SlideShare a Scribd company logo

Chapter 1 introduction(web security)

K
Kirti Ahirrao

The document provides an overview of web security. It discusses the internet and the World Wide Web, vulnerabilities and threats to web applications like phishing and SQL injection, as well as countermeasures. It also outlines a generic security model covering security policies, host security, network security, organizational security, and legal security. Finally, it examines the components of web application architecture like user interface elements, structural components involving web browsers, application servers, and database servers.

1 of 20
Download to read offline
WEB SECURITY CHAPTER-1.INTRODUCTION Prof. Kirti Ahirrao PROF. KIRTI AHIRRAO
Index: Prof. Kirti Ahirrao 2 1. Internet & WWW 2. Vulnerabilities, threats and countermeasures. 3. Generic Security Model : - Security policy, - Host security, - Network security, - Organizational security, - Legal Security 4. Web Application Architecture Components, Complex Web Applications, Software Components
Internet • Internet is a massive network of networks • It is networking infrastructure. • It is a decentralized networks. • It connects millions of users/computers together globally. • When any computer is connected in network, that computer can communicate with any other computer on internet. • Information can travel from network in any language known as protocols. Prof.KirtiAhirrao 3
• WWW stands for World Wide Web • It is a way of accessing information over the medium of the internet. • It is the information-sharing model, which is built on the top of internet. • The web uses the HTTP protocol, only one of the languages spoken over the internet, to transmit data. • The web also utilizes browsers, such as Internet Explorer or Firefox, to access Web documents called webpages that are linked to each other via hyperlinks. Web documents also contain graphics, sounds, text and video. Prof.KirtiAhirrao 4 WWW
Vulnerabilities P r o f . K i r t i A h i r r a o 1. It is a weakness in the application, which can be a design flaw or an implementation bug, 2. It allows an attacker to cause harm to the stakeholders of an application. 3. Stakeholders include the application owner, application users, and other entities that rely on the application. Examples: • Lack of input validation on user input • Lack of sufficient logging mechanism • Fail-open error handling • Not closing the database connection properly 5
Threats P R O F . K I R T I A H I R R A O Web-based threats – or online threats – are malware programs that can target you when you’re using the Internet. These browser-based threats include a range of malicious software programs that are designed to infect victims’ computers. Web security threats are constantly emerging and evolving, but a number of threats consistently appear at the top of web security threat lists. These include: • Phishing • Ransomware • SQL injection • Cross-site scripting • Code injection • CEO fraud and impersonation • Viruses and worms • Spyware 6
Countermeasures: P R O F . K I R T I A H I R R A O In computer security a countermeasure is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken. 1. Preventative – These work by keeping something from happening in the first place. ... 2. Reactive – Reactive countermeasures come into effect only after an event has already occurred. 3. Detective – Examples of detective counter measures It includes system monitoring, IDS, anti-virus, motion detectors and IPS. 7
Generic Security model P R O F . K I R T I A H I R R A O 8 Security policy, Host security, Network security, Organizational security, Legal Security
Security Policy : • Security policies are a formal set of rules which is issued by an organization to ensure that the user who are authorized to access company technology and information assets comply with rules and guidelines related to the security of information. • It is a written document in the organization which is responsible for how to protect the organizations from threats and how to handles them when they will occur. • A security policy also considered to be a "living document" which means that the document is never finished, but it is continuously updated as requirements of the technology and employee changes. • Needs of security policy: 1) It increases efficiency 2) It upholds discipline and accountability 3) It can make or break a business deal 4) It helps to educate employees on security literacy PROF. KIRTI AHIRRAO 9
Host Security • It is easy to focus on the security of the software we use and forget about the hardware and software that ‘hosts’ it – our desktops, laptops, mobile devices, their operating systems and configurations. • Strong host security addresses the key aspects of your hosts, including hardware, software, server and storage components. • It ensures you are equipped to defend yourself against, and appropriately respond to, cyber-attacks, when they occur. • Sense of Security’s host level security assessment provides insight into your host security configuration. • It also includes aspects that cannot be seen from the network. • This allows us to identify, and address, your additional weaknesses and exposures to cyber risk. PROF. KIRTI AHIRRAO 10
Network Security P R O F . K I R T I A H I R R A O • Network security is a broad term that covers a multitude of technologies, devices and processes. • In its simplest term, it is a set of rules and configurations designed to protect the integrity, confidentiality and accessibility of computer networks and data using both software and hardware technologies. • Every organization, regardless of size, industry or infrastructure, requires a degree of network security solutions in place to protect it from the ever-growing landscape of cyber threats in the wild today. • Today's network architecture is complex and is faced with a threat environment that is always changing and attackers that are always trying to find and exploit vulnerabilities. These vulnerabilities can exist in a broad number of areas, including devices, data, applications, users and locations. • For this reason, there are many network security management tools and applications in use today that address individual threats and exploits and also regulatory non-compliance. When just a few minutes of downtime can cause widespread disruption and massive damage to an organization's bottom line and reputation, it is essential that these protection measures are in place. 11
Network Security P R O F . K I R T I A H I R R A O Types of network security: • Physical network security • Technical network security • Administrative network security 12
Types of Network Security P R O F . K I R T I A H I R R A O 13 Physical Network Security : Physical security controls are designed to prevent unauthorized personnel from gaining physical access to network components such as routers, cabling cupboards and so on. Controlled access, such as locks, biometric authentication and other devices, is essential in any organization. Technical Network Security : Technical security controls protect data that is stored on the network or which is in transit across, into or out of the network. Protection is twofold; it needs to protect data and systems from unauthorized personnel, and it also needs to protect against malicious activities from employees. Administrative Network Security : Administrative security controls consist of security policies and processes that control user behavior, including how users are authenticated, their level of access and also how IT staff members implement changes to the infrastructure.
Organizational Security P R O F . K I R T I A H I R R A O • Organizational security as a sustained, appropriate level of security in team communication and information management practices. • When more than one person works together to achieve a goal, they need to be able to communicate and manage information to get things done. • Organizational security has much more to do with the social and political decision-making of an organization. Security isn’t about the perfect technical fix. • It’s about working with all members of the team to make sure that they understand the issues and the value of protecting information. • Supporting awareness raising activities to encourage individual thinking about security (in addition to how-to’s, instructions, and policies) is key to supporting longer term growth and more organic adaptation to new threats. 14
Legal Security P R O F . K I R T I A H I R R A O • To make cybersecurity measures explicit, the written norms are required. These norms are known as cybersecurity standards: the generic sets of prescriptions for an ideal execution of certain measures. • The standards may involve methods, guidelines, reference frameworks, etc. It ensures efficiency of security, facilitates integration and interoperability, enables meaningful comparison of measures, reduces complexity, and provide the structure for new developments. • A security standard is "a published specification that establishes a common language & contains a technical specification or other precise criteria and is designed to be used consistently, as a rule, a guideline, or a definition.“ • The goal of security standards is to improve the security of information technology (IT) systems, networks, and critical infrastructures. • The Well-Written cybersecurity standards enable consistency among product developers and serve as a reliable standard for purchasing security products. • Security standards are generally provided for all organizations regardless of their size or the industry and sector in which they operate. This section includes information about each standard that is usually recognized as an essential component of any cybersecurity strategy. 15
Web Application Architecture Components: PROF. KIRTI AHIRRAO 1 6
Web Application Architecture Components: (contd.) User interface app components • This is a reference to the web pages that have a role that is related to the display, settings and configurations. • It is related the interface/experience, rather than the development, and consequently it deals with display dashboards, configuration settings, notifications, and logs etc. Structural components • The structural components of a web application basically refer to the functionality of the web application with which a user interacts, the control and the database storage. • In other words, it has got more to do with the structural aspects of the architecture, as the name suggests. • This basically comprises (1) The web browser or client, (2) The web application server and (3) The database server. PROF.KIRTIAHIRRAO 17
Structural Components: P R O F . K I R T I A H I R R A O 18 The web browser or client permits the users to interact with the functions of the web apps and is generally developed using HTML, CSS, and JavaScript. The web application server handles the central hub that supports business logic and multi-layer applications, and is generally developed using Python, PHP, Java, .NET, Ruby, and Node.js. The database server offers business logic and relevant information/data that is stored and managed by the web application server. It stores, retrieves and provides the information.
References: • https://www.webopedia.com/DidYouKnow/Internet/Web_vs_Internet.asp • https://owasp.org/www- community/vulnerabilities/#:~:text=A%20vulnerability%20is%20a%20hole,that%20 rely%20on%20the%20application. • https://www.senseofsecurity.com.au/cyber-security-services/host-level-security- assessment/#:~:text=Strong%20host%20security%20addresses%20the,%2Dattacks% 2C%20when%20they%20occur. • https://www.javatpoint.com/cyber-security- policies#:~:text=Security%20policies%20are%20a%20formal,to%20the%20security %20of%20information. • https://www.forcepoint.com/cyber-edu/network-security • https://www.theengineroom.org/what-weve-learned-about-organizational-security-in- 2014/ • https://www.peerbits.com/blog/web-application-architecture.html PROF. KIRTI AHIRRAO 19
THANK YOU P R O F . K I R T I A H I R R A O 20

Recommended

Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Dhani Ahmad
 
12 security policies
12 security policies12 security policies
12 security policies
Saqib Raza
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
Marneil Sanchez
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Kumawat Dharmpal
 
Computing safety
Computing safetyComputing safety
Computing safety
titoferrus
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet SecurityAna Meskovska
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
KATHEESKUMAR S
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 

Recommended

Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Dhani Ahmad
 
12 security policies
12 security policies12 security policies
12 security policies
Saqib Raza
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
Marneil Sanchez
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Kumawat Dharmpal
 
Computing safety
Computing safetyComputing safety
Computing safety
titoferrus
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet SecurityAna Meskovska
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
KATHEESKUMAR S
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Dr. Loganathan R
 
Information security
Information security Information security
Information security
razendar79
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
Dhani Ahmad
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
17 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_201217 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_2012
RECIPA
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-security
Al Balqa Applied University
 
Ch01 Introduction to Security
Ch01 Introduction to SecurityCh01 Introduction to Security
Ch01 Introduction to Security
Information Technology
 
Cyber security vs information assurance
Cyber security vs information assuranceCyber security vs information assurance
Cyber security vs information assurance
Vaughan Olufemi ACIB, AICEN, ANIM
 
Security technologies
Security technologiesSecurity technologies
Security technologies
Dhani Ahmad
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
Online
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John Lado
Mark John Lado, MIT
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015
Jeffery Brown
 
Unit v
Unit vUnit v
Unit vbharatnaruka90
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
Zara Nawaz
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of Computer
Faizan Janjua
 
Security Awareness and Training
Security Awareness and TrainingSecurity Awareness and Training
Security Awareness and TrainingPriyank Hada
 
Evolution of Security
Evolution of SecurityEvolution of Security
Evolution of Security
DM_GS
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptx
Govt. P.G. College Sendhwa, Barwani (M.P.)
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
elmuhammadmuhammad
 

More Related Content

What's hot

Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Dr. Loganathan R
 
Information security
Information security Information security
Information security
razendar79
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
Dhani Ahmad
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
17 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_201217 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_2012
RECIPA
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-security
Al Balqa Applied University
 
Ch01 Introduction to Security
Ch01 Introduction to SecurityCh01 Introduction to Security
Ch01 Introduction to Security
Information Technology
 
Cyber security vs information assurance
Cyber security vs information assuranceCyber security vs information assurance
Cyber security vs information assurance
Vaughan Olufemi ACIB, AICEN, ANIM
 
Security technologies
Security technologiesSecurity technologies
Security technologies
Dhani Ahmad
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
Online
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John Lado
Mark John Lado, MIT
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015
Jeffery Brown
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
Zara Nawaz
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of Computer
Faizan Janjua
 
Security Awareness and Training
Security Awareness and TrainingSecurity Awareness and Training
Security Awareness and TrainingPriyank Hada
 
Evolution of Security
Evolution of SecurityEvolution of Security
Evolution of Security
DM_GS
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptx
Govt. P.G. College Sendhwa, Barwani (M.P.)
 

What's hot (20)

Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Information security
Information security Information security
Information security
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
17 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_201217 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_2012
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-security
 
Ch01 Introduction to Security
Ch01 Introduction to SecurityCh01 Introduction to Security
Ch01 Introduction to Security
 
Cyber security vs information assurance
Cyber security vs information assuranceCyber security vs information assurance
Cyber security vs information assurance
 
Security technologies
Security technologiesSecurity technologies
Security technologies
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John Lado
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015
 
Unit v
Unit vUnit v
Unit v
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of Computer
 
Security Awareness and Training
Security Awareness and TrainingSecurity Awareness and Training
Security Awareness and Training
 
Evolution of Security
Evolution of SecurityEvolution of Security
Evolution of Security
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptx
 

Similar to Chapter 1 introduction(web security)

Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
elmuhammadmuhammad
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
wkyra78
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
madunix
 
All About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxAll About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptx
Infosectrain3
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
TikdiPatel
 
what is cybersecurity.pdf
what is cybersecurity.pdfwhat is cybersecurity.pdf
what is cybersecurity.pdf
publicchats
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
KnownId
 
security of information systems
security of information systems security of information systems
security of information systems
♥♛❁Sukla♥❀njoyng Breath♥
 
network security.pdf
network security.pdfnetwork security.pdf
network security.pdf
JeganathanJayaran
 
Presentation 1.pptx
Presentation 1.pptxPresentation 1.pptx
Presentation 1.pptx
rabeetkashif
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docx
NeilStark1
 
How to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfHow to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdf
NeilStark1
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docx
NeilStark1
 
Week-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptxWeek-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptx
yasirkhokhar7
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
Malu704065
 
Lecture 01 Information Security BS computer Science
Lecture 01 Information Security BS computer ScienceLecture 01 Information Security BS computer Science
Lecture 01 Information Security BS computer Science
maqib8373
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
shinydey
 
Information Technology Security Management
Information Technology Security ManagementInformation Technology Security Management
Information Technology Security Management
MITSDEDistance
 
network security.001.pptx................
network security.001.pptx................network security.001.pptx................
network security.001.pptx................
MuhammadKhalil858111
 

Similar to Chapter 1 introduction(web security) (20)

Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- ingles
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
 
All About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxAll About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptx
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
 
what is cybersecurity.pdf
what is cybersecurity.pdfwhat is cybersecurity.pdf
what is cybersecurity.pdf
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
 
security of information systems
security of information systems security of information systems
security of information systems
 
network security.pdf
network security.pdfnetwork security.pdf
network security.pdf
 
Presentation 1.pptx
Presentation 1.pptxPresentation 1.pptx
Presentation 1.pptx
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docx
 
How to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfHow to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdf
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docx
 
Week-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptxWeek-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptx
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
 
Lecture 01 Information Security BS computer Science
Lecture 01 Information Security BS computer ScienceLecture 01 Information Security BS computer Science
Lecture 01 Information Security BS computer Science
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
Information Technology Security Management
Information Technology Security ManagementInformation Technology Security Management
Information Technology Security Management
 
network security.001.pptx................
network security.001.pptx................network security.001.pptx................
network security.001.pptx................
 

More from Kirti Ahirrao

BusTopolgy.pptx
BusTopolgy.pptxBusTopolgy.pptx
BusTopolgy.pptx
Kirti Ahirrao
 
Attack on Sony
Attack on SonyAttack on Sony
Attack on Sony
Kirti Ahirrao
 
Firewall traversals
Firewall traversalsFirewall traversals
Firewall traversals
Kirti Ahirrao
 
Application layer security protocol
Application layer security protocolApplication layer security protocol
Application layer security protocol
Kirti Ahirrao
 
Internet layer security protocol & IPsec
Internet layer security protocol & IPsecInternet layer security protocol & IPsec
Internet layer security protocol & IPsec
Kirti Ahirrao
 
Network access layer security protocol
Network access layer security protocolNetwork access layer security protocol
Network access layer security protocol
Kirti Ahirrao
 

More from Kirti Ahirrao (6)

BusTopolgy.pptx
BusTopolgy.pptxBusTopolgy.pptx
BusTopolgy.pptx
 
Attack on Sony
Attack on SonyAttack on Sony
Attack on Sony
 
Firewall traversals
Firewall traversalsFirewall traversals
Firewall traversals
 
Application layer security protocol
Application layer security protocolApplication layer security protocol
Application layer security protocol
 
Internet layer security protocol & IPsec
Internet layer security protocol & IPsecInternet layer security protocol & IPsec
Internet layer security protocol & IPsec
 
Network access layer security protocol
Network access layer security protocolNetwork access layer security protocol
Network access layer security protocol
 

Recently uploaded

Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
Celine George
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
Tamralipta Mahavidyalaya
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 
Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)
rosedainty
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
Sectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdfSectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdf
Vivekanand Anglo Vedic Academy
 
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptxMARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
bennyroshan06
 
How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERPHow to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
Celine George
 
Basic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumersBasic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumers
PedroFerreira53928
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
MIRIAMSALINAS13
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
siemaillard
 
Introduction to Quality Improvement Essentials
Introduction to Quality Improvement EssentialsIntroduction to Quality Improvement Essentials
Introduction to Quality Improvement Essentials
Excellence Foundation for South Sudan
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
Nguyen Thanh Tu Collection
 
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxStudents, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
EduSkills OECD
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
Jisc
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
EverAndrsGuerraGuerr
 

Recently uploaded (20)

Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 
Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
Sectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdfSectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdf
 
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptxMARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
 
How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERPHow to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
 
Basic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumersBasic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumers
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
Introduction to Quality Improvement Essentials
Introduction to Quality Improvement EssentialsIntroduction to Quality Improvement Essentials
Introduction to Quality Improvement Essentials
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
 
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
 
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxStudents, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
 

Chapter 1 introduction(web security)

  • 2. Index: Prof. Kirti Ahirrao 2 1. Internet & WWW 2. Vulnerabilities, threats and countermeasures. 3. Generic Security Model : - Security policy, - Host security, - Network security, - Organizational security, - Legal Security 4. Web Application Architecture Components, Complex Web Applications, Software Components
  • 3. Internet • Internet is a massive network of networks • It is networking infrastructure. • It is a decentralized networks. • It connects millions of users/computers together globally. • When any computer is connected in network, that computer can communicate with any other computer on internet. • Information can travel from network in any language known as protocols. Prof.KirtiAhirrao 3
  • 4. • WWW stands for World Wide Web • It is a way of accessing information over the medium of the internet. • It is the information-sharing model, which is built on the top of internet. • The web uses the HTTP protocol, only one of the languages spoken over the internet, to transmit data. • The web also utilizes browsers, such as Internet Explorer or Firefox, to access Web documents called webpages that are linked to each other via hyperlinks. Web documents also contain graphics, sounds, text and video. Prof.KirtiAhirrao 4 WWW
  • 5. Vulnerabilities P r o f . K i r t i A h i r r a o 1. It is a weakness in the application, which can be a design flaw or an implementation bug, 2. It allows an attacker to cause harm to the stakeholders of an application. 3. Stakeholders include the application owner, application users, and other entities that rely on the application. Examples: • Lack of input validation on user input • Lack of sufficient logging mechanism • Fail-open error handling • Not closing the database connection properly 5
  • 6. Threats P R O F . K I R T I A H I R R A O Web-based threats – or online threats – are malware programs that can target you when you’re using the Internet. These browser-based threats include a range of malicious software programs that are designed to infect victims’ computers. Web security threats are constantly emerging and evolving, but a number of threats consistently appear at the top of web security threat lists. These include: • Phishing • Ransomware • SQL injection • Cross-site scripting • Code injection • CEO fraud and impersonation • Viruses and worms • Spyware 6
  • 7. Countermeasures: P R O F . K I R T I A H I R R A O In computer security a countermeasure is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken. 1. Preventative – These work by keeping something from happening in the first place. ... 2. Reactive – Reactive countermeasures come into effect only after an event has already occurred. 3. Detective – Examples of detective counter measures It includes system monitoring, IDS, anti-virus, motion detectors and IPS. 7
  • 8. Generic Security model P R O F . K I R T I A H I R R A O 8 Security policy, Host security, Network security, Organizational security, Legal Security
  • 9. Security Policy : • Security policies are a formal set of rules which is issued by an organization to ensure that the user who are authorized to access company technology and information assets comply with rules and guidelines related to the security of information. • It is a written document in the organization which is responsible for how to protect the organizations from threats and how to handles them when they will occur. • A security policy also considered to be a "living document" which means that the document is never finished, but it is continuously updated as requirements of the technology and employee changes. • Needs of security policy: 1) It increases efficiency 2) It upholds discipline and accountability 3) It can make or break a business deal 4) It helps to educate employees on security literacy PROF. KIRTI AHIRRAO 9
  • 10. Host Security • It is easy to focus on the security of the software we use and forget about the hardware and software that ‘hosts’ it – our desktops, laptops, mobile devices, their operating systems and configurations. • Strong host security addresses the key aspects of your hosts, including hardware, software, server and storage components. • It ensures you are equipped to defend yourself against, and appropriately respond to, cyber-attacks, when they occur. • Sense of Security’s host level security assessment provides insight into your host security configuration. • It also includes aspects that cannot be seen from the network. • This allows us to identify, and address, your additional weaknesses and exposures to cyber risk. PROF. KIRTI AHIRRAO 10
  • 11. Network Security P R O F . K I R T I A H I R R A O • Network security is a broad term that covers a multitude of technologies, devices and processes. • In its simplest term, it is a set of rules and configurations designed to protect the integrity, confidentiality and accessibility of computer networks and data using both software and hardware technologies. • Every organization, regardless of size, industry or infrastructure, requires a degree of network security solutions in place to protect it from the ever-growing landscape of cyber threats in the wild today. • Today's network architecture is complex and is faced with a threat environment that is always changing and attackers that are always trying to find and exploit vulnerabilities. These vulnerabilities can exist in a broad number of areas, including devices, data, applications, users and locations. • For this reason, there are many network security management tools and applications in use today that address individual threats and exploits and also regulatory non-compliance. When just a few minutes of downtime can cause widespread disruption and massive damage to an organization's bottom line and reputation, it is essential that these protection measures are in place. 11
  • 12. Network Security P R O F . K I R T I A H I R R A O Types of network security: • Physical network security • Technical network security • Administrative network security 12
  • 13. Types of Network Security P R O F . K I R T I A H I R R A O 13 Physical Network Security : Physical security controls are designed to prevent unauthorized personnel from gaining physical access to network components such as routers, cabling cupboards and so on. Controlled access, such as locks, biometric authentication and other devices, is essential in any organization. Technical Network Security : Technical security controls protect data that is stored on the network or which is in transit across, into or out of the network. Protection is twofold; it needs to protect data and systems from unauthorized personnel, and it also needs to protect against malicious activities from employees. Administrative Network Security : Administrative security controls consist of security policies and processes that control user behavior, including how users are authenticated, their level of access and also how IT staff members implement changes to the infrastructure.
  • 14. Organizational Security P R O F . K I R T I A H I R R A O • Organizational security as a sustained, appropriate level of security in team communication and information management practices. • When more than one person works together to achieve a goal, they need to be able to communicate and manage information to get things done. • Organizational security has much more to do with the social and political decision-making of an organization. Security isn’t about the perfect technical fix. • It’s about working with all members of the team to make sure that they understand the issues and the value of protecting information. • Supporting awareness raising activities to encourage individual thinking about security (in addition to how-to’s, instructions, and policies) is key to supporting longer term growth and more organic adaptation to new threats. 14
  • 15. Legal Security P R O F . K I R T I A H I R R A O • To make cybersecurity measures explicit, the written norms are required. These norms are known as cybersecurity standards: the generic sets of prescriptions for an ideal execution of certain measures. • The standards may involve methods, guidelines, reference frameworks, etc. It ensures efficiency of security, facilitates integration and interoperability, enables meaningful comparison of measures, reduces complexity, and provide the structure for new developments. • A security standard is "a published specification that establishes a common language & contains a technical specification or other precise criteria and is designed to be used consistently, as a rule, a guideline, or a definition.“ • The goal of security standards is to improve the security of information technology (IT) systems, networks, and critical infrastructures. • The Well-Written cybersecurity standards enable consistency among product developers and serve as a reliable standard for purchasing security products. • Security standards are generally provided for all organizations regardless of their size or the industry and sector in which they operate. This section includes information about each standard that is usually recognized as an essential component of any cybersecurity strategy. 15
  • 17. Web Application Architecture Components: (contd.) User interface app components • This is a reference to the web pages that have a role that is related to the display, settings and configurations. • It is related the interface/experience, rather than the development, and consequently it deals with display dashboards, configuration settings, notifications, and logs etc. Structural components • The structural components of a web application basically refer to the functionality of the web application with which a user interacts, the control and the database storage. • In other words, it has got more to do with the structural aspects of the architecture, as the name suggests. • This basically comprises (1) The web browser or client, (2) The web application server and (3) The database server. PROF.KIRTIAHIRRAO 17
  • 18. Structural Components: P R O F . K I R T I A H I R R A O 18 The web browser or client permits the users to interact with the functions of the web apps and is generally developed using HTML, CSS, and JavaScript. The web application server handles the central hub that supports business logic and multi-layer applications, and is generally developed using Python, PHP, Java, .NET, Ruby, and Node.js. The database server offers business logic and relevant information/data that is stored and managed by the web application server. It stores, retrieves and provides the information.
  • 19. References: • https://www.webopedia.com/DidYouKnow/Internet/Web_vs_Internet.asp • https://owasp.org/www- community/vulnerabilities/#:~:text=A%20vulnerability%20is%20a%20hole,that%20 rely%20on%20the%20application. • https://www.senseofsecurity.com.au/cyber-security-services/host-level-security- assessment/#:~:text=Strong%20host%20security%20addresses%20the,%2Dattacks% 2C%20when%20they%20occur. • https://www.javatpoint.com/cyber-security- policies#:~:text=Security%20policies%20are%20a%20formal,to%20the%20security %20of%20information. • https://www.forcepoint.com/cyber-edu/network-security • https://www.theengineroom.org/what-weve-learned-about-organizational-security-in- 2014/ • https://www.peerbits.com/blog/web-application-architecture.html PROF. KIRTI AHIRRAO 19
  • 20. THANK YOU P R O F . K I R T I A H I R R A O 20