SlideShare une entreprise Scribd logo

Chapter 1 introduction(web security)

K
Kirti Ahirrao

Myself Prof. Kirti Ahirrao This presentation is consists of web security introduction topics.

Formation
1  sur  20
Télécharger pour lire hors ligne
WEB SECURITY CHAPTER-1.INTRODUCTION Prof. Kirti Ahirrao PROF. KIRTI AHIRRAO
Index: Prof. Kirti Ahirrao 2 1. Internet & WWW 2. Vulnerabilities, threats and countermeasures. 3. Generic Security Model : - Security policy, - Host security, - Network security, - Organizational security, - Legal Security 4. Web Application Architecture Components, Complex Web Applications, Software Components
Internet • Internet is a massive network of networks • It is networking infrastructure. • It is a decentralized networks. • It connects millions of users/computers together globally. • When any computer is connected in network, that computer can communicate with any other computer on internet. • Information can travel from network in any language known as protocols. Prof.KirtiAhirrao 3
• WWW stands for World Wide Web • It is a way of accessing information over the medium of the internet. • It is the information-sharing model, which is built on the top of internet. • The web uses the HTTP protocol, only one of the languages spoken over the internet, to transmit data. • The web also utilizes browsers, such as Internet Explorer or Firefox, to access Web documents called webpages that are linked to each other via hyperlinks. Web documents also contain graphics, sounds, text and video. Prof.KirtiAhirrao 4 WWW
Vulnerabilities P r o f . K i r t i A h i r r a o 1. It is a weakness in the application, which can be a design flaw or an implementation bug, 2. It allows an attacker to cause harm to the stakeholders of an application. 3. Stakeholders include the application owner, application users, and other entities that rely on the application. Examples: • Lack of input validation on user input • Lack of sufficient logging mechanism • Fail-open error handling • Not closing the database connection properly 5
Threats P R O F . K I R T I A H I R R A O Web-based threats – or online threats – are malware programs that can target you when you’re using the Internet. These browser-based threats include a range of malicious software programs that are designed to infect victims’ computers. Web security threats are constantly emerging and evolving, but a number of threats consistently appear at the top of web security threat lists. These include: • Phishing • Ransomware • SQL injection • Cross-site scripting • Code injection • CEO fraud and impersonation • Viruses and worms • Spyware 6
Countermeasures: P R O F . K I R T I A H I R R A O In computer security a countermeasure is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken. 1. Preventative – These work by keeping something from happening in the first place. ... 2. Reactive – Reactive countermeasures come into effect only after an event has already occurred. 3. Detective – Examples of detective counter measures It includes system monitoring, IDS, anti-virus, motion detectors and IPS. 7
Generic Security model P R O F . K I R T I A H I R R A O 8 Security policy, Host security, Network security, Organizational security, Legal Security
Security Policy : • Security policies are a formal set of rules which is issued by an organization to ensure that the user who are authorized to access company technology and information assets comply with rules and guidelines related to the security of information. • It is a written document in the organization which is responsible for how to protect the organizations from threats and how to handles them when they will occur. • A security policy also considered to be a "living document" which means that the document is never finished, but it is continuously updated as requirements of the technology and employee changes. • Needs of security policy: 1) It increases efficiency 2) It upholds discipline and accountability 3) It can make or break a business deal 4) It helps to educate employees on security literacy PROF. KIRTI AHIRRAO 9
Host Security • It is easy to focus on the security of the software we use and forget about the hardware and software that ‘hosts’ it – our desktops, laptops, mobile devices, their operating systems and configurations. • Strong host security addresses the key aspects of your hosts, including hardware, software, server and storage components. • It ensures you are equipped to defend yourself against, and appropriately respond to, cyber-attacks, when they occur. • Sense of Security’s host level security assessment provides insight into your host security configuration. • It also includes aspects that cannot be seen from the network. • This allows us to identify, and address, your additional weaknesses and exposures to cyber risk. PROF. KIRTI AHIRRAO 10
Network Security P R O F . K I R T I A H I R R A O • Network security is a broad term that covers a multitude of technologies, devices and processes. • In its simplest term, it is a set of rules and configurations designed to protect the integrity, confidentiality and accessibility of computer networks and data using both software and hardware technologies. • Every organization, regardless of size, industry or infrastructure, requires a degree of network security solutions in place to protect it from the ever-growing landscape of cyber threats in the wild today. • Today's network architecture is complex and is faced with a threat environment that is always changing and attackers that are always trying to find and exploit vulnerabilities. These vulnerabilities can exist in a broad number of areas, including devices, data, applications, users and locations. • For this reason, there are many network security management tools and applications in use today that address individual threats and exploits and also regulatory non-compliance. When just a few minutes of downtime can cause widespread disruption and massive damage to an organization's bottom line and reputation, it is essential that these protection measures are in place. 11
Network Security P R O F . K I R T I A H I R R A O Types of network security: • Physical network security • Technical network security • Administrative network security 12
Types of Network Security P R O F . K I R T I A H I R R A O 13 Physical Network Security : Physical security controls are designed to prevent unauthorized personnel from gaining physical access to network components such as routers, cabling cupboards and so on. Controlled access, such as locks, biometric authentication and other devices, is essential in any organization. Technical Network Security : Technical security controls protect data that is stored on the network or which is in transit across, into or out of the network. Protection is twofold; it needs to protect data and systems from unauthorized personnel, and it also needs to protect against malicious activities from employees. Administrative Network Security : Administrative security controls consist of security policies and processes that control user behavior, including how users are authenticated, their level of access and also how IT staff members implement changes to the infrastructure.
Organizational Security P R O F . K I R T I A H I R R A O • Organizational security as a sustained, appropriate level of security in team communication and information management practices. • When more than one person works together to achieve a goal, they need to be able to communicate and manage information to get things done. • Organizational security has much more to do with the social and political decision-making of an organization. Security isn’t about the perfect technical fix. • It’s about working with all members of the team to make sure that they understand the issues and the value of protecting information. • Supporting awareness raising activities to encourage individual thinking about security (in addition to how-to’s, instructions, and policies) is key to supporting longer term growth and more organic adaptation to new threats. 14
Legal Security P R O F . K I R T I A H I R R A O • To make cybersecurity measures explicit, the written norms are required. These norms are known as cybersecurity standards: the generic sets of prescriptions for an ideal execution of certain measures. • The standards may involve methods, guidelines, reference frameworks, etc. It ensures efficiency of security, facilitates integration and interoperability, enables meaningful comparison of measures, reduces complexity, and provide the structure for new developments. • A security standard is "a published specification that establishes a common language & contains a technical specification or other precise criteria and is designed to be used consistently, as a rule, a guideline, or a definition.“ • The goal of security standards is to improve the security of information technology (IT) systems, networks, and critical infrastructures. • The Well-Written cybersecurity standards enable consistency among product developers and serve as a reliable standard for purchasing security products. • Security standards are generally provided for all organizations regardless of their size or the industry and sector in which they operate. This section includes information about each standard that is usually recognized as an essential component of any cybersecurity strategy. 15
Web Application Architecture Components: PROF. KIRTI AHIRRAO 1 6
Web Application Architecture Components: (contd.) User interface app components • This is a reference to the web pages that have a role that is related to the display, settings and configurations. • It is related the interface/experience, rather than the development, and consequently it deals with display dashboards, configuration settings, notifications, and logs etc. Structural components • The structural components of a web application basically refer to the functionality of the web application with which a user interacts, the control and the database storage. • In other words, it has got more to do with the structural aspects of the architecture, as the name suggests. • This basically comprises (1) The web browser or client, (2) The web application server and (3) The database server. PROF.KIRTIAHIRRAO 17
Structural Components: P R O F . K I R T I A H I R R A O 18 The web browser or client permits the users to interact with the functions of the web apps and is generally developed using HTML, CSS, and JavaScript. The web application server handles the central hub that supports business logic and multi-layer applications, and is generally developed using Python, PHP, Java, .NET, Ruby, and Node.js. The database server offers business logic and relevant information/data that is stored and managed by the web application server. It stores, retrieves and provides the information.
References: • https://www.webopedia.com/DidYouKnow/Internet/Web_vs_Internet.asp • https://owasp.org/www- community/vulnerabilities/#:~:text=A%20vulnerability%20is%20a%20hole,that%20 rely%20on%20the%20application. • https://www.senseofsecurity.com.au/cyber-security-services/host-level-security- assessment/#:~:text=Strong%20host%20security%20addresses%20the,%2Dattacks% 2C%20when%20they%20occur. • https://www.javatpoint.com/cyber-security- policies#:~:text=Security%20policies%20are%20a%20formal,to%20the%20security %20of%20information. • https://www.forcepoint.com/cyber-edu/network-security • https://www.theengineroom.org/what-weve-learned-about-organizational-security-in- 2014/ • https://www.peerbits.com/blog/web-application-architecture.html PROF. KIRTI AHIRRAO 19
THANK YOU P R O F . K I R T I A H I R R A O 20

Recommandé

Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityDhani Ahmad
 
12 security policies
12 security policies12 security policies
12 security policiesSaqib Raza
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2Marneil Sanchez
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
Computing safety
Computing safetyComputing safety
Computing safetytitoferrus
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet SecurityAna Meskovska
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKATHEESKUMAR S
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 

Recommandé

Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityDhani Ahmad
 
12 security policies
12 security policies12 security policies
12 security policiesSaqib Raza
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2Marneil Sanchez
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
Computing safety
Computing safetyComputing safety
Computing safetytitoferrus
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet SecurityAna Meskovska
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKATHEESKUMAR S
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 
Information security
Information security Information security
Information security razendar79
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
17 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_201217 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_2012RECIPA
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-securityAl Balqa Applied University
 
Ch01 Introduction to Security
Ch01 Introduction to SecurityCh01 Introduction to Security
Ch01 Introduction to SecurityInformation Technology
 
Cyber security vs information assurance
Cyber security vs information assuranceCyber security vs information assurance
Cyber security vs information assuranceVaughan Olufemi ACIB, AICEN, ANIM
 
Security technologies
Security technologiesSecurity technologies
Security technologiesDhani Ahmad
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoMark John Lado, MIT
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015Jeffery Brown
 
Unit v
Unit vUnit v
Unit vbharatnaruka90
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of ComputerFaizan Janjua
 
Security Awareness and Training
Security Awareness and TrainingSecurity Awareness and Training
Security Awareness and TrainingPriyank Hada
 
Evolution of Security
Evolution of SecurityEvolution of Security
Evolution of SecurityDM_GS
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptxGovt. P.G. College Sendhwa, Barwani (M.P.)
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 

Contenu connexe

Tendances

Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 
Information security
Information security Information security
Information security razendar79
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
17 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_201217 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_2012RECIPA
 
Security technologies
Security technologiesSecurity technologies
Security technologiesDhani Ahmad
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoMark John Lado, MIT
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015Jeffery Brown
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of ComputerFaizan Janjua
 
Security Awareness and Training
Security Awareness and TrainingSecurity Awareness and Training
Security Awareness and TrainingPriyank Hada
 
Evolution of Security
Evolution of SecurityEvolution of Security
Evolution of SecurityDM_GS
 

Tendances (20)

Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Information security
Information security Information security
Information security
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
17 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_201217 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_2012
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-security
 
Ch01 Introduction to Security
Ch01 Introduction to SecurityCh01 Introduction to Security
Ch01 Introduction to Security
 
Cyber security vs information assurance
Cyber security vs information assuranceCyber security vs information assurance
Cyber security vs information assurance
 
Security technologies
Security technologiesSecurity technologies
Security technologies
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John Lado
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015
 
Unit v
Unit vUnit v
Unit v
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of Computer
 
Security Awareness and Training
Security Awareness and TrainingSecurity Awareness and Training
Security Awareness and Training
 
Evolution of Security
Evolution of SecurityEvolution of Security
Evolution of Security
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptx
 

Similaire à Chapter 1 introduction(web security)

Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security madunix
 
All About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxAll About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxInfosectrain3
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxTikdiPatel
 
what is cybersecurity.pdf
what is cybersecurity.pdfwhat is cybersecurity.pdf
what is cybersecurity.pdfpublicchats
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptxKnownId
 
Presentation 1.pptx
Presentation 1.pptxPresentation 1.pptx
Presentation 1.pptxrabeetkashif
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxNeilStark1
 
How to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfHow to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfNeilStark1
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxNeilStark1
 
Week-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptxWeek-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptxyasirkhokhar7
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptxMalu704065
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
Information Technology Security Management
Information Technology Security ManagementInformation Technology Security Management
Information Technology Security ManagementMITSDEDistance
 
network security.001.pptx................
network security.001.pptx................network security.001.pptx................
network security.001.pptx................MuhammadKhalil858111
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 

Similaire à Chapter 1 introduction(web security) (20)

Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- ingles
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
 
All About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxAll About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptx
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
 
what is cybersecurity.pdf
what is cybersecurity.pdfwhat is cybersecurity.pdf
what is cybersecurity.pdf
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
 
security of information systems
security of information systems security of information systems
security of information systems
 
network security.pdf
network security.pdfnetwork security.pdf
network security.pdf
 
Presentation 1.pptx
Presentation 1.pptxPresentation 1.pptx
Presentation 1.pptx
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docx
 
How to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfHow to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdf
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docx
 
Week-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptxWeek-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptx
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
Information Technology Security Management
Information Technology Security ManagementInformation Technology Security Management
Information Technology Security Management
 
network security.001.pptx................
network security.001.pptx................network security.001.pptx................
network security.001.pptx................
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 

Plus de Kirti Ahirrao

Application layer security protocol
Application layer security protocolApplication layer security protocol
Application layer security protocolKirti Ahirrao
 
Internet layer security protocol & IPsec
Internet layer security protocol & IPsecInternet layer security protocol & IPsec
Internet layer security protocol & IPsecKirti Ahirrao
 
Network access layer security protocol
Network access layer security protocolNetwork access layer security protocol
Network access layer security protocolKirti Ahirrao
 

Plus de Kirti Ahirrao (6)

BusTopolgy.pptx
BusTopolgy.pptxBusTopolgy.pptx
BusTopolgy.pptx
 
Attack on Sony
Attack on SonyAttack on Sony
Attack on Sony
 
Firewall traversals
Firewall traversalsFirewall traversals
Firewall traversals
 
Application layer security protocol
Application layer security protocolApplication layer security protocol
Application layer security protocol
 
Internet layer security protocol & IPsec
Internet layer security protocol & IPsecInternet layer security protocol & IPsec
Internet layer security protocol & IPsec
 
Network access layer security protocol
Network access layer security protocolNetwork access layer security protocol
Network access layer security protocol
 

Dernier

The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...anjaliyadav012327
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 

Dernier (20)

The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 

Chapter 1 introduction(web security)

  • 2. Index: Prof. Kirti Ahirrao 2 1. Internet & WWW 2. Vulnerabilities, threats and countermeasures. 3. Generic Security Model : - Security policy, - Host security, - Network security, - Organizational security, - Legal Security 4. Web Application Architecture Components, Complex Web Applications, Software Components
  • 3. Internet • Internet is a massive network of networks • It is networking infrastructure. • It is a decentralized networks. • It connects millions of users/computers together globally. • When any computer is connected in network, that computer can communicate with any other computer on internet. • Information can travel from network in any language known as protocols. Prof.KirtiAhirrao 3
  • 4. • WWW stands for World Wide Web • It is a way of accessing information over the medium of the internet. • It is the information-sharing model, which is built on the top of internet. • The web uses the HTTP protocol, only one of the languages spoken over the internet, to transmit data. • The web also utilizes browsers, such as Internet Explorer or Firefox, to access Web documents called webpages that are linked to each other via hyperlinks. Web documents also contain graphics, sounds, text and video. Prof.KirtiAhirrao 4 WWW
  • 5. Vulnerabilities P r o f . K i r t i A h i r r a o 1. It is a weakness in the application, which can be a design flaw or an implementation bug, 2. It allows an attacker to cause harm to the stakeholders of an application. 3. Stakeholders include the application owner, application users, and other entities that rely on the application. Examples: • Lack of input validation on user input • Lack of sufficient logging mechanism • Fail-open error handling • Not closing the database connection properly 5
  • 6. Threats P R O F . K I R T I A H I R R A O Web-based threats – or online threats – are malware programs that can target you when you’re using the Internet. These browser-based threats include a range of malicious software programs that are designed to infect victims’ computers. Web security threats are constantly emerging and evolving, but a number of threats consistently appear at the top of web security threat lists. These include: • Phishing • Ransomware • SQL injection • Cross-site scripting • Code injection • CEO fraud and impersonation • Viruses and worms • Spyware 6
  • 7. Countermeasures: P R O F . K I R T I A H I R R A O In computer security a countermeasure is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken. 1. Preventative – These work by keeping something from happening in the first place. ... 2. Reactive – Reactive countermeasures come into effect only after an event has already occurred. 3. Detective – Examples of detective counter measures It includes system monitoring, IDS, anti-virus, motion detectors and IPS. 7
  • 8. Generic Security model P R O F . K I R T I A H I R R A O 8 Security policy, Host security, Network security, Organizational security, Legal Security
  • 9. Security Policy : • Security policies are a formal set of rules which is issued by an organization to ensure that the user who are authorized to access company technology and information assets comply with rules and guidelines related to the security of information. • It is a written document in the organization which is responsible for how to protect the organizations from threats and how to handles them when they will occur. • A security policy also considered to be a "living document" which means that the document is never finished, but it is continuously updated as requirements of the technology and employee changes. • Needs of security policy: 1) It increases efficiency 2) It upholds discipline and accountability 3) It can make or break a business deal 4) It helps to educate employees on security literacy PROF. KIRTI AHIRRAO 9
  • 10. Host Security • It is easy to focus on the security of the software we use and forget about the hardware and software that ‘hosts’ it – our desktops, laptops, mobile devices, their operating systems and configurations. • Strong host security addresses the key aspects of your hosts, including hardware, software, server and storage components. • It ensures you are equipped to defend yourself against, and appropriately respond to, cyber-attacks, when they occur. • Sense of Security’s host level security assessment provides insight into your host security configuration. • It also includes aspects that cannot be seen from the network. • This allows us to identify, and address, your additional weaknesses and exposures to cyber risk. PROF. KIRTI AHIRRAO 10
  • 11. Network Security P R O F . K I R T I A H I R R A O • Network security is a broad term that covers a multitude of technologies, devices and processes. • In its simplest term, it is a set of rules and configurations designed to protect the integrity, confidentiality and accessibility of computer networks and data using both software and hardware technologies. • Every organization, regardless of size, industry or infrastructure, requires a degree of network security solutions in place to protect it from the ever-growing landscape of cyber threats in the wild today. • Today's network architecture is complex and is faced with a threat environment that is always changing and attackers that are always trying to find and exploit vulnerabilities. These vulnerabilities can exist in a broad number of areas, including devices, data, applications, users and locations. • For this reason, there are many network security management tools and applications in use today that address individual threats and exploits and also regulatory non-compliance. When just a few minutes of downtime can cause widespread disruption and massive damage to an organization's bottom line and reputation, it is essential that these protection measures are in place. 11
  • 12. Network Security P R O F . K I R T I A H I R R A O Types of network security: • Physical network security • Technical network security • Administrative network security 12
  • 13. Types of Network Security P R O F . K I R T I A H I R R A O 13 Physical Network Security : Physical security controls are designed to prevent unauthorized personnel from gaining physical access to network components such as routers, cabling cupboards and so on. Controlled access, such as locks, biometric authentication and other devices, is essential in any organization. Technical Network Security : Technical security controls protect data that is stored on the network or which is in transit across, into or out of the network. Protection is twofold; it needs to protect data and systems from unauthorized personnel, and it also needs to protect against malicious activities from employees. Administrative Network Security : Administrative security controls consist of security policies and processes that control user behavior, including how users are authenticated, their level of access and also how IT staff members implement changes to the infrastructure.
  • 14. Organizational Security P R O F . K I R T I A H I R R A O • Organizational security as a sustained, appropriate level of security in team communication and information management practices. • When more than one person works together to achieve a goal, they need to be able to communicate and manage information to get things done. • Organizational security has much more to do with the social and political decision-making of an organization. Security isn’t about the perfect technical fix. • It’s about working with all members of the team to make sure that they understand the issues and the value of protecting information. • Supporting awareness raising activities to encourage individual thinking about security (in addition to how-to’s, instructions, and policies) is key to supporting longer term growth and more organic adaptation to new threats. 14
  • 15. Legal Security P R O F . K I R T I A H I R R A O • To make cybersecurity measures explicit, the written norms are required. These norms are known as cybersecurity standards: the generic sets of prescriptions for an ideal execution of certain measures. • The standards may involve methods, guidelines, reference frameworks, etc. It ensures efficiency of security, facilitates integration and interoperability, enables meaningful comparison of measures, reduces complexity, and provide the structure for new developments. • A security standard is "a published specification that establishes a common language & contains a technical specification or other precise criteria and is designed to be used consistently, as a rule, a guideline, or a definition.“ • The goal of security standards is to improve the security of information technology (IT) systems, networks, and critical infrastructures. • The Well-Written cybersecurity standards enable consistency among product developers and serve as a reliable standard for purchasing security products. • Security standards are generally provided for all organizations regardless of their size or the industry and sector in which they operate. This section includes information about each standard that is usually recognized as an essential component of any cybersecurity strategy. 15
  • 17. Web Application Architecture Components: (contd.) User interface app components • This is a reference to the web pages that have a role that is related to the display, settings and configurations. • It is related the interface/experience, rather than the development, and consequently it deals with display dashboards, configuration settings, notifications, and logs etc. Structural components • The structural components of a web application basically refer to the functionality of the web application with which a user interacts, the control and the database storage. • In other words, it has got more to do with the structural aspects of the architecture, as the name suggests. • This basically comprises (1) The web browser or client, (2) The web application server and (3) The database server. PROF.KIRTIAHIRRAO 17
  • 18. Structural Components: P R O F . K I R T I A H I R R A O 18 The web browser or client permits the users to interact with the functions of the web apps and is generally developed using HTML, CSS, and JavaScript. The web application server handles the central hub that supports business logic and multi-layer applications, and is generally developed using Python, PHP, Java, .NET, Ruby, and Node.js. The database server offers business logic and relevant information/data that is stored and managed by the web application server. It stores, retrieves and provides the information.
  • 19. References: • https://www.webopedia.com/DidYouKnow/Internet/Web_vs_Internet.asp • https://owasp.org/www- community/vulnerabilities/#:~:text=A%20vulnerability%20is%20a%20hole,that%20 rely%20on%20the%20application. • https://www.senseofsecurity.com.au/cyber-security-services/host-level-security- assessment/#:~:text=Strong%20host%20security%20addresses%20the,%2Dattacks% 2C%20when%20they%20occur. • https://www.javatpoint.com/cyber-security- policies#:~:text=Security%20policies%20are%20a%20formal,to%20the%20security %20of%20information. • https://www.forcepoint.com/cyber-edu/network-security • https://www.theengineroom.org/what-weve-learned-about-organizational-security-in- 2014/ • https://www.peerbits.com/blog/web-application-architecture.html PROF. KIRTI AHIRRAO 19
  • 20. THANK YOU P R O F . K I R T I A H I R R A O 20