OMOS: A Framework for Secure Communication in Mashup Applications
|
|
- Margery Doyle
- 5 years ago
- Views:
Transcription
1 : A Framework for in Mashup Applications Saman Zarandioon Danfeng (Daphne) Yao Vinod Ganapathy Department of Computer Science Rutgers University Piscataway, NJ {samanz,danfeng,vinodg}@cs.rutgers.edu December 2008 OpenMashupOS.com ACSAC / 11
2 Mashups Mashups Architecture Security in client-side services What is a Mashup application? OpenMashupOS.com ACSAC / 11
3 Mashups Mashups Architecture Security in client-side services What is a Mashup application? Seamlessly combine contents from multiple heterogeneous data sources. Overal goal: more integrated and convenient end-user experience. Becoming very popular - Web 2.0 OpenMashupOS.com ACSAC / 11
4 Mashups Mashups Architecture Security in client-side services What is a Mashup application? My favorite mashup website Zillow! OpenMashupOS.com ACSAC / 11
5 Mashups Mashups Architecture Security in client-side services OpenMashupOS.com ACSAC / 11
6 Mashups Mashups Architecture Security in client-side services OpenMashupOS.com ACSAC / 11
7 Mashups Mashups Architecture Security in client-side services OpenMashupOS.com ACSAC / 11
8 Mashups Mashups Architecture Security in client-side services OpenMashupOS.com ACSAC / 11
9 Mashups Mashups Architecture Security in client-side services What is a Mashup application? My favorite mashup website Zillow! Web desktop (webtop) (e.g. eyeos, DesktopTwo, G.ho.st, Netvibes, and Online OS). OpenMashupOS.com ACSAC / 11
10 Mashups Mashups Architecture Security in client-side services OpenMashupOS.com ACSAC / 11
11 Architecture Mashups Architecture Security in client-side services Ways that service providers can expose their services: Server-side services OpenMashupOS.com ACSAC / 11
12 Architecture Mashups Architecture Security in client-side services Ways that service providers can expose their services: Server-side services OpenMashupOS.com ACSAC / 11
13 Architecture Mashups Architecture Security in client-side services Ways that service providers can expose their services: Server-side services Client-side services OpenMashupOS.com ACSAC / 11
14 Architecture Mashups Architecture Security in client-side services Ways that service providers can expose their services: Server-side services Client-side services User is involved; AJAX-oriented; More responsive/efficient OpenMashupOS.com ACSAC / 11
15 Security in client-side services Mashups Architecture Security in client-side services Service providers use ad-hoc non-secure methods. OpenMashupOS.com ACSAC / 11
16 Security in client-side services Mashups Architecture Security in client-side services Service providers use ad-hoc non-secure methods. Consumers need to trust service providers: Not suitable when dealing with sensitive personal data. OpenMashupOS.com ACSAC / 11
17 Security in client-side services Mashups Architecture Security in client-side services Service providers use ad-hoc non-secure methods. Consumers need to trust service providers: Not suitable when dealing with sensitive personal data. HTML, JavaScript and browsers are not designed to support client-side communication. OpenMashupOS.com ACSAC / 11
18 Security in client-side services Mashups Architecture Security in client-side services Service providers use ad-hoc non-secure methods. Consumers need to trust service providers: Not suitable when dealing with sensitive personal data. HTML, JavaScript and browsers are not designed to support client-side communication. Trade-Off Between Usability and Security: All or Nothing, Complete isolation vs. complete exposure. OpenMashupOS.com ACSAC / 11
19 Security in client-side services Mashups Architecture Security in client-side services Service providers use ad-hoc non-secure methods. Consumers need to trust service providers: Not suitable when dealing with sensitive personal data. HTML, JavaScript and browsers are not designed to support client-side communication. Trade-Off Between Usability and Security: All or Nothing, Complete isolation vs. complete exposure. OpenMashupOS.com ACSAC / 11
20 OpenMashupOS () is a mashup framework that is designed to support secure client-side services. OpenMashupOS.com ACSAC / 11
21 OpenMashupOS () is a mashup framework that is designed to support secure client-side services. Design Goals: OpenMashupOS.com ACSAC / 11
22 OpenMashupOS () is a mashup framework that is designed to support secure client-side services. Design Goals: To be compatible with all major browsers without any change or extension to the browsers. OpenMashupOS.com ACSAC / 11
23 OpenMashupOS () is a mashup framework that is designed to support secure client-side services. Design Goals: To be compatible with all major browsers without any change or extension to the browsers. To provide a powerful abstraction that is flexible and easy to understand and use by mashup developers. OpenMashupOS.com ACSAC / 11
24 OpenMashupOS () is a mashup framework that is designed to support secure client-side services. Design Goals: To be compatible with all major browsers without any change or extension to the browsers. To provide a powerful abstraction that is flexible and easy to understand and use by mashup developers. To guarantee mutual authentication, data confidentiality, and message integrity for communication between service provider and consumer. OpenMashupOS.com ACSAC / 11
25 OpenMashupOS () is a mashup framework that is designed to support secure client-side services. Design Goals: To be compatible with all major browsers without any change or extension to the browsers. To provide a powerful abstraction that is flexible and easy to understand and use by mashup developers. To guarantee mutual authentication, data confidentiality, and message integrity for communication between service provider and consumer. OpenMashupOS.com ACSAC / 11
26 is a client side component that runs in the browser under the privilege of the principal that is defined by the domain name of the server that hosts the mashlet. OpenMashupOS.com ACSAC / 11
27 is a client side component that runs in the browser under the privilege of the principal that is defined by the domain name of the server that hosts the mashlet. s should be able to communicate securely on the client side, meaning that the communication protocol guarantees: OpenMashupOS.com ACSAC / 11
28 is a client side component that runs in the browser under the privilege of the principal that is defined by the domain name of the server that hosts the mashlet. s should be able to communicate securely on the client side, meaning that the communication protocol guarantees: Mutual Authentication Confidentiality Message Integrity OpenMashupOS.com ACSAC / 11
29 is a client side component that runs in the browser under the privilege of the principal that is defined by the domain name of the server that hosts the mashlet. s should be able to communicate securely on the client side, meaning that the communication protocol guarantees: Mutual Authentication Confidentiality Message Integrity OpenMashupOS.com ACSAC / 11
30 is a client side component that runs in the browser under the privilege of the principal that is defined by the domain name of the server that hosts the mashlet. s should be able to communicate securely on the client side, meaning that the communication protocol guarantees: Mutual Authentication Confidentiality Message Integrity OpenMashupOS.com ACSAC / 11
31 Using API, mashlets can communicate with their siblings and parents. OpenMashupOS.com ACSAC / 11
32 Security of communication protocol relies on Same Origin Policy (SOP): Protects confidentiality of domains against each other. (DOM elements, events, cookies,...) URL property of an iframe is write-only. Partial change of URL is not allowed. OpenMashupOS.com ACSAC / 11
33 OpenMashupOS.com ACSAC / 11
34 OpenMashupOS.com ACSAC / 11
35 OpenMashupOS.com ACSAC / 11
36 OpenMashupOS.com ACSAC / 11
37 OpenMashupOS.com ACSAC / 11
38 OpenMashupOS.com ACSAC / 11
39 Key exchange protocol: OpenMashupOS.com ACSAC / 11
40 Key exchange protocol: OpenMashupOS.com ACSAC / 11
41 Key exchange protocol: OpenMashupOS.com ACSAC / 11
42 Key exchange protocol: OpenMashupOS.com ACSAC / 11
43 Key exchange protocol: OpenMashupOS.com ACSAC / 11
44 Key exchange protocol: OpenMashupOS.com ACSAC / 11
45 Key exchange protocol: OpenMashupOS.com ACSAC / 11
46 Each layer hides complex implementation details of communication in lower layers. OpenMashupOS.com ACSAC / 11
47 3-way Handshake OpenMashupOS.com ACSAC / 11
48 3-way Handshake OpenMashupOS.com ACSAC / 11
49 3-way Handshake OpenMashupOS.com ACSAC / 11
50 3-way Handshake OpenMashupOS.com ACSAC / 11
51 OpenMashupOS.com ACSAC / 11
52 Versatile asyncrequest: mashlet-to-mashlet, same-domain & cross-domain mashlet-to-server communication. OpenMashupOS.com ACSAC / 11
53 Results Results OpenMashupOS.com ACSAC / 11
54 Results Results OpenMashupOS.com ACSAC / 11
Web Architecture Review Sheet
Erik Wilde (School of Information, UC Berkeley) INFO 190-02 (CCN 42509) Spring 2009 May 11, 2009 Available at http://dret.net/lectures/web-spring09/ Contents 1 Introduction 2 1.1 Setup.................................................
More informationSecurity for Web2.0 application scenarios: Exposures, Issues and Challenges
Security for Web2.0 application scenarios: Exposures, Issues and Challenges Sumeer Bhola, Suresh Chari, Michael Steiner Storyboard for motivation slides Setup: Security-consicous developer on drawing board
More informationA Server- and Browser-Transparent CSRF Defense for Web 2.0 Applications
A Server- and Browser-Transparent CSRF Defense for Web 2.0 Applications Riccardo Pelizzi System Security Lab Department of Computer Science Stony Brook University December 8, 2011 1 / 18 Riccardo Pelizzi
More informationThe Multi-Principal OS Construction of the Gazelle Web Browser. Helen J. Wang, Chris Grier, Alex Moshchuk, Sam King, Piali Choudhury, Herman Venter
The Multi-Principal OS Construction of the Gazelle Web Browser Helen J. Wang, Chris Grier, Alex Moshchuk, Sam King, Piali Choudhury, Herman Venter Browser as an application platform Single stop for many
More informationIs Browsing Safe? Web Browser Security. Subverting the Browser. Browser Security Model. XSS / Script Injection. 1. XSS / Script Injection
Is Browsing Safe? Web Browser Security Charlie Reis Guest Lecture - CSE 490K - 5/24/2007 Send Spam Search Results Change Address? Install Malware Web Mail Movie Rentals 2 Browser Security Model Pages are
More informationWeb Security. advanced topics on SOP. Yan Huang. Credits: slides adapted from Stanford and Cornell Tech
Web Security advanced topics on SOP Yan Huang Credits: slides adapted from Stanford and Cornell Tech Same Origin Policy protocol://domain:port/path?params Same Origin Policy (SOP) for DOM: Origin A can
More informationWeb 2.0 Käyttöliittymätekniikat
Web 2.0 Käyttöliittymätekniikat ELKOM 07 Sami Ekblad Projektipäällikkö Oy IT Mill Ltd What is Web 2.0? Social side: user generated contents: comments, opinions, images, users own the data The Long Tail:
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationWeb 2.0: Concepts And Applications (Desktop App Programming) By Mark Frydenberg, Gary B. Shelly
Web 2.0: Concepts And Applications (Desktop App Programming) By Mark Frydenberg, Gary B. Shelly 2.7 Newer Web 2.0 services and applications. 12 manifestations of ongoing Web technology development. In
More informationWorldNow Producer. Requirements Set-up
WorldNow Producer Requirements Set-up Table of Contents Introduction... 3 1. System Requirements... 3 2. Set-up Producer URL as a 'Trusted Site' (Internet Explorer only)... 4 3. Enable JavaScript in your
More informationFull Stack Web Developer
Full Stack Web Developer S.NO Technologies 1 HTML5 &CSS3 2 JavaScript, Object Oriented JavaScript& jquery 3 PHP&MYSQL Objective: Understand the importance of the web as a medium of communication. Understand
More informationWeb basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh February 11, 2016 1 / 27 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
More informationInformation Security CS 526 Topic 8
Information Security CS 526 Topic 8 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
More informationHow is state managed in HTTP sessions. Web basics: HTTP cookies. Hidden fields (2) The principle. Disadvantage of this approach
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh March 30, 2015 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the server sends
More informationProtecting Users by Confining JavaScript with COWL
Protecting Users by Confining JavaScript with COWL Deian Stefan, Edward Z. Yang, Petr Marchenko, Alejandro Russo, Dave Herman, Brad Karp, David Mazières The Web No longer just a way of publishing static
More informationWeb Client Architecture Guide
Web Client Architecture Guide Intended Audience This document was created to review the basic architecture. The author(s) assume that the reader is an experienced software developer or architect who has
More informationCOURSE OUTLINE MOC 20480: PROGRAMMING IN HTML5 WITH JAVASCRIPT AND CSS3
COURSE OUTLINE MOC 20480: PROGRAMMING IN HTML5 WITH JAVASCRIPT AND CSS3 MODULE 1: OVERVIEW OF HTML AND CSS This module provides an overview of HTML and CSS, and describes how to use Visual Studio 2012
More informationOctober 08: Introduction to Web Security
October 08: Introduction to Web Security Scribe: Rohan Padhye October 8, 2015 Web security is an important topic because web applications are particularly hard to secure, and are one of the most vulnerable/buggy
More informationDESIGN OF WEB SERVICE SINGLE SIGN-ON BASED ON TICKET AND ASSERTION
DESIGN OF WEB SERVICE SINGLE SIGN-ON BASED ON TICKET AND ASSERTION Abstract: 1 K.Maithili, 2 R.Ruhin Kouser, 3 K.Suganya, 1,2,3 Assistant Professor, Department of Computer Science Engineering Kingston
More informationChrome Extension Security Architecture
Chrome Extension Security Architecture Presenter: Jienan Liu Network, Intelligence & security Lab outline Chrome extension introduction Threats towards extension Chrome extension s security architecture
More informationWEB SECURITY: XSS & CSRF
WEB SECURITY: XSS & CSRF CMSC 414 FEB 22 2018 Cross-Site Request Forgery (CSRF) URLs with side-effects http://bank.com/transfer.cgi?amt=9999&to=attacker GET requests should have no side-effects, but often
More informationWeb basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh November 20, 2017 1 / 32 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
More informationConfiguring Anonymous Access to Analysis Files in TIBCO Spotfire 7.5
Configuring Anonymous Access to Analysis Files in TIBCO Spotfire 7.5 Introduction Use Cases for Anonymous Authentication Anonymous Authentication in TIBCO Spotfire 7.5 Enabling Anonymous Authentication
More informationCIS 4360 Secure Computer Systems XSS
CIS 4360 Secure Computer Systems XSS Professor Qiang Zeng Spring 2017 Some slides are adapted from the web pages by Kallin and Valbuena Previous Class Two important criteria to evaluate an Intrusion Detection
More informationQuanTM Architecture for Web Services
QuanTM Architecture for Web Services Insup Lee Computer and Information Science University of Pennsylvania ONR MURI N00014-07-1-0907 Review Meeting June 10, 2010 QuanTM Architecture 6/10/2010 QuanTM for
More informationMobility meets Web. Al Johri & David Elutilo
Mobility meets Web Al Johri & David Elutilo Origin-Based Access Control in Hybrid Application Frameworks Outline 1. Introduction Hybrid Apps & Frameworks 2. Security Models 3. Bridges 4. Fracking 5. Existing
More informationTechnical Readiness Requirements
Technical Readiness Requirements CITY UNIVERSITY OF NEW YORK ERP PROJECT Author: Document Name: Document Revision Version: 4.2 Andrew H. Waxman IT Systems Manager, CUNYFirst Production Support Document
More informationExtending the Web Security Model with Information Flow Control
Extending the Web Security Model with Information Flow Control Deian Stefan Advised by David Herman Motivation: 3rd party libraries Password-strength checker Desired security policy: Password is not leaked
More informationBrowser code isolation
CS 155 Spring 2016 Browser code isolation John Mitchell Acknowledgments: Lecture slides are from the Computer Security course taught by Dan Boneh and John Mitchell at Stanford University. When slides are
More informationAJAX: Rich Internet Applications
AJAX: Rich Internet Applications Web Programming Uta Priss ZELL, Ostfalia University 2013 Web Programming AJAX Slide 1/27 Outline Rich Internet Applications AJAX AJAX example Conclusion More AJAX Search
More informationSMash: Secure Cross-Domain Mashups on Unmodified Browsers. Frederik De Keukelaere, Sumeer Bhola, Michael Steiner, Suresh Chari, Sachiko Yoshihama
RT0742 Computer Science; Security 16 pages Research Report June 11, 2007 SMash: Secure Cross-Domain Mashups on Unmodified Browsers Frederik De Keukelaere, Sumeer Bhola, Michael Steiner, Suresh Chari, Sachiko
More informationComputer Security CS 426 Lecture 41
Computer Security CS 426 Lecture 41 StuxNet, Cross Site Scripting & Cross Site Request Forgery CS426 Fall 2010/Lecture 36 1 StuxNet: Overview Windows-based Worm First reported in June 2010, the general
More informationOpenAjax Hub 1.1 & SMash (Secure Mashups)
OpenAjax Hub 1.1 & SMash (Secure Mashups) Jon Ferraiolo and Sumeer Bhola IBM March 19, 2008 Agenda Mash Up Recap Introducing OpenAjax Alliance OpenAjax Hub1.0 OpenAjax Hub 1.1 (and SMash) OpenAjax Hub
More informationWHY CSRF WORKS. Implicit authentication by Web browsers
WHY CSRF WORKS To explain the root causes of, and solutions to CSRF attacks, I need to share with you the two broad types of authentication mechanisms used by Web applications: 1. Implicit authentication
More informationOAuth 2 and Native Apps
OAuth 2 and Native Apps Flows While all OAuth 2 flows can be used by native apps, only the user delegation flows will be considered in this document: Web Server, User-Agent and Device flows. The Web Server
More informationMatch the attack to its description:
Match the attack to its description: 8 7 5 6 4 2 3 1 Attacks: Using Components with Known Vulnerabilities Missing Function Level Access Control Sensitive Data Exposure Security Misconfiguration Insecure
More informationVirtual machines (e.g., VMware)
Case studies : Introduction to operating systems principles Abstraction Management of shared resources Indirection Concurrency Atomicity Protection Naming Security Reliability Scheduling Fairness Performance
More informationANGULARJS - MOCK TEST ANGULARJS MOCK TEST II
http://www.tutorialspoint.com ANGULARJS - MOCK TEST Copyright tutorialspoint.com This section presents you various set of Mock Tests related to AngularJS Framework. You can download these sample mock tests
More informationImplementing Security for ArcGIS Server Java Solutions
Implementing Security for ArcGIS Server Java Solutions Shreyas Shinde Jay Theodore ESRI Developer Summit 2008 1 Schedule 75 minute session 60 65 minute lecture 10 15 minutes Q & A following the lecture
More informations642 web security computer security adam everspaugh
adam everspaugh ace@cs.wisc.edu s642 computer security web security today Authentication cookies + session hijacking Browser security model, frame policies Cross-site request forgery Announcement: No class
More informationEnterprise Software Architecture & Design
Enterprise Software Architecture & Design Characteristics Servers application server, web server, proxy servers etc. Clients heterogeneous users, business partners (B2B) scale large number of clients distributed
More informationOrigin Policy Enforcement in Modern Browsers
Origin Policy Enforcement in Modern Browsers A Case Study in Same Origin Implementations Frederik Braun Frederik Braun (Ruhr-Uni Bochum/Mozilla) Origin Policy Enforcement June 21, 2013 1 / 32 Table of
More informationSecure Architecture Principles
Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Original slides were created by Prof. John Mitchel 1 Secure
More informationCSE 484 / CSE M 584: Computer Security and Privacy. Web Security. Autumn Tadayoshi (Yoshi) Kohno
CSE 484 / CSE M 584: Computer Security and Privacy Web Security Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Ada Lerner, John Manferdelli,
More informationEnabling Web 2.0 User Experience for E-Business Suite. Padmaprabodh Ambale, Gustavo Jimenez Development Managers, Applications Technology Group
Enabling Web 2.0 User Experience for E-Business Suite Padmaprabodh Ambale, Gustavo Jimenez Development Managers, Applications Technology Group The following is intended to outline our general product direction.
More informationCopyright is owned by the Author of the thesis. Permission is given for a copy to be downloaded by an individual for the purpose of research and
Copyright is owned by the Author of the thesis. Permission is given for a copy to be downloaded by an individual for the purpose of research and private study only. The thesis may not be reproduced elsewhere
More informationPrivacy-aware Identity Management for Client-side Mashup Applications
Privacy-aware Identity Management for Client-side Mashup Applications Saman Zarandioon, Danfeng Yao, and Vinod Ganapathy Department of Computer Science, Rutgers University Piscataway, NJ 08854 samanz@cs.rutgers.edu,
More informationFIREFLY ARCHITECTURE: CO-BROWSING AT SCALE FOR THE ENTERPRISE
FIREFLY ARCHITECTURE: CO-BROWSING AT SCALE FOR THE ENTERPRISE Table of Contents Introduction... 2 Architecture Overview... 2 Supported Browser Versions and Technologies... 3 Firewalls and Login Sessions...
More informationDeploying to the Edge CouchDB
Deploying to the Edge CouchDB Apache Relax Who s Talking? J Chris Anderson / jchris@apache.org / @jchris PHP -> Rails -> JSON -> CouchDB Director, couch.io And You? Web developers? JavaScript coders? CouchDB
More informationThe Most Dangerous Code in the Browser. Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan
The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Modern web experience Modern web experience Modern web experience Web apps Extensions NYTimes Chase AdBlock
More informationApplication Security Introduction. Tara Gu IBM Product Security Incident Response Team
Application Security Introduction Tara Gu IBM Product Security Incident Response Team About Me - Tara Gu - tara.weiqing@gmail.com - Duke B.S.E Biomedical Engineering - Duke M.Eng Computer Engineering -
More informationWeb 2.0 and AJAX Security. OWASP Montgomery. August 21 st, 2007
Web 2.0 and AJAX Security OWASP Montgomery August 21 st, 2007 Overview Introduction Definition of Web 2.0 Basics of AJAX Attack Vectors for AJAX Applications AJAX and Application Security Conclusions 1
More informationBest Practices Chapter 5
Best Practices Chapter 5 Chapter 5 CHRIS HOY 12/11/2015 COMW-283 Chapter 5 The DOM and BOM The BOM stand for the Browser Object Model, it s also the client-side of the web hierarchy. It is made up of a
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationHelsinki University of Technology Department of Media Technology T Seminar on Multimedia Spring 2008.
Helsinki University of Technology 11.04.2008 Department of Media Technology T-111.5550 Seminar on Multimedia Spring 2008 Mashup Security Jyrki Hakkola 67799J Mashup Security Jyrki Hakkola HUT, Department
More informationClient 2. Authentication 5
Pipeline Pilot Web Port Support Guide April 2011 Contents Requirements 2 Requirements 2 Server 2 Client 2 Web Port Access 3 Authentication 5 Introduction Pipeline Pilot Web Port is a web-based application
More informationRethinking Web Platform Extensibility. Mohan Dhawan Rutgers University
Rethinking Web Platform Extensibility Mohan Dhawan Rutgers University Gateway to the World Wide Web March 13, 2013 Mohan Dhawan 2 Gateway to Web the Browser World Wide Web March 13, 2013 Mohan Dhawan 2
More informationSome Facts Web 2.0/Ajax Security
/publications/notes_and_slides Some Facts Web 2.0/Ajax Security Allen I. Holub Holub Associates allen@holub.com Hackers attack bugs. The more complex the system, the more bugs it will have. The entire
More informationTIBCO LiveView Web Getting Started Guide
TIBCO LiveView Web Getting Started Guide Contents Introduction... 1 Prerequisites... 1 Installation... 2 Installation Overview... 2 Downloading and Installing for Windows... 3 Downloading and Installing
More informationInformation Security CS 526 Topic 11
Information Security CS 526 Topic 11 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
More informationMobile Access Guide Using WhatsUp Gold Mobile Access
Mobile Access Guide Using WhatsUp Gold Mobile Access Contents CHAPTER 1 Using WhatsUp Gold Mobile Access Managing WhatsUp Gold Mobile Access... 1 Accessing WhatsUp Gold from a mobile device... 2 CHAPTER
More informationStop sweating the password and learn to love public key cryptography. Chris Streeks Solutions Engineer, Yubico
1 Stop sweating the password and learn to love public key cryptography Chris Streeks Solutions Engineer, Yubico Stop Sweating the Password! 2 Agenda Introduction The modern state of Phishing How to become
More informationSAP API Management Cloud Connector PUBLIC
SAP API Management Cloud Connector PUBLIC Objectives After completing this unit, you will be able to: - Understand Cloud connector and its value proposition - Call an API accessible through Cloud Connector
More informationEPHP a tool for learning the basics of PHP development. Nick Whitelegg School of Media Arts and Technology Southampton Solent University
EPHP a tool for learning the basics of PHP development Nick Whitelegg School of Media Arts and Technology Southampton Solent University My background Lecturer at Southampton Solent University since 2003
More informationEtanova Enterprise Solutions
Etanova Enterprise Solutions Front End Development» 2018-09-23 http://www.etanova.com/technologies/front-end-development Contents HTML 5... 6 Rich Internet Applications... 6 Web Browser Hardware Acceleration...
More informationEnabling VMware Remote Console
This chapter contains the following sections: VMware Remote Console (VMRC), page 1 Enabling VMRC, page 2 Using Catalogs for Enabling VMRC, page 3 Enabling VM Options for VMRC Console Access, page 4 Launching
More information5.1 Configuring Authentication, Authorization, and Impersonation. 5.2 Configuring Projects, Solutions, and Reference Assemblies
LESSON 5 5.1 Configuring Authentication, Authorization, and Impersonation 5.2 Configuring Projects, Solutions, and Reference Assemblies 5.3 Publish Web Applications 5.4 Understand Application Pools MTA
More informationSecure Architecture Principles
CS 155 Spring 2016 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Acknowledgments: Lecture slides are from
More informationUsing the vrealize Orchestrator Operations Client. vrealize Orchestrator 7.5
Using the vrealize Orchestrator Operations Client vrealize Orchestrator 7.5 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments
More informationEradicating DNS Rebinding with the Extended Same-Origin Policy
Eradicating DNS Rebinding with the Extended Same-Origin Policy Martin Johns, Sebastian Lekies and Ben Stock USENIX Security August 16th, 2013 Agenda DNS Rebinding The basic attack History repeating HTML5
More informationPHP & PHP++ Curriculum
PHP & PHP++ Curriculum CORE PHP How PHP Works The php.ini File Basic PHP Syntax PHP Tags PHP Statements and Whitespace Comments PHP Functions Variables Variable Types Variable Names (Identifiers) Type
More informationInstalling VS Code. Instructions for the Window OS.
Installing VS Code Instructions for the Window OS. VS Code is a free text editor created by Microsoft. It is a lightweight version of their commercial product, Visual Studio. It runs on Microsoft Windows,
More informationSecurity and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web
Security and Privacy SWE 432, Fall 2016 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Privacy For further reading: https://www.owasp.org/index.php/
More informationOrgChart Now WordPress Org Chart Links. OfficeWork Software LLC
OrgChart Now WordPress Org Chart Links OfficeWork Software LLC Version 1.0.0 December 4, 2015 Introduction OrgChart Now charts can be embedded directly into your WordPress Site. This document details how
More informationAuthentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1
Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1 CIA Triad Confidentiality Prevent disclosure of information to unauthorized parties Integrity Detect data tampering Availability
More informationRelease Presentation. ODS Web Services Version Open Data Services Via Web Services. Release Date: 2014/09/30
Release Presentation ODS Web Services Version 1.1.1 Open Data Services Via Web Services Release Date: 2014/09/30 Deliverables The document represents a companion standard recommendation for interacting
More informationComputer Security 3e. Dieter Gollmann. Chapter 18: 1
Computer Security 3e Dieter Gollmann www.wiley.com/college/gollmann Chapter 18: 1 Chapter 18: Web Security Chapter 18: 2 Web 1.0 browser HTTP request HTML + CSS data web server backend systems Chapter
More informationLECT 8 WEB SECURITY BROWSER SECURITY. Repetition Lect 7. WEB Security
Repetition Lect 7 LECT 8 WEB SECURITY Access control Runtime protection Trusted computing Java as basic model for signed code Trusted Computing Group TPM ARM TrustZone Mobile Network security GSM security
More informationFirefox OS App Days. Overview and High Level Architecture. Author: José M. Cantera Last update: March 2013 TELEFÓNICA I+D
Firefox OS App Days Overview and High Level Architecture Author: José M. Cantera (@jmcantera) Last update: March 2013 TELEFÓNICA I+D 1 Introduction What is Firefox OS? A new mobile open OS fully based
More informationWeb Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationWhatsUp Gold 2016 Mobile Access
WhatsUp Gold 2016 Mobile Access Contents Using Managing WhatsUp Gold mobile access... 1 Accessing WhatsUp Gold from a mobile device... 1 Learning about About... 5 Mobile Access supported browsers... 5
More informationSecurity. SWE 432, Fall 2017 Design and Implementation of Software for the Web
Security SWE 432, Fall 2017 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Authorization oauth 2 Security Why is it important? Users data is
More informationWeb Security 2 https://www.xkcd.com/177/ http://xkcd.com/1323/ Encryption basics Plaintext message key secret Encryp)on Func)on Ciphertext Insecure network Decryp)on Func)on Curses! Foiled again! key Plaintext
More informationPassKey Manager Guide
PassKey Manager Guide Blackboard Web Community Manager Trademark Notice Blackboard, the Blackboard logos, and the unique trade dress of Blackboard are the trademarks, service marks, trade dress and logos
More informationIronWASP (Iron Web application Advanced Security testing Platform)
IronWASP (Iron Web application Advanced Security testing Platform) 1. Introduction: IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability
More information<Insert Picture Here> JavaFX 2.0
1 JavaFX 2.0 Dr. Stefan Schneider Chief Technologist ISV Engineering The following is intended to outline our general product direction. It is intended for information purposes only,
More informationCookie Security. Myths and Misconceptions. David Johansson OWASP London 30 Nov. 2017
Cookie Security Myths and Misconceptions David Johansson OWASP London 30 Nov. 2017 About Me David Johansson (@securitybits) Security consultant with 10 years in AppSec Helping clients design and build
More informationSticky Notes for Cognos Analytics by Tech Data BSP Software
Sticky Notes for Cognos Analytics by Tech Data BSP Software Installation Guide Sticky Notes for Cognos Analytics is an easy to install extension that allows report authors to record notes directly from
More informationPortal Recipient Guide. The Signature Approval Process
Portal Recipient Guide The Signature Approval Process Contents 1 Introduction... 3 2 Account Activation... 3 3 Document Signing... Error! Bookmark not defined. 4 Authenticating your Device & Browser...
More informationBrowser Security Guarantees through Formal Shim Verification
Browser Security Guarantees through Formal Shim Verification Dongseok Jang Zachary Tatlock Sorin Lerner UC San Diego Browsers: Critical Infrastructure Ubiquitous: many platforms, sensitive apps Vulnerable:
More informationUr/Web: A Simple Model for Programming the Web. Adam Chlipala MIT CSAIL POPL 2015 January 15, 2015
Ur/Web: A Simple Model for Programming the Web Adam Chlipala MIT CSAIL POPL 2015 January 15, 2015 Ur / Web Ur A new general-purpose typed functional language λ Web Tools for implementing modern three-tier
More informationEnterprise Web based Software Architecture & Design
IMPORTANT NOTICE TO STUDENTS These slides are NOT to be used as a replacement for student notes. These slides are sometimes vague and incomplete on purpose to spark class discussions Enterprise Web based
More informationStandard 1 The student will author web pages using the HyperText Markup Language (HTML)
I. Course Title Web Application Development II. Course Description Students develop software solutions by building web apps. Technologies may include a back-end SQL database, web programming in PHP and/or
More informationChapter 10 Web-based Information Systems
Prof. Dr.-Ing. Stefan Deßloch AG Heterogene Informationssysteme Geb. 36, Raum 329 Tel. 0631/205 3275 dessloch@informatik.uni-kl.de Chapter 10 Web-based Information Systems Role of the WWW for IS Initial
More informationAttacking Web2.0. Daiki Fukumori Secure Sky Technology Inc.
Attacking Web2.0 Daiki Fukumori Secure Sky Technology Inc. Agenda Introduction What Is Web2.0 (from Attackers view) Attacking Same-Origin Policy Advanced Attacking Same-Origin
More informationStefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan. Stanford University, Chalmers University of Technology
Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology One of the most popular application platforms Easy to deploy and access Almost anything
More informationLab - Configure Browser Settings in Windows 8
Introduction In this lab, you will configure browser settings in Microsoft Internet Explorer. Recommended Equipment A computer with Windows 8 An Internet connection Step 1: Set Internet Explorer as the
More informationESORICS September Martin Johns
SessionSafe: Implementing XSS Immune SessionHandling Universität Hamburg ESORICS 06 20. September 2006 Martin Johns Fachbereich Informatik SVS Sicherheit in Verteilten Systemen Me, myself and I Martin
More informationDeveloping ASP.NET MVC 5 Web Applications
20486C - Version: 1 23 February 2018 Developing ASP.NET MVC 5 Web Developing ASP.NET MVC 5 Web 20486C - Version: 1 5 days Course Description: In this course, students will learn to develop advanced ASP.NET
More information