Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword or section
Like this
1Activity
P. 1
Bursztein CS 155 - Basic Web Security Model

Bursztein CS 155 - Basic Web Security Model

Ratings: (0)|Views: 143 |Likes:
Published by rlacombe

More info:

Published by: rlacombe on Aug 07, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

10/29/2011

pdf

text

original

 
Basic web security model
Elie Bursztein CS155
 
 Vulnerability Stats: web is “winning” 
Source: MITRE CVE trends
Majority of vulnerabilities now found in web software
 
Web security: two sides
Web browser: (client side)
 
 Attacks target browser security weaknesses
 
Result in:
 
Malware installation (keyloggers, bot-nets)
 
Document theft from corporate network 
 
Loss of private data
Web application code: (server side)
 
Runs at web site: banks, e-merchants, blogs
 
Written in PHP, ASP, JSP, Ruby,
 
Many potential bugs: XSS, XSRF, SQL injection
 
 Attacks lead to stolen CC#, defaced sites.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->