2. Overview Of Web Security
Web (WWW or world wide web)
Web Server
Web Browsers
Web Security
3. Definitions
Web
The world wide web (WWW) is an interconnection of
networks of computer systems that provides information
and services to users of the web .
Computer systems in this interconnection of networks
that provide services and information to other computer
systems are called Web Servers
Web Servers
4. Definitions (continue)
Computer systems that request services and infomation
are call Web Browsers
Web Browsers
Web security is a set of procedures , practices , and
technologies for protecting web servers, web browser
and their surrounding organizations.
Web Security
6. Web Security
From the server's perspective
Legitimate
Responsible
From the perspective of both the server and the user
They have an expectation that their communications
will be free from eavesdropping and reliable in terms
that their transmissions will not be modified by a third
party
7. Web Site Attacks (Threats)
I. Attacks on Web Site Information
A. Integrity of Information Attacks
1.Threats
a. Modification of user data
b. Modification of message traffic in transit
2. Consequences
a. Loss of information
b. Vulnerability to all other threats
3. Countermeasures
- cryptographic checksums
8. Web Site Attacks (Threats)
B. Confidentiality of Information Attacks
1. Threats
a. Eavesdropping on the Net
b. Theft of info from server
c. Theft of data from client
d. Info about network configuration
e. Info about which client talks to server
2 . Consequences
a. Loss of information
b. Loss of privacy
9. 3. Countermeasures
a. Encryption
b. Web proxies
II. Attacks on Web Site Accessibility
A. Denial of Service Attacks
1.Threats
a. Flooding of machine with bogus requests
b. Isolating machine by DNS attacks
2.Consequences
a. Disruptive
b. Annoying
c. Prevent user from getting work done
10. B. Authentication Attacks
1. Threats
a. Impersonation of legitimate user
b. Data forgery
2. Consequences
a. Misrepresentation of user
b. Belief that false information is valid
3. Countermeasures
- cryptographic techniques
3. Countermeasures
- difficult to prevent
13. Attacks on Authentication
1
Brute Force Attack
Automated process of trial and error used to guess a
person's username, password, credit-card number or
cryptographic key
14. Insufficient Authentication
Occurs when a web site permits an attacker to access
sensitive content or functionality without having to
properly authenticate.
Attacks on Authentication
1
15. Weak Password Recovery Validation
Occurs when a web site permits attacker to illegally
obtain, change or recover another user’s password.
Attacks on Authentication
1
16. Attacks on Authorization
Attacks that target a web site's method of determining
if a user, service, or application has the necessary
permissions to perform a requested action
2
17. Attacks on Authorization
Credential/Session Prediction
A method of hijacking or impersonating a web site user
guessing the unique value that identifies a particular
session or user
2
18. Insufficient Authorization
Occurs when a web site permits access to sensitive
content or functionality that should require increased
access control restrictions.
Attacks on Authorization
2
20. Client-side Attacks
Content Spoofing
An attack technique used to trick a user into believing
that certain content appearing on a web site is legitimate
and not from an external source.
http://foo.example/page?frame_src=http://foo.example/file.html.
An attacker may be able to replace the “frame_src” parameter value with
“frame_src=http://attacker.example/spoof.html”
The browser location bar visibly remains under the user expected domain( foo.example).
3
21. Cross-Site Scripting
An attack technique that forces a web site to echo
attacker-supplied executable code, which loads in a
user’s browser
Client-side Attacks
3
22. Command Execution
Covers attacks designed to execute remote commands
on the web site. All web sites utilize user-supplied
input to fulfill requests
4
23. Command Execution
SQL Injection
An attack technique used to exploit web sites that
construct SQL statements from user-supplied input.
Executing the following request to a web site:
http://example/article.asp?ID=2+and+1=1
should return the same web page as:
http://example/article.asp?ID=2
because the SQL statement 'and 1=1' is always true.
Executing the following request to a web site:
http://example/article.asp?ID=2+and+1=0
4
24. SSI Injection
SSI Injection (Server-side Include) is a server-side
exploit technique that allows an attacker to send code
into a web application
Command Execution
4