Upload
Featured Recent Articles Topics Login Upload
CS 4740/6740 Network Security Lecture 9: The Web
1 / 1

CS 4740/6740 Network Security Lecture 9: The Web

Author : conchita-marotz | Published Date : 2025-08-13

Description: CS 47406740 Network Security Lecture 9 The Web SOP XSS CSRF HTML5 CSP CORS etc The Web The Web has become a powerful platform for developing and distributing applications Huge user population Relatively easy to develop and deploy
origin browser data web http

Presentation Embed Code

Download Presentation

Download Presentation The PPT/PDF document "CS 4740/6740 Network Security Lecture 9: The Web" is the property of its rightful owner. Permission is granted to download and print the materials on this website for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.

Transcript:CS 4740/6740 Network Security Lecture 9: The Web:
CS 4740/6740 Network Security Lecture 9: The Web (SOP, XSS, CSRF, HTML5, CSP, CORS, etc.) The Web The Web has become a powerful platform for developing and distributing applications Huge user population Relatively easy to develop and deploy cross-platform Platform has evolved significantly Very simple model initially Today, it is a mix of client- and server-side components Web services and APIs are now ubiquitous Geared towards an open model On the client-side, all documents, data, and code are visible/modifiable Commonplace to link to or share data/code with other (untrusted) sites Web Apps are Vulnerable As the popularity of the Web has grown, attackers have shifted their focus towards it Web apps often possess large degrees of authority Access to sensitive data on the client- and server-side Web apps can be exploited to abuse this authority Data breaches and theft Site Defacement Invasion of privacy Malware distribution Beachhead into internal networks Overview The Web Model What components make up today’s browsers and web servers? How has this functionality evolved over time? What security model governs the browser? Attacks Against Clients Cross Site Scripting (XSS) and Response Splitting Cross Site Request Forgery (CSRF) Clickjacking Attacks Against Servers SQL Injection PHP warts Unrestricted Uploads CGI shell injection The Web Model Basics: HTML, CSS, Javascript, HTTP SOP XHR Timeline 1991: First version of Hypertext Markup Language (HTML) released by Sir Tim Berners-Lee Markup language for displaying documents Contained 18 tags, including anchor () a.k.a. a hyperlink 1991: First version of Hypertext Transfer Protocol (HTTP) is published Berners-Lee’s original protocol only included GET requests for HTML HTTP is more general, many request (e.g. PUT) and document types 1992: Web Architecture circa-1992 Client Side Server Side Protocols Gopher FTP HTTP Document Renderer HTML Parser Network Protocols Network Protocols HTML HTML Hypertext Markup Language HTML 2.0  3.2  4.0  4.01 → XHTML 1.1 → XHTML 2.0 → HTML 5 Syntax Hierarchical tags (elements), originally based on SGML Structure contains metadata contains content 9 HTML Hello World

Hello World

I am 12 and what is this?

HTML may embed other resources from the same origin … or from other origins (cross origin embedding) HTTP Protocol Hypertext Transfer Protocol Intended for downloading HTML documents Can be generalized to download any kind of file HTTP message format Text based protocol, typically

Download Document

Here is the link to download the presentation.
"CS 4740/6740 Network Security Lecture 9: The Web"The content belongs to its owner. You may download and print it for personal use, without modification, and keep all copyright notices. By downloading, you agree to these terms.

Related Presentations

Data Sheet McAfee SaaS Web Protection Cloudbased web security for a safe secure network
Data Sheet McAfee SaaS Web Protection Cloudbased web security for a safe secure network
 WS Brisk Web Application Security Expert BrIsk Info Sec Brisk Web Application Security
WS Brisk Web Application Security Expert BrIsk Info Sec Brisk Web Application Security
 Data Center Data Center Engineer Routing and Switching Network Engineer Video Video Network
Data Center Data Center Engineer Routing and Switching Network Engineer Video Video Network
 Guide to Network Defense and Countermeasures
Guide to Network Defense and Countermeasures
 Network Layer Security
Network Layer Security
 Wireless Network Security
Wireless Network Security
 CS 4740/6740
CS 4740/6740
 Web server security Dr Jim Briggs
Web server security Dr Jim Briggs
 MORPHEE Plus besoin de cachets avec le thé Morphée
MORPHEE Plus besoin de cachets avec le thé Morphée
 Lec4: Network Models 1 Relationship Between Network Security & Cost
Lec4: Network Models 1 Relationship Between Network Security & Cost
 3DJHRIPSCPublishingServices(301)443-6740
3DJHRIPSCPublishingServices(301)443-6740
 HQT-6740 Hitachi Vantara Qualified Professional – Storage Administration Certification
HQT-6740 Hitachi Vantara Qualified Professional – Storage Administration Certification
 Top Advantages of Using AI in Web Development
Top Advantages of Using AI in Web Development
 Fortinet Azure Cloud Security Administrator FCP_ZCS_AD-7.4 Certification Study Guide
Fortinet Azure Cloud Security Administrator FCP_ZCS_AD-7.4 Certification Study Guide