Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword or section
Like this
P. 1
Bursztein CS 155 - Basic Web Security Model

Bursztein CS 155 - Basic Web Security Model

Ratings: (0)|Views: 143|Likes:
Published by rlacombe

More info:

Published by: rlacombe on Aug 07, 2010
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





Basic web security model
Elie Bursztein CS155
 Vulnerability Stats: web is “winning” 
Source: MITRE CVE trends
Majority of vulnerabilities now found in web software
Web security: two sides
Web browser: (client side)
 Attacks target browser security weaknesses
Result in:
Malware installation (keyloggers, bot-nets)
Document theft from corporate network 
Loss of private data
Web application code: (server side)
Runs at web site: banks, e-merchants, blogs
Written in PHP, ASP, JSP, Ruby,
Many potential bugs: XSS, XSRF, SQL injection
 Attacks lead to stolen CC#, defaced sites.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->