SlideShare a Scribd company logo

Gopher & Search Engines.pptx

Download as PPTX, PDF
A
ApurvSingh65

The Gopher protocol is a TCP/IP application layer protocol designed for distributing, searching, and retrieving documents over the Internet. The Gopher protocol was strongly oriented towards a menu-document design and presented an alternative to the World Wide Web in its early stages, but ultimately HTTP became the dominant protocol. The Gopher ecosystem is often regarded as the effective predecessor of the World Wide Web. The Gopher protocol is a TCP/IP application layer protocol designed for distributing, searching, and retrieving documents over the Internet. The Gopher protocol was strongly oriented towards a menu-document design and presented an alternative to the World Wide Web in its early stages, but ultimately HTTP became the dominant protocol. The Gopher ecosystem is often regarded as the effective predecessor of the World Wide Web. It offers some features not natively supported by the Web and imposes a much stronger hierarchy on information stored on it. Its text menu interface is well-suited to computing environments that rely heavily on remote text-oriented computer terminals, which were still common at the time of its creation in 1991, and the simplicity of its protocol faci

Engineering
1 of 17
Gopher & Search Engines
GOPHER • The Gopher protocol is a TCP/IP application layer protocol designed for distributing, searching, and retrieving documents over the Internet. The Gopher protocol was strongly oriented towards a menu-document design and presented an alternative to the World Wide Web in its early stages, but ultimately HTTP became the dominant protocol. The Gopher ecosystem is often regarded as the effective predecessor of the World Wide Web. • Works on port 70.
• It offers some features not natively supported by the Web and imposes a much stronger hierarchy on information stored on it. Its text menu interface is well-suited to computing environments that rely heavily on remote text- oriented computer terminals, which were still common at the time of its creation in 1991, and the simplicity of its protocol facilitated a wide variety of client implementations.
Goals • Its central goals were, as stated in RFC 1436 – A file-like hierarchical arrangement that would be familiar to users. – A simple syntax. – A system that can be created quickly and inexpensively. – Extending the file system metaphor, such as searches
Search Engines • A web search engine is a software system that is designed to search for information on the World Wide Web. The search results are generally presented in a line of results often referred to as search engine results pages (SERPs). The information may be a mix of web pages, images, and other types of files. Some search engines also mine data available in databases or open directories. Unlike web directories, which are maintained only by human editors, search engines also maintain real-time information by running an algorithm on a web crawler.
How web search engines work • A search engine operates in the following order: – Web crawling -A Web crawler is an Internet bot that systematically browses the WWW, typically for the purpose of Web indexing. A Web crawler may also be called a Web spider, an ant, an automatic indexer. – Indexing – Searching
7 UCB SIMS 202, Sept. 2004 Avi Rappoport, Search Tools Consulting Search Processing
Architecture of a Search Engine The Web Ad indexes Web Results 1 - 10 of about 7,310,000 for miele. (0.12 seconds) Miele, Inc -- Anything else is a compromise At the heart of your home, Appliances by Miele. ... USA. to miele.com. Residential Appliances. Vacuum Cleaners. Dishwashers. Cooking Appliances. Steam Oven. Coffee System ... www.miele.com/ - 20k - Cached - Similar pages Miele Welcome to Miele, the home of the very best appliances and kitchens in the world. www.miele.co.uk/ - 3k - Cached - Similar pages Miele - Deutscher Hersteller von Einbaugeräten, Hausgeräten ... - [ Translate this page ] Das Portal zum Thema Essen & Geniessen online unter www.zu-tisch.de. Miele weltweit ...ein Leben lang. ... Wählen Sie die Miele Vertretung Ihres Landes. www.miele.de/ - 10k - Cached - Similar pages Herzlich willkommen bei Miele Österreich - [ Translate this page ] Herzlich willkommen bei Miele Österreich Wenn Sie nicht automatisch weitergeleitet werden, klicken Sie bitte hier! HAUSHALTSGERÄTE ... www.miele.at/ - 3k - Cached - Similar pages Sponsored Links CG Appliance Express Discount Appliances (650) 756-3931 Same Day Certified Installation www.cgappliance.com San Francisco-Oakland-San Jose, CA Miele Vacuum Cleaners Miele Vacuums- Complete Selection Free Shipping! www.vacuums.com Miele Vacuum Cleaners Miele-Free Air shipping! All models. Helpful advice. www.best-vacuum.com Web spider Indexer Indexes Search User
Web Security • Many sensitive tasks are done through web – Online banking, online shopping – Database access – System administration • Web applications and web users are targets of many attacks – Cross site scripting – SQL injection – Cross site request forgery – Information leakage – Session hijacking
Web Browser and Network Browser Network • Browser sends requests • Web site sends response pages, which may include code • Interaction susceptible to network attacks OS Hardware Web site request reply
Web Security Issues • Secure communications between client & server – HTTPS (HTTP over SSL) • User authentication & session management – Cookies & other methods • Active contents from different websites – Protecting resources maintained by browsers • Web application security • Web site authentication (e.g., anti-phishing) • Privacy concerns
Effect of the Attack • Attacker can execute arbitrary scripts in browser • Can manipulate any DOM component on victim.com – Control links on page – Control form fields (e.g. password field) on this page and linked pages. • Can infect other users: MySpace.com worm.
• More Web Security Issues – SQL injection – Side channel information leakage – Driveby downloads – Browser extension security – Cookie privacy issues
Web Applications Breach the Perimeter Internet DMZ Trusted Inside Corporate Inside HTTP(S) Allows HTTP port 80 Allows HTTPS port 443 Firewall only allows applications on the web server to talk to application server. Firewall only allows application server to talk to database server. IIS SunOne Apache ASP .NET WebSphere Java SQL Oracle DB2 Browser
• Technical Vulnerabilities – Result of insecure programming techniques – Mitigation requires code changes – Detectable by scanners • Logical Vulnerabilities – Result of insecure program logic – Most often to due to poor decisions regarding trust – Mitigation often requires design/architecture changes – Detection often requires humans to understand the context Web Application Vulnerabilities
How to Secure Web Applications • Incorporate security into the lifecycle – Apply information security principles to all software development efforts • Educate – Issue awareness, Training, etc…
How to Secure Web Applications • Incorporating security into lifecycle – Integrate security into application requirements – Including information security professionals in software architecture/design review – Security APIs & libraries (e.g. ESAPI, Validator, etc.) when possible – Threat modeling – Web application vulnerability assessment tools

Recommended

1. web technology basics
1. web technology basics1. web technology basics
1. web technology basics
Jyoti Yadav
 
Web design - How the Web works?
Web design - How the Web works?Web design - How the Web works?
Web design - How the Web works?
Mustafa Kamel Mohammadi
 
05.m3 cms list-ofwebserver
05.m3 cms list-ofwebserver05.m3 cms list-ofwebserver
05.m3 cms list-ofwebserver
tarensi
 
Web Browsers.pptx
Web Browsers.pptxWeb Browsers.pptx
Web Browsers.pptx
HariomMangal1
 
How the internet_works
How the internet_worksHow the internet_works
How the internet_works
arun nalam
 
web_server_browser.ppt
web_server_browser.pptweb_server_browser.ppt
web_server_browser.ppt
Lovely Professional University
 
Week two lecture
Week two lectureWeek two lecture
Week two lecture
Harry Essel
 
world wide web
world wide webworld wide web
world wide web
Richa Vasant
 

Recommended

1. web technology basics
1. web technology basics1. web technology basics
1. web technology basics
Jyoti Yadav
 
Web design - How the Web works?
Web design - How the Web works?Web design - How the Web works?
Web design - How the Web works?
Mustafa Kamel Mohammadi
 
05.m3 cms list-ofwebserver
05.m3 cms list-ofwebserver05.m3 cms list-ofwebserver
05.m3 cms list-ofwebserver
tarensi
 
Web Browsers.pptx
Web Browsers.pptxWeb Browsers.pptx
Web Browsers.pptx
HariomMangal1
 
How the internet_works
How the internet_worksHow the internet_works
How the internet_works
arun nalam
 
web_server_browser.ppt
web_server_browser.pptweb_server_browser.ppt
web_server_browser.ppt
Lovely Professional University
 
Week two lecture
Week two lectureWeek two lecture
Week two lecture
Harry Essel
 
world wide web
world wide webworld wide web
world wide web
Richa Vasant
 
5 introduction to internet
5 introduction to internet5 introduction to internet
5 introduction to internet
Vedpal Yadav
 
Web server hardware and software
Web server hardware and softwareWeb server hardware and software
Web server hardware and software
Vikram g b
 
Web Design Basics.pptx
Web Design Basics.pptxWeb Design Basics.pptx
Web Design Basics.pptx
BalasundaramSr
 
Web technology
Web technologyWeb technology
Web technology
Selvin Josy Bai Somu
 
Internet
InternetInternet
Internet
Ayebazibwe Kenneth
 
WP Chap 1 & 2.pptx
WP Chap 1 & 2.pptxWP Chap 1 & 2.pptx
WP Chap 1 & 2.pptx
AnkitaChauhan79
 
Eba ppt rajesh
Eba ppt rajeshEba ppt rajesh
Eba ppt rajesh
RajeshP153
 
INTERNET PART1.pptx
INTERNET PART1.pptxINTERNET PART1.pptx
INTERNET PART1.pptx
BhoopendraKumar38
 
Internet
InternetInternet
Internet
Cloudbells.com
 
Internet terminologies
Internet terminologiesInternet terminologies
Internet terminologies
raniseetha
 
Multimedia- How Internet Works
Multimedia- How Internet WorksMultimedia- How Internet Works
Multimedia- How Internet Works
sambhenilesh
 
introduction to web application development
introduction to web application developmentintroduction to web application development
introduction to web application development
FLYMAN TECHNOLOGY LIMITED
 
How the Internet Works
How the Internet WorksHow the Internet Works
How the Internet Works
Sharique Masood
 
Html
HtmlHtml
Html
kousika
 
internet
internetinternet
internet
ITNet
 
Web Technology – Web Server Setup : Chris Uriarte
Web Technology – Web Server Setup : Chris UriarteWeb Technology – Web Server Setup : Chris Uriarte
Web Technology – Web Server Setup : Chris Uriarte
webhostingguy
 
Presentation 1
Presentation 1Presentation 1
Presentation 1
aisadhsa
 
Web application development ( basics )
Web application development ( basics )Web application development ( basics )
Web application development ( basics )
Chirag Nag
 
E business internet_basics
E business internet_basicsE business internet_basics
E business internet_basics
Radiant Minds
 
Web Fendamentals
Web FendamentalsWeb Fendamentals
Web Fendamentals
Hiren Mistry
 
ASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdf
AhmedHussein950959
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation & Control
 

More Related Content

Similar to Gopher & Search Engines.pptx

5 introduction to internet
5 introduction to internet5 introduction to internet
5 introduction to internet
Vedpal Yadav
 
Web server hardware and software
Web server hardware and softwareWeb server hardware and software
Web server hardware and software
Vikram g b
 
Internet terminologies
Internet terminologiesInternet terminologies
Internet terminologies
raniseetha
 
Web Technology – Web Server Setup : Chris Uriarte
Web Technology – Web Server Setup : Chris UriarteWeb Technology – Web Server Setup : Chris Uriarte
Web Technology – Web Server Setup : Chris Uriarte
webhostingguy
 
Presentation 1
Presentation 1Presentation 1
Presentation 1
aisadhsa
 
E business internet_basics
E business internet_basicsE business internet_basics
E business internet_basics
Radiant Minds
 

Similar to Gopher & Search Engines.pptx (20)

5 introduction to internet
5 introduction to internet5 introduction to internet
5 introduction to internet
 
Web server hardware and software
Web server hardware and softwareWeb server hardware and software
Web server hardware and software
 
Web Design Basics.pptx
Web Design Basics.pptxWeb Design Basics.pptx
Web Design Basics.pptx
 
Web technology
Web technologyWeb technology
Web technology
 
Internet
InternetInternet
Internet
 
WP Chap 1 & 2.pptx
WP Chap 1 & 2.pptxWP Chap 1 & 2.pptx
WP Chap 1 & 2.pptx
 
Eba ppt rajesh
Eba ppt rajeshEba ppt rajesh
Eba ppt rajesh
 
INTERNET PART1.pptx
INTERNET PART1.pptxINTERNET PART1.pptx
INTERNET PART1.pptx
 
Internet
InternetInternet
Internet
 
Internet terminologies
Internet terminologiesInternet terminologies
Internet terminologies
 
Multimedia- How Internet Works
Multimedia- How Internet WorksMultimedia- How Internet Works
Multimedia- How Internet Works
 
introduction to web application development
introduction to web application developmentintroduction to web application development
introduction to web application development
 
How the Internet Works
How the Internet WorksHow the Internet Works
How the Internet Works
 
Html
HtmlHtml
Html
 
internet
internetinternet
internet
 
Web Technology – Web Server Setup : Chris Uriarte
Web Technology – Web Server Setup : Chris UriarteWeb Technology – Web Server Setup : Chris Uriarte
Web Technology – Web Server Setup : Chris Uriarte
 
Presentation 1
Presentation 1Presentation 1
Presentation 1
 
Web application development ( basics )
Web application development ( basics )Web application development ( basics )
Web application development ( basics )
 
E business internet_basics
E business internet_basicsE business internet_basics
E business internet_basics
 
Web Fendamentals
Web FendamentalsWeb Fendamentals
Web Fendamentals
 

Recently uploaded

Digital Signal Processing Lecture notes n.pdf
Digital Signal Processing Lecture notes n.pdfDigital Signal Processing Lecture notes n.pdf
Digital Signal Processing Lecture notes n.pdf
AbrahamGadissa
 
Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
gerogepatton
 
Hall booking system project report .pdf
Hall booking system project report .pdfHall booking system project report .pdf
Hall booking system project report .pdf
Kamal Acharya
 
RS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
RS Khurmi Machine Design Clutch and Brake Exercise Numerical SolutionsRS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
RS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
Atif Razi
 
Event Management System Vb Net Project Report.pdf
Event Management System Vb Net Project Report.pdfEvent Management System Vb Net Project Report.pdf
Event Management System Vb Net Project Report.pdf
Kamal Acharya
 
The Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfThe Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdf
Pipe Restoration Solutions
 
A case study of cinema management system project report..pdf
A case study of cinema management system project report..pdfA case study of cinema management system project report..pdf
A case study of cinema management system project report..pdf
Kamal Acharya
 
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdfHybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
fxintegritypublishin
 
Fruit shop management system project report.pdf
Fruit shop management system project report.pdfFruit shop management system project report.pdf
Fruit shop management system project report.pdf
Kamal Acharya
 

Recently uploaded (20)

ASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdf
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
 
Digital Signal Processing Lecture notes n.pdf
Digital Signal Processing Lecture notes n.pdfDigital Signal Processing Lecture notes n.pdf
Digital Signal Processing Lecture notes n.pdf
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
 
Vaccine management system project report documentation..pdf
Vaccine management system project report documentation..pdfVaccine management system project report documentation..pdf
Vaccine management system project report documentation..pdf
 
Toll tax management system project report..pdf
Toll tax management system project report..pdfToll tax management system project report..pdf
Toll tax management system project report..pdf
 
Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
 
Construction method of steel structure space frame .pptx
Construction method of steel structure space frame .pptxConstruction method of steel structure space frame .pptx
Construction method of steel structure space frame .pptx
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
 
Hall booking system project report .pdf
Hall booking system project report .pdfHall booking system project report .pdf
Hall booking system project report .pdf
 
RS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
RS Khurmi Machine Design Clutch and Brake Exercise Numerical SolutionsRS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
RS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
 
Event Management System Vb Net Project Report.pdf
Event Management System Vb Net Project Report.pdfEvent Management System Vb Net Project Report.pdf
Event Management System Vb Net Project Report.pdf
 
Cloud-Computing_CSE311_Computer-Networking CSE GUB BD - Shahidul.pptx
Cloud-Computing_CSE311_Computer-Networking CSE GUB BD - Shahidul.pptxCloud-Computing_CSE311_Computer-Networking CSE GUB BD - Shahidul.pptx
Cloud-Computing_CSE311_Computer-Networking CSE GUB BD - Shahidul.pptx
 
The Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfThe Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdf
 
A case study of cinema management system project report..pdf
A case study of cinema management system project report..pdfA case study of cinema management system project report..pdf
A case study of cinema management system project report..pdf
 
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdfHybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
 
Fruit shop management system project report.pdf
Fruit shop management system project report.pdfFruit shop management system project report.pdf
Fruit shop management system project report.pdf
 
Introduction to Casting Processes in Manufacturing
Introduction to Casting Processes in ManufacturingIntroduction to Casting Processes in Manufacturing
Introduction to Casting Processes in Manufacturing
 
fluid mechanics gate notes . gate all pyqs answer
fluid mechanics gate notes . gate all pyqs answerfluid mechanics gate notes . gate all pyqs answer
fluid mechanics gate notes . gate all pyqs answer
 
Democratizing Fuzzing at Scale by Abhishek Arya
Democratizing Fuzzing at Scale by Abhishek AryaDemocratizing Fuzzing at Scale by Abhishek Arya
Democratizing Fuzzing at Scale by Abhishek Arya
 

Gopher & Search Engines.pptx

  • 1. Gopher & Search Engines
  • 2. GOPHER • The Gopher protocol is a TCP/IP application layer protocol designed for distributing, searching, and retrieving documents over the Internet. The Gopher protocol was strongly oriented towards a menu-document design and presented an alternative to the World Wide Web in its early stages, but ultimately HTTP became the dominant protocol. The Gopher ecosystem is often regarded as the effective predecessor of the World Wide Web. • Works on port 70.
  • 3. • It offers some features not natively supported by the Web and imposes a much stronger hierarchy on information stored on it. Its text menu interface is well-suited to computing environments that rely heavily on remote text- oriented computer terminals, which were still common at the time of its creation in 1991, and the simplicity of its protocol facilitated a wide variety of client implementations.
  • 4. Goals • Its central goals were, as stated in RFC 1436 – A file-like hierarchical arrangement that would be familiar to users. – A simple syntax. – A system that can be created quickly and inexpensively. – Extending the file system metaphor, such as searches
  • 5. Search Engines • A web search engine is a software system that is designed to search for information on the World Wide Web. The search results are generally presented in a line of results often referred to as search engine results pages (SERPs). The information may be a mix of web pages, images, and other types of files. Some search engines also mine data available in databases or open directories. Unlike web directories, which are maintained only by human editors, search engines also maintain real-time information by running an algorithm on a web crawler.
  • 6. How web search engines work • A search engine operates in the following order: – Web crawling -A Web crawler is an Internet bot that systematically browses the WWW, typically for the purpose of Web indexing. A Web crawler may also be called a Web spider, an ant, an automatic indexer. – Indexing – Searching
  • 7. 7 UCB SIMS 202, Sept. 2004 Avi Rappoport, Search Tools Consulting Search Processing
  • 8. Architecture of a Search Engine The Web Ad indexes Web Results 1 - 10 of about 7,310,000 for miele. (0.12 seconds) Miele, Inc -- Anything else is a compromise At the heart of your home, Appliances by Miele. ... USA. to miele.com. Residential Appliances. Vacuum Cleaners. Dishwashers. Cooking Appliances. Steam Oven. Coffee System ... www.miele.com/ - 20k - Cached - Similar pages Miele Welcome to Miele, the home of the very best appliances and kitchens in the world. www.miele.co.uk/ - 3k - Cached - Similar pages Miele - Deutscher Hersteller von Einbaugeräten, Hausgeräten ... - [ Translate this page ] Das Portal zum Thema Essen & Geniessen online unter www.zu-tisch.de. Miele weltweit ...ein Leben lang. ... Wählen Sie die Miele Vertretung Ihres Landes. www.miele.de/ - 10k - Cached - Similar pages Herzlich willkommen bei Miele Österreich - [ Translate this page ] Herzlich willkommen bei Miele Österreich Wenn Sie nicht automatisch weitergeleitet werden, klicken Sie bitte hier! HAUSHALTSGERÄTE ... www.miele.at/ - 3k - Cached - Similar pages Sponsored Links CG Appliance Express Discount Appliances (650) 756-3931 Same Day Certified Installation www.cgappliance.com San Francisco-Oakland-San Jose, CA Miele Vacuum Cleaners Miele Vacuums- Complete Selection Free Shipping! www.vacuums.com Miele Vacuum Cleaners Miele-Free Air shipping! All models. Helpful advice. www.best-vacuum.com Web spider Indexer Indexes Search User
  • 9. Web Security • Many sensitive tasks are done through web – Online banking, online shopping – Database access – System administration • Web applications and web users are targets of many attacks – Cross site scripting – SQL injection – Cross site request forgery – Information leakage – Session hijacking
  • 10. Web Browser and Network Browser Network • Browser sends requests • Web site sends response pages, which may include code • Interaction susceptible to network attacks OS Hardware Web site request reply
  • 11. Web Security Issues • Secure communications between client & server – HTTPS (HTTP over SSL) • User authentication & session management – Cookies & other methods • Active contents from different websites – Protecting resources maintained by browsers • Web application security • Web site authentication (e.g., anti-phishing) • Privacy concerns
  • 12. Effect of the Attack • Attacker can execute arbitrary scripts in browser • Can manipulate any DOM component on victim.com – Control links on page – Control form fields (e.g. password field) on this page and linked pages. • Can infect other users: MySpace.com worm.
  • 13. • More Web Security Issues – SQL injection – Side channel information leakage – Driveby downloads – Browser extension security – Cookie privacy issues
  • 14. Web Applications Breach the Perimeter Internet DMZ Trusted Inside Corporate Inside HTTP(S) Allows HTTP port 80 Allows HTTPS port 443 Firewall only allows applications on the web server to talk to application server. Firewall only allows application server to talk to database server. IIS SunOne Apache ASP .NET WebSphere Java SQL Oracle DB2 Browser
  • 15. • Technical Vulnerabilities – Result of insecure programming techniques – Mitigation requires code changes – Detectable by scanners • Logical Vulnerabilities – Result of insecure program logic – Most often to due to poor decisions regarding trust – Mitigation often requires design/architecture changes – Detection often requires humans to understand the context Web Application Vulnerabilities
  • 16. How to Secure Web Applications • Incorporate security into the lifecycle – Apply information security principles to all software development efforts • Educate – Issue awareness, Training, etc…
  • 17. How to Secure Web Applications • Incorporating security into lifecycle – Integrate security into application requirements – Including information security professionals in software architecture/design review – Security APIs & libraries (e.g. ESAPI, Validator, etc.) when possible – Threat modeling – Web application vulnerability assessment tools