WEB

SECURITY
SEMESTER 5
UNIT - 2

HI COLLEGE
SYLLABUS
UNIT - 2

HI COLLEGE
 INTERNET AND WEB APPLICATION SECURITY:
EMAIL SECURITY (PGP AND SMIME)
PGP (Pretty Good Privacy) and S/MIME (Secure/Multipurpose Internet Mail
Extensions) are both ways to encrypt email messages to keep them private and
secure. PGP is an open-source encryption method that you can use for free,
while S/MIME is a standard encryption method used by many email providers.

With PGP, you create a public and private key pair. You can share your public
key with others so they can encrypt messages for you, and you use your private
key to decrypt messages. With S/MIME, you get a digital certificate from a
trusted authority that contains your public key and verifies your identity.

Both methods provide strong encryption, but S/MIME is more widely supported
by email providers and clients because it's a standard encryption method
recognized by many organizations and governments. PGP may have
compatibility issues with some email clients or servers, particularly older or less
commonly used systems.

In summary, both PGP and S/MIME are important tools for protecting the
confidentiality and integrity of email communications.

WEB SECURITY: WEB AUTHENTICATION

There are several types of web authentication methods, including:

1. Basic Authentication: This method uses HTTP Basic Authentication, which

sends the user's credentials in clear text over the network, making it vulnerable
to interception.

2. Session-based Authentication: This method involves creating a unique

session ID for each user and storing it on the server. The session ID is then sent
to the client's browser, which sends it back with subsequent requests to
authenticate the user.

3. Token-based Authentication: This method involves sending a token to the

client's browser, which is then sent back with subsequent requests to
authenticate the user. Tokens can be time-based or session-based, and they are
typically more secure than session IDs because they are less susceptible to
replay attacks.

HiCollege Click Here For More Notes 01

4. Multi-factor Authentication (MFA): This method involves requiring users to
provide multiple forms of identification, such as a password and a security
token or biometric data, to access sensitive information or resources. MFA
provides an additional layer of security by making it more difficult for attackers
to gain unauthorized access.

INJECTION FLAWS
Injection flaws are a type of web application security vulnerability that occurs
when user input is not properly sanitized or validated before being executed as
part of a command or query. This can allow attackers to inject malicious code,
such as SQL statements or shell commands, into an application, potentially
compromising the confidentiality, integrity, or availability of data.

There are several types of injection flaws, including:

1. SQL Injection: This occurs when user input is not properly sanitized or
validated before being executed as part of an SQL statement. Attackers can use
SQL injection to steal sensitive data, modify data, or execute arbitrary
commands on the database server.

2. LDAP Injection: This occurs when user input is not properly sanitized or
validated before being executed as part of an LDAP query. Attackers can use
LDAP injection to steal sensitive data, modify data, or execute arbitrary
commands on the LDAP server.

3. Command Injection: This occurs when user input is not properly sanitized or
validated before being executed as part of a shell command. Attackers can use
command injection to execute arbitrary commands on the server, potentially
compromising the confidentiality, integrity, or availability of data.

ME &
WHO?

HiCollege Click Here For More Notes 02

PROGRAMMING BUGS AND MALICIOUS CODE
Programming bugs and malicious code are two distinct types of web
application security vulnerabilities, but they can both lead to serious security
issues.

Programming bugs refer to errors in the code of a web application that can
cause unexpected behavior or crashes. These bugs can be caused by a variety of
factors, including syntax errors, logic errors, and resource management issues.
While programming bugs are not necessarily malicious, they can still pose a
security risk if they allow attackers to exploit vulnerabilities in the application.

Malicious code, on the other hand, refers to intentional code that is designed to
harm a web application or its users. This can include things like viruses, Trojans,
and worms, as well as more sophisticated attacks like cross-site scripting (XSS)
and SQL injection. Malicious code can be introduced into a web application
through various means, such as compromised third-party libraries or injected
scripts.

SQL INJECTION
SQL injection (SQLi) is a serious cybersecurity threat targeting databases by
inserting malicious SQL code through application input fields. This attack takes
advantage of vulnerabilities in web applications that directly interact with
databases.
There are several types of SQL injection attacks, each exploiting different
weaknesses in an application's input handling:

1. Inband SQLi (Classic SQLi): This is the most common type where the
attacker uses the same communication channel to both launch the attack
and gather results. It includes:

Union-Based SQLi: The attacker extends a query to combine results from

multiple SELECT statements.

Error-Based SQLi: Exploiting error messages from the database to gather

information about its structure and contents.

HiCollege Click Here For More Notes 03

 Inferential SQLi (Blind SQLi): Attackers don’t directly see the results of their
actions but infer them based on the application’s behavior, typically
through slow responses or different error messages.

Boolean-Based SQLi: Manipulating the SQL query to provoke different

responses, usually in the form of true/false or yes/no answers.

Time-Based SQLi: Delays in the application's response can indicate

success or failure of injected queries.

Out-of-Band SQLi: Exploiting the server’s ability to make DNS or HTTP

requests to communicate with the attacker-controlled servers. This doesn’t
rely on the direct output of the injected query.

CROSS-SITE SCRIPTING (XSS)

Cross-site scripting (XSS) occurs when an attacker injects malicious scripts into
a web application, which are then executed in a user's browser session. This can
allow the attacker to steal sensitive information, such as login credentials or
session tokens, or execute arbitrary actions on behalf of the user. XSS attacks
can be particularly effective because they exploit the trust relationship between
the user and the web application.

1. Reflected XSS (Non-Persistent XSS): In this type, the malicious script is

delivered via a link or input field to the web application. The application
then reflects the attack back to the user in the response. For instance, an
attacker can craft a URL containing the malicious script and trick a user into
clicking it. The server then reflects this script back to the user’s browser,
executing it in their session.
2. Stored XSS (Persistent XSS): In this scenario, the malicious script is stored
on the server (in a database, for example) by the application. When a user
requests the compromised data, the script is delivered alongside the
requested content, executing in the victim's browser. This type of XSS can
have a more widespread impact as it affects multiple users accessing the
compromised content.
3. DOM-based XSS: Unlike the previous types, this attack occurs entirely on the
client-side. The vulnerability arises from how the client-side scripts
manipulate the DOM (Document Object Model). The attack involves
injecting malicious code that is then processed by the client-side script,
leading to unintended actions or information disclosure within the page.

HiCollege Click Here For More Notes 04

MEMORY CORRUPTION EXPLOITS
Memory corruption exploits are a type of web application security vulnerability
that can be particularly dangerous because they can allow attackers to execute
arbitrary code on the system or bypass security restrictions.

Memory corruption exploits occur when an application writes data to a

memory location that it is not authorized to access, or when it writes data to a
location in a way that corrupts the memory contents. This can cause the
application to behave unexpectedly, such as crashing or executing arbitrary
code.

There are several types of memory corruption exploits, including stack

overflow, heap overflow, and use-after-free.
Stack overflow occurs when an application writes data to the stack beyond
its bounds, which can overwrite critical data structures and cause the
application to crash or execute arbitrary code.
Heap overflow occurs when an application writes data to the heap beyond
its bounds, which can corrupt memory and cause the application to behave
unexpectedly.
Use-after-free occurs when an application accesses a memory location after
it has been freed, which can lead to arbitrary code execution or other
security issues.

WEB BROWSER SECURITY

Web browser security is a critical aspect of protecting users' data and privacy
while browsing the internet. Here are some best practices for web browser
security:

1. Keep your browser up-to-date: Browser developers release regular updates to

address security vulnerabilities, so it's essential to keep your browser up-to-
date.

2. Use a strong and unique password: Use a strong and unique password for
your browser and other online accounts. Avoid using easily guessable
passwords like "password" or "123456".

3. Enable two-factor authentication: Two-factor authentication adds an extra

layer of security by requiring a second form of identification, such as a code
sent to your phone, in addition to your password.

HiCollege Click Here For More Notes 05

4. Use HTTPS: HTTPS encrypts data transmitted between your browser and the
website, making it more difficult for attackers to intercept and read sensitive
information.

5. Disable unnecessary browser features: Disable features like Flash, Java, and
JavaScript if you don't need them, as they can be used to execute malicious
code.

6. Use a pop-up blocker: Pop-ups can be used to distribute malware or phishing

scams, so it's essential to use a pop-up blocker to prevent them from appearing.

7. Be cautious of phishing scams: Phishing scams use fake websites or emails to

trick users into providing sensitive information. Be cautious of emails or
websites that ask for personal information or login credentials.

8. Use a VPN: A virtual private network (VPN) encrypts your internet connection
and hides your IP address, making it more difficult for attackers to track your
online activity.

9. Clear your browsing history: Regularly clear your browsing history, cache, and
cookies to prevent attackers from accessing sensitive information stored in your
browser.

10. Use anti-virus software: Install anti-virus software on your computer and
keep it up-to-date to protect against malware and other security threats.

*Syllabus

HiCollege Click Here For More Notes 06

 E-COMMERCE SECURITY
E-commerce security is essential for protecting online shoppers' data and
preventing fraud. Here are some best practices for e-commerce security:

1. Use SSL/TLS encryption: SSL/TLS encryption ensures that all data transmitted
between the shopper's browser and the e-commerce website is encrypted,
making it more difficult for attackers to intercept and read sensitive
information.

2. Implement strong password policies: Use strong password policies that

require users to create complex passwords and change them regularly.

3. Use two-factor authentication: Two-factor authentication adds an extra layer

of security by requiring a second form of identification, such as a code sent to
your phone, in addition to your password.

4. Store sensitive data securely: Store sensitive data, such as credit card
numbers and personal information, in an encrypted format to prevent
unauthorized access.

5. Implement secure payment processing: Use secure payment processing

methods, such as tokenization and PCI DSS compliance, to protect sensitive
payment information.

6. Regularly update software and patches: Regularly update software and

patches to address security vulnerabilities and prevent attacks.

7. Implement access controls: Implement access controls to restrict access to

sensitive data and systems based on user roles and permissions.

8. Conduct regular security audits: Conduct regular security audits to identify

potential vulnerabilities and address them before they can be exploited by
attackers.

9. Train employees on security best practices: Train employees on security best

practices, such as how to identify phishing scams and how to handle sensitive
data securely.

10. Use anti-virus software: Install anti-virus software on your computer and
keep it up-to-date to protect against malware and other security threats.

HiCollege Click Here For More Notes 07