser features include back/forward buttons, an address bar, and the ability to view page source. Browsers support privacy/security functions and web standards.
The document provides guidelines and best practices for designing RESTful APIs, including:
- Using JSON over XML and making the API stateless and secure.
- Following conventions for HTTP verbs and status codes.
- Keeping data structures consistent and handling data with modern frameworks.
- Providing comprehensive documentation for data types, methods, and samples.
Covers topics like RestApi, Authentication, Authorization, Cacheability, Advantage of RestApi over SOAP and some basics regarding Open Data Protocol(OData).
This document provides an overview of web servers and introduces Microsoft Internet Information Services (IIS) and the Apache web server. It discusses how HTTP transactions work when a client requests a document from a web server using a URL. The document also describes multitier application architecture with different tiers for the client, business logic/presentation logic, and data. It compares client-side scripting, which runs in the browser, versus server-side scripting, which runs on the web server. Finally, it discusses how to access local and remote web servers.
Module 5 Application and presentation Layer .pptxAASTHAJAJOO
Â
The document discusses the application and presentation layers of the OSI model. It provides details on:
- The application layer protocols like HTTP, FTP, email and how they use the transport layer protocols TCP and UDP.
- The traditional client-server and new peer-to-peer paradigms used at the application layer.
- How the HTTP protocol works for the world wide web including URL structure, static/dynamic web documents, browser and server functions.
- The key components and functioning of specific application layer protocols - FTP for file transfer and email for electronic mail exchange.
Using Communication and Messaging API in the HTML5 WorldGil Fink
Â
This document discusses HTML5 communication and messaging APIs, including cross-document messaging, CORS, server-sent events, and web sockets. Cross-document messaging allows sending messages between windows using postMessage. CORS enables cross-domain requests if responses include access control headers. Server-sent events allow push data from servers to clients. Web sockets provide bidirectional communications over a single TCP connection. The session explored examples of these APIs and their browser support.
The document discusses web servers and their architecture. It begins by defining a web server as specialized software that responds to client requests from web browsers. It then describes the common three-tier architecture of web applications with tiers for the client interface, middle application logic, and database information. The document focuses on how web servers use HTTP to communicate with clients through a request-response protocol and provides examples of GET and POST requests. It also discusses leading web servers like Apache, IIS, and others as well as factors to consider when selecting a web server.
Introduce the Java Enterprise (J2EE) model
Present the Hypertext Markup Language (HTML) tags
Present the Hypertext Transmission Protocol (HTTP)
Define an HTTP client request, server response, and HTTP request methods
The document provides an overview of the Web Client Model and HTTP requests and responses. It discusses:
1) The J2EE model and how servlets and JSPs are used.
2) HTML tags like forms, inputs, and selects that are used to collect data from users.
3) How HTTP is used to transfer data, including the different request methods like GET, POST, PUT, and how requests and responses are structured with a start line, headers, and body.
HTTP is the protocol that powers the web. It uses a request-response model where clients make requests that are met with responses from servers. Requests use methods like GET and POST and include URIs to identify resources. Responses include status codes like 200 for success and 404 for not found. HTTP is stateless but cookies can provide statefulness. HTTPS adds encryption with SSL/TLS to provide security for HTTP communications.
This document provides an overview of web servers and how they work. It discusses how web servers use HTTP to respond to client requests by serving resources like web pages. It introduces the client-server model and how web servers map URLs to files on their network. It also covers multi-tier application architecture with separate tiers for data, business logic, and the user interface. Key concepts explained include HTTP transactions, GET and POST requests, client-side versus server-side scripting, and accessing web servers. Figures and examples are provided to illustrate these topics.
Server-side programming with Java servlets allows dynamic web content generation. Servlets extend the capabilities of web servers by responding to incoming requests. A servlet is a Java class that implements the servlet interface. It handles HTTP requests and responses by overriding methods like doGet() and doPost(). Servlets provide better performance than CGI by using threads instead of processes to handle requests. They also offer portability, robustness, and security due to being implemented in Java. Sessions allow servlets to maintain state across multiple requests from the same user by utilizing session IDs stored in cookies.
Server-side programming with Java servlets allows dynamic web content generation. A servlet is a Java class that extends HTTP servlet functionality. It handles HTTP requests and responses by overriding methods like doGet() and doPost(). Servlets offer benefits over older CGI technologies like improved performance through multithreading and portability through the Java programming language. Servlets communicate with clients via HTTP request and response objects, and can establish sessions to identify users across multiple requests.
The document discusses Java servlets and server-side programming. It defines servlets as Java programs that extend the capabilities of web servers. Servlets can respond dynamically to web requests and are used to create dynamic web content. The document outlines the servlet lifecycle and how servlets handle HTTP requests and responses through request and response objects. It also discusses advantages of servlets like performance and portability compared to older CGI technologies.
Similar to Ch 3: Web Application Technologies (20)
The document discusses various topics related to cyberwar including Mastodon, Lockheed-Martin's kill chain model, and Mitre's ATT&CK framework. It notes that China, Russia, Iran, and North Korea pose major cyber threats according to the FBI and CISA. China is described as the broadest cyber espionage threat. Russia conducts destructive malware and ransomware operations. Iran's growing cyber expertise makes it a threat. North Korea's program poses an espionage, cybercrime, and attack threat and continues cryptocurrency heists.
- DNS vulnerabilities can arise from configuration errors, architecture mistakes, vulnerable software implementations, protocol weaknesses, and failure to use security extensions.
- Common mistakes include single points of failure, exposure of internal information, leakage of internal queries, unnecessary recursiveness, failure to restrict access, and unprotected zone transfers.
- Software vulnerabilities have included buffer overflows and flaws in randomization of source ports, transaction IDs, and domain name ordering that enable cache poisoning and man-in-the-middle attacks.
This chapter discusses software development security. It covers topics like programming concepts, compilers and interpreters, procedural vs object-oriented languages, application development methods like waterfall vs agile models, databases, object-oriented design, assessing software vulnerabilities, and artificial intelligence techniques. The key aspects are securing the entire software development lifecycle from initial planning through operation and disposal, using secure coding practices, testing for vulnerabilities, and continually improving processes.
This document discusses attacking iOS applications by exploiting vulnerabilities in the iOS runtime, interprocess communication, and through injection attacks. Specifically, it covers instrumenting the iOS runtime using method swizzling, attacking applications using interprocess communication techniques like application extensions, and exploiting entry points like UIWebViews, client-side data stores, and file handling routines to perform injection attacks on iOS apps.
This document provides an overview of elliptic curve cryptography including what an elliptic curve is, the elliptic curve discrete logarithm problem (ECDLP), Diffie-Hellman key agreement and digital signatures using elliptic curves. It discusses NIST standard curves like P-256 and Curve25519 as well as choosing appropriate curves and potential issues like attacks if randomness is not properly implemented or an invalid curve is used.
The document discusses the Diffie-Hellman key exchange protocol. It describes how Diffie-Hellman works by having two parties agree on a shared secret over an insecure channel without transmitting the secret itself. It also covers potential issues like using proper cryptographic techniques to derive keys from the shared secret and using safe prime numbers to prevent attacks.
This document provides an overview of analyzing iOS apps, including jailbreaking mobile devices. It discusses iOS security features like code signing and sandboxing. It explains how to set up a test environment for analyzing apps by jailbreaking a device and using Unix tools. Key files like property lists and databases that can be explored are also outlined.
This document discusses various techniques for writing secure Android apps, including minimizing unnecessary permissions and exposure, securing data storage and communication, and making apps difficult to reverse engineer. It provides examples of implementing essential security mechanisms like permission protection and securing activities, content providers, and web views. It also covers more advanced techniques such as protection level downgrades, obfuscation, and tamper detection.
12 Investigating Windows Systems (Part 2 of 3)Sam Bowne
Â
The document discusses investigating Windows systems by analyzing the Windows Registry. It describes the purpose and structure of the Registry, including the main hive files and user-specific hives. It provides an overview of important Registry keys that can contain forensic artifacts, such as system configuration keys, network information keys, user and security information keys, and auto-run keys that can indicate malware persistence. Specific Registry keys and values are highlighted that are most useful for analyzing evidence on a compromised system, including ShellBags, UserAssist, MRU lists, and Internet Explorer TypedURLs and TypedPaths. Tools for Registry analysis like RegRipper, AutoRuns, and Nirsoft utilities are also mentioned.
This document provides an overview of the RSA cryptosystem. It begins with the mathematical foundations of RSA, including the group ZN* and Euler's totient function. It then covers the RSA trapdoor permutation using modular exponentiation and key generation. The document discusses encrypting and signing with RSA, as well as implementations using libraries and algorithms like square-and-multiply. It concludes with topics like side-channel attacks, optimizations for speed, and ways implementations can fail like the Bellcore attack on RSA-CRT.
12 Investigating Windows Systems (Part 1 of 3Sam Bowne
Â
This document provides an overview of analyzing the Windows file system, NTFS metadata, and logs to investigate security incidents and recover deleted files. It discusses the Master File Table (MFT) structure, timestamps, alternate data streams, prefetch files, event logs, and scheduled tasks. The MFT stores file metadata including attributes, timestamps, and data runs. File deletion only marks the MFT entry inactive, allowing recovery of deleted file contents and metadata. Event and security logs can reveal lateral movement and suspicious processes. Prefetch files indicate program execution history. Scheduled tasks configure automated programs through .job files logged by Task Scheduler.
This document discusses computational hardness and complexity classes related to cryptography. It covers the computational complexity of problems like factoring large numbers and the discrete logarithm problem. These problems are assumed to be hard, even for quantum computers, and form the basis for cryptographic techniques. The document also discusses how cryptography could be broken if faster algorithms were found for these problems or if the key sizes used were too small.
This document discusses exploiting vulnerabilities in Android devices. It covers identifying pre-installed apps that could provide access, techniques for remotely or locally exploiting devices, and the different privilege levels an attacker may obtain including non-system app access, installed package access, ADB shell access, system user access, and root user access. Specific exploitation techniques mentioned include exploiting update mechanisms, remote code loading, webviews, listening services, and messaging apps. Tools discussed include Drozer, Ettercap, and Burp.
This document provides an overview of the incident response analysis methodology process. It discusses defining objectives, understanding the situation and available resources, identifying leadership, avoiding impossible tasks like proving a negative, asking why to define scope, knowing where data is stored, accessing raw data, selecting analysis methods like searching for malware or using tools like VirusTotal, manual review, filtering data, statistical analysis using tools like Sawmill, string searching, analyzing unallocated space, and file carving. It stresses periodically evaluating results to ensure progress and only making definitive statements if supported by evidence.
This document discusses authenticated encryption, which both encrypts messages and authenticates them with a tag. It covers several authenticated encryption schemes:
1. Authenticated Encryption with Associated Data (AEAD) which encrypts a plaintext and authenticates additional associated data with a tag.
2. AES-GCM, the standard authenticated cipher, which uses AES in Galois/Counter Mode. It has two layers - encryption then authentication.
3. OCB, faster than GCM but limited by licensing. It blends encryption and authentication into one layer.
4. SIV, considered the safest as it is secure even if nonces are reused, but it is not streamable.
This document summarizes part 2 of a course on attacking Android applications. It discusses how application components like activities and services can be exploited if not properly protected. Specific vulnerabilities in the Sieve password manager application are demonstrated, including insecure content providers, SQL injection, and an insecure file-backed content provider. The document also covers how services and broadcast receivers can be abused if not protected correctly.
This document discusses attacking Android applications through their components. It covers exploiting vulnerabilities in an app's security model, intercepting communications, and compromising application containers or internet servers that apps rely on. Specific attacks examined include bypassing the lock screen, tapjacking, accessing private app data through recently used screenshots, and changing a PIN without knowing the old one using fragment injection. The document provides examples of how to interact with an app's activities, services, content providers and permissions through intents and other techniques.
The document discusses stream ciphers and how they can be implemented in either hardware or software. It describes how stream ciphers work by generating a pseudorandom bitstream from a key and nonce that is XOR'd with the plaintext. Hardware-oriented stream ciphers were initially more efficient to implement than block ciphers using dedicated circuits like LFSRs. However, LFSR-based designs are insecure and modern software-oriented stream ciphers like Salsa20 are more efficient on CPUs. The document cautions that stream ciphers can be broken if the key and nonce are reused or if there are flaws in the implementation.
Live data collection on Windows systems can be done using prebuilt kits like Mandiant Redline or Velociraptor, by creating your own scripted toolkit using built-in and free tools to collect processes, network connections, system logs and other volatile data, while following best practices like testing your methods first and being cautious of malware on investigated systems.
A Free 200-Page eBook ~ Brain and Mind Exercise.pptxOH TEIK BIN
Â
(A Free eBook comprising 3 Sets of Presentation of a selection of Puzzles, Brain Teasers and Thinking Problems to exercise both the mind and the Right and Left Brain. To help keep the mind and brain fit and healthy. Good for both the young and old alike.
Answers are given for all the puzzles and problems.)
With Metta,
Bro. Oh Teik Bin 🙏🤓🤔🥰
How Barcodes Can Be Leveraged Within Odoo 17Celine George
Â
In this presentation, we will explore how barcodes can be leveraged within Odoo 17 to streamline our manufacturing processes. We will cover the configuration steps, how to utilize barcodes in different manufacturing scenarios, and the overall benefits of implementing this technology.
A Visual Guide to 1 Samuel | A Tale of Two HeartsSteve Thomason
Â
These slides walk through the story of 1 Samuel. Samuel is the last judge of Israel. The people reject God and want a king. Saul is anointed as the first king, but he is not a good king. David, the shepherd boy is anointed and Saul is envious of him. David shows honor while Saul continues to self destruct.
Gender and Mental Health - Counselling and Family Therapy Applications and In...PsychoTech Services
Â
A proprietary approach developed by bringing together the best of learning theories from Psychology, design principles from the world of visualization, and pedagogical methods from over a decade of training experience, that enables you to: Learn better, faster!
Temple of Asclepius in Thrace. Excavation resultsKrassimira Luka
Â
The temple and the sanctuary around were dedicated to Asklepios Zmidrenus. This name has been known since 1875 when an inscription dedicated to him was discovered in Rome. The inscription is dated in 227 AD and was left by soldiers originating from the city of Philippopolis (modern Plovdiv).
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.pptHenry Hollis
Â
The History of NZ 1870-1900.
Making of a Nation.
From the NZ Wars to Liberals,
Richard Seddon, George Grey,
Social Laboratory, New Zealand,
Confiscations, Kotahitanga, Kingitanga, Parliament, Suffrage, Repudiation, Economic Change, Agriculture, Gold Mining, Timber, Flax, Sheep, Dairying,
How to Manage Reception Report in Odoo 17Celine George
Â
A business may deal with both sales and purchases occasionally. They buy things from vendors and then sell them to their customers. Such dealings can be confusing at times. Because multiple clients may inquire about the same product at the same time, after purchasing those products, customers must be assigned to them. Odoo has a tool called Reception Report that can be used to complete this assignment. By enabling this, a reception report comes automatically after confirming a receipt, from which we can assign products to orders.
3. Hypertext Transfer Protocol
(HTTP)
• Connectionless protoco
l
• Client sends an HTTP request to a Web
serve
r
• Gets an HTTP respons
e
• No session formed, nothing
remembered--no "state"
4. HTTP Requests
• Verb: GET (also called "method"
)
• URL: /css?family=Roboto:400,70
0
• Portion after ? is the query string containing
parameter
s
• Version: HTTP/1.1
5. HTTP Requests
• Referer: URL the request originated fro
m
• User-Agent: browser being use
d
• Host: Hostname of the serve
r
• Essential when multiple hosts run on the same I
P
• Required in HTTP/1.1
7. HTTP Response
• First lin
e
• HTTP versio
n
• Status code (200 in this case
)
• Textual "reason phrase" describing the respons
e
• Ignored by browser
8. HTTP Response
• Server: banner of server softwar
e
• Not always accurat
e
• Set-Cookie used to set cookie values
9. HTTP Response
• Pragma: tells browser not to store
response in its cach
e
• Expires: set to a date in the past to ensure
that the content is freshly loaded
10. HTTP Response
• Message Body after header contains data
of type speci
fi
ed in Content-Type header
11. HTTP Methods: GET
• GET retrieves resource
s
• Can send parameters in the URL query strin
g
• Users can bookmark the whole UR
L
• Whole URL may appear in server logs and in
Referer header
s
• Also on the browser's scree
n
• Don't put sensitive information in the query
string
12. HTTP Methods: POST
• POST performs action
s
• Request parameters can be in URL query string
and in the body of the messag
e
• Parameters in body aren't saved in
bookmarks or most server log
s
• A better place for sensitive data
13. HTTP Methods: POST
• POST requests perform actions, like buying
somethin
g
• Clicking the browser's Back button displays a
box like this
14. Other HTTP Methods
• HEAD returns only the header, not the bod
y
• Can be used to check if a resource is
available before GETing i
t
• OPTIONS shows allowed method
s
• PUT uploads to server (usually disabled)
15. URL (Uniform Resource
Locator)
• If protocol is absent, it defaults to HTT
P
• If port is absent, it uses the default port for the
protoco
l
• 80 for HTTP, 443 for HTTPS, etc.
22. Cookies
• Cookies are resubmitted in each request to the
same domain
• Unlike other request parameters, such as the
query string
23. Set-Cookie Header
• Optional attribute
s
• expires - date when the cookie stops being
vali
d
• If absent, cookie is used only in the current
browser sessio
n
• domain - speci
fi
ed domain for which cookie is
vali
d
• Must be the same or a parent of the domain
from which the cookie is receive
d
• "Same-Origin Policy"
24. Set-Cookie Header
• Optional attribute
s
• path - URL path for which the cookie is vali
d
• secure - transmit cookie only via HTTP
S
• HttpOnly - Cookie cannot be directly accessed
via client-side JavaScript
26. Important Status Codes
• 200 OK - request succeeded, response body
contains resul
t
• 301 Moved Permanently - redirects the browser,
client should use new URL in the futur
e
• 302 Found - redirects browser temporarily.
Client should revert to original URL in
subsequent requests
27. Important Status Codes
• 304 Not Modi
fi
ed - browser should use cached
copy of resourc
e
• 400 Bad Request - invalid HTTP reques
t
• 401 Unauthorized - Server requires HTTP
authentication.
• WWW-Authenticate header speci
fi
es the
type(s) of authentication supported
28. Important Status Codes
• 403 Forbidden - no one is allowed to access
resource, regardless of authenticatio
n
• 404 Not Found - requested resource does not
exis
t
• 500 Internal Server Error - unhanded exception
in an app, such as a PHP erro
r
• Next page: Link Ch 3l
29.
30. HTTPS
• HTTP over SSL (Secure Sockets Layer
)
• Actually now TLS (Transport Layer Security
)
• All versions of SSL are deprecate
d
• Protects data with encryptio
n
• Protects data in motion, but not at rest or in
use
31. HTTP Proxies
• Browser sends requests to proxy serve
r
• Proxy fetches resource and sends it to browse
r
• Proxies may provide caching, authentication,
and access control
32. HTTPS and Man-in-the-
Middle (MITM) Attacks
• HTTPS connections use public-key
cryptography and end-to-end encryptio
n
• Only the endpoints can decrypt traf
fi
c
• Companies wishing to restrict HTTPS traf
fi
c
have two choice
s
• Perform complete MITM with fake certi
fi
cates,
or real root certi
fi
cates from trusted CA'
s
• Allow encrypted traf
fi
c to trusted domains
without being able to inspect it
33. HTTPS and Proxies
• Browser sends an HTTP request to the proxy
using the CONNECT method and destination
hostname and port numbe
r
• If proxy allows the request, it returns 200 status
and keeps the TCP connection ope
n
• Thereafter acts as a pure TCP-level relay to the
destination web server
34. HTTP Authentication
• Basic: sends username and password in
Base64-encodin
g
• NTLM: Uses Windows NTLM protocol (MD4
hashing
)
• Digest: Challenge-response using MD5 hashin
g
• These are generally used in intranets, not on
the Interne
t
• All are very weak cryptographically, and should
be protected with HTTPS
37. Server-Side Functionality
• Static content - HTML pages and images that
are the same for all user
s
• Dynamic content - response created in the
fl
y,
can be customized for each use
r
• Created by scripts on the serve
r
• Customized based on parameters in the
request
39. Other Inputs
• Server-side application may use any part of the
HTTP request as an inpu
t
• Such as User-Agen
t
• Often used to display smartphone-friendly
versions of pages
41. The Java Platform
• Standard for large-scale enterprise application
s
• Lends itself to multitiered and load-balanced
architecture
s
• Well-suited to modular development and code
reus
e
• Runs on Windows, Linux, and Solaris
42. Java Platform Terms
• Enterprise Java Bean (EJB
)
• Heavyweight software component to encapsulate
business logic, such as transactional integrity
• Plain Old Java Object (POJO
)
• User-de
fi
ned, lightweight object, distinct from a
special object such as an EJB
• Java Servle
t
• Object on an application server that receives
HTTP requests from client and returns HTTP
responses
43. Java Platform Terms
• Java web containe
r
• Platform or engine that provides a runtime
environment for Java-based web applications
• Ex: Apache Tomcat, BEA WebLogic, JBoss
45. ASP.NET
• Microsoft's web application framewor
k
• Competitor to Java platfor
m
• Uses .NET Framework, which provides a virtual
machine (the Common Language Runtime) and
a set of powerful APIs (Application Program
Interfaces
)
• Applications can be written in any .NET
language, such as C# or VB.NET
46. Visual Studio
• Powerful development environment for ASP.NET
application
s
• Easy for developers to make a web application,
even with limited programming skill
s
• ASP.NET helps protect against some common
vulnerabilities, such as cross-site scripting,
without requiring any effort from the developer
47. PHP
• Originally "Personal Home Page", now "PHP
Hypertext Processor
"
• Often used on LAMP server
s
• Linux, Apache, MySQL, and PH
P
• Free and easy to use, but many security
problem
s
• Both in PHP itself and in custom code using it
49. Ruby on Rails
• Allows rapid development of application
s
• Can autogenerate much of the code if developer
follows the Rails coding style and naming
convention
s
• Has vulnerabilities like PHP
50. SQL (Structured Query
Language)
• Used to access data in relational databases,
such as Oracle, MS-SQL, and MySQ
L
• Data stored in tables, each containing rows and
column
s
• SQL queries are used to read, add, update, or
delete dat
a
• SQL injection vulnerabilities are very severe
54. SOAP
• If user-supplied data is incorporated into SOAP
requests, it can have code injection
vulnerabilitie
s
• Server usually publishes available services and
parameters using Web Services Description
Language (WSDL
)
• soapUI and other tools can generate requests
based on WSDL
fi
le
63. CSS
Cascading Style Sheets
• Speci
fi
es format of document element
s
• Separates content from presentatio
n
• Has vulnerabilities, and can be used for attacks
64. Javascript
• Scripts that run in the client's browse
r
• Used to validate user-entered data before
submitting it to the serve
r
• Dynamically modify UI in response to user
action, such as in drop-down menu
s
• Using Document Object Model (DOM) to control
the browser's behavior
65. VBScript
• Microsoft's alternative to JavaScrip
t
• Only supported in Internet Explorer (now
obsolete
)
• Edge does not support VBScrip
t
• Links Ch 3d, 3e
68. Ajax
Asynchronous JavaScript and XML
• Client-side scripts can fetch data without
reloading the entire pag
e
• Allow you to drag Google Maps around
70. JSON
JavaScript Object Notation
• Client-side JavaScript uses the
XMLHttpRequest API to request data from a
serve
r
• Data is returned in JSON format:
72. Same-Origin Policy
• Prevents content from different origins
interfering with each other in a browse
r
• Content from one website can only read and
modify data from the same websit
e
• Ex: scripts on Facebook can't read or write to
data on your online banking pag
e
• When this process fails, you get Cross-Site
Scripting, Cross-Site Request Forgery, and
other attacks
77. State and Sessions
• Stateful data required to supplement stateless
HTT
P
• This data is held in a server-side structure
called a session
• The session contains data such as items added
to a shopping car
t
• Some state data is stored on the client, often
HTTP cookies or hidden form
fi
elds
79. URL Encoding
• URLs may contain only printable ASCII
character
s
• 0x20 to 0x7e, inclusiv
e
• To transfer other characters, or problematic
ASCII characters, over HTTP, they must be URL-
encided
84. • HTML-encoding user data before sending it to
another user is used to prevent Cross-Site
Scripting attacks
85. Base64 Encoding
• Represents binary data using 64 ASCII
character
s
• Six bits at a tim
e
• Used to encode email attachments so they can
be sent via SMT
P
• Uses this character set