Scribd
Upload
13 views11 pages

Web Security (CAT-309) - Unit 1 Lecture 2

This document provides an overview of web security. It begins with definitions of web applications and their architecture. It describes how web applications use client-side and server-side scripts to store and present information to users. The document then discusses key security terms like confidentiality, integrity, and authentication. It also outlines common security threats, vulnerabilities, and policies for web applications, such as broken authentication, SQL injection, and password policies. Finally, it provides a checklist of important considerations for web security.

Uploaded by

20BCA1382 GYAN VARDHAN
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
13 views11 pages

Web Security (CAT-309) - Unit 1 Lecture 2

This document provides an overview of web security. It begins with definitions of web applications and their architecture. It describes how web applications use client-side and server-side scripts to store and present information to users. The document then discusses key security terms like confidentiality, integrity, and authentication. It also outlines common security threats, vulnerabilities, and policies for web applications, such as broken authentication, SQL injection, and password policies. Finally, it provides a checklist of important considerations for web security.

Uploaded by

20BCA1382 GYAN VARDHAN
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 11

UNIVERSITY INSTITUTE OF

COMPUTING
Bachelor of Computer Application
Subject Name: Web Security
Code:CAT-309

Web Application DISCOVER . LEARN . EMPOWER


Introduction to Web Applications
• A web application is a computer program that utilizes web browsers
and web technology to perform tasks over the Internet.

• Web applications use a combination of server-side scripts (PHP and


ASP) to handle the storage and retrieval of the information, and client-
side scripts (JavaScript and HTML) to present information to users.

• Web applications are usually coded in browser-supported language


such as JavaScript and HTML as these languages rely on the browser to
render the program executable. Some of the applications are dynamic,
requiring server-side processing.
2
Reference: https://blog.stackpath.com/web-application [1]
Web Application Architecture
• User triggers a request to the web
server over the Internet.
• Web server forwards this request to
the appropriate web application
server
• Web application server performs the
requested task
• Web application server sends results
to the web server .
• Web server responds back to the
client with the requested information. Fig 1 Web application Architecture
Reference:https://www.altexsoft.com/blog/engineering/web-application-architecture-how-the-web-works/ [2]
TERMS
• Security Services
• Confidentiality
• Integrity
• Authentication
• Non-Repudiation
• Access control
• Availability

Reference:
http://iso27001guide.com/annex-a/information-security-business-continuity/information-security-continuity/informa
tion-security-continuity-mean-iso-27001 4
/ [3]
TERMS
• Security Policies
• Password policy
• Network login policy
• User Policies
• IT Policies
• General Policies
• Remote access policy
• Security Attacks
• Security mechanisms

Fig 2- Security Policies [5]

5
Threat, Attack, Vulnerabilities
• A threat is any potential occurrence, malicious or otherwise, that could
harm an asset. In other words, a threat is any bad thing that can happen
to your assets.
• A vulnerability is a weakness that makes a threat possible. This may
be because of poor design, configuration mistakes, or inappropriate
and insecure coding techniques.
• An attack is an action that exploits a vulnerability or enacts a threat.
Examples of attacks include sending malicious input to an application
or flooding a network in an attempt to deny service.

Reference: https://blog.stackpath.com/web-application [4]


Web Application Vulnerabilities
• Broken authentication
• Broken access controls
• SQL injection
• Cross-site scripting
• Information leakage
• Cross-site request forgery
• Denial-of-service (DoS)

Fig 3 Web application vulnerabilities

7
Web Application Vulnerabilities

Fig 4 Web application vulnerabilities [1]

Reference: Dafydd Stuttard, “The Web Application Hacker’s Handbook”, Wiley India Pvt. Ltd. [1]
Web security checklist
• Web application firewalls
• Information gathering
• Authorization
• Cryptography
• Resilience against attack

9
References
Reference websites:
1. https://blog.stackpath.com/web-application
2. https://www.altexsoft.com/blog/engineering/web-application-architecture-how-the-web-works/
3. http://iso27001guide.com/annex-a/information-security-business-continuity/information-securit
y-continuity/information-security-continuity-mean-iso-27001/
4. https://blog.stackpath.com/web-application
5. https://www.bizzsecure.com/design-information-security-policies-the-right-way/

10
THANK YOU

For queries
Email: piyush.e8970@cumail.in

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy