Unlock the full potential of your projects.
Show full map
Copy and edit map Copy

3.0 WEB AND APPLICATION SECURITY

Other
afiqah mrsydh
Get Started. It's Free
or sign up with your email address
Similar Mind Maps Mind Map Outline
3.0 WEB AND APPLICATION SECURITY by Mind Map: 3.0 WEB AND APPLICATION SECURITY

1. iii. Trojan Horse

2. i. Viruses

3. Threat Modeling for Web Application

3.1. 1) Identify security objective -help to focus the threat modeling activity and determine how much effort to spent on subsequent.

3.2. 2) Application Overview - itemizing application characteristics and actors help to identify relevant threat.

3.3. 3) Decompose Application - a detailed understanding of the mechanics of application to uncover more relevant and detailed threat.

3.4. 4) Identify Threats - identify threat relevant to application scenarion and context.

3.5. 5) Identify Vulnerabilities - review the layers of application to identify weakness threat and use vulnerability categories to focus areas mistakes.

4. Common Security Threats on Web

4.1. a) Threats on Client Server

4.1.1. Many computers are vulnerable to attacks (worms, viruses, Trojan horse) so on that are created by hackers, crackers, or malicious codes

4.2. b) Threats on Server Side

4.2.1. Hackers usually attack network that are not properly secured and can steal the resources on the computer

4.2.2. Data available on web server is exposed to unauthorized access

4.3. c) Network Threats

5. Client Authorization

5.1. a) Client Side Data

5.1.1. Performed by the client

5.1.2. Can be seen and edited by the user

5.1.3. Cannot read files off server directly, must communicate via HTTP requests

5.2. b) Server Side Data

5.2.1. Performed by the server

5.2.2. Cannot be seen by the user

6. Tools for web based solution

6.1. a) Stinger

6.1.1. Use to detect and remove certain viruses in the browser hijacked system

6.2. Cwshredder

6.2.1. Scan entire system and looks for hijacking in the browser

6.3. c) Microsoft Anti Spyware

6.3.1. Use to protect a windows operating system from spyware and other potentially unwanted software

7. How Email Works

7.1. 1) the sender uses a MUA to compose an email.

7.2. 2) the mail is sent to MTA for sending the email to the receipient' MTA.

7.3. 3) the recipient's MTA receives the email and passed it to a MDA (using POP or IMAP protocol).

7.4. 4) the recipient uses an MUA to check and retrieve messages from the MDA.

8. Important Elements of Email

8.1. a) MUA : Mail User Agent

8.1.1. Allow user to read and compose email message

8.2. b) MTA : Mail Transfer Agent

8.2.1. Transport email using SMTP

8.3. c) MDA : Mail Delivery Agent

8.3.1. Delivery email to a local recipient's mailbox

8.4. d) MRA : Mail Retrieval Agent

8.4.1. Fetches email from mail server

9. Email encryption and authentication

9.1. a) Encryption

9.1.1. Protects against sniffing, unsecured attachment and also spoofing

9.1.2. Use public key encryption to protect messages

9.2. b) Authentication

9.2.1. Verifies that an email is actually from the user

10. Risk Related with Email Security

10.1. a) Email Spoofing

10.2. b) Spreading Malware

10.2.1. ii. Worms

10.3. d) Email Spamming

10.4. c) Email Bombing

11. Process of giving someone permission to do or have something

12. Spam filters

13. b) CGI Operation - information may be passed to and from the browser and server

14. Advantages

14.1. Easy to use

15. b) Repudiation : Non-repudiation, logging, audit trails, digital signatures

16. 5) IMAP - Internet Message Access Protocol used for accesing email on a web server from a local email client

17. Application threats and countermeasure

17.1. a) Spoofing Identify : Authentication, protect keys & password

17.2. d) Elevation pf Privilege : Authorization

17.3. c) Denial of Service : Availability, access control

18. Features to secure web application

18.1. a) Authentication :

18.1.1. Process of determining whether someone is, in fact, who or what it is declared to be

18.2. b) Authorization :

18.2.1. Antivirus software

19. Common Gateway Interface (CGI)

19.1. a) CGI Script -any program that runs on a web server.

20. Implement Email Security

20.1. Strong password

20.2. Encrypt message

21. Advantages and Limitations of Email.

21.1. Limitations

21.1.1. Set reminders to yourself

21.1.2. Info at your fingertips

21.1.2.1. Emotional responses

21.1.3. Attachment size limits

21.1.4. Recipient limits

22. Differences between Web-based and POP3 email

22.1. a) Web-based email

22.1.1. Use Gmail, Yahoo

22.1.2. Access to web browser

22.1.3. Downloaded will be store in server

22.2. b) POP3 email

22.2.1. Use Outlook, Windows

22.2.2. Access to computer

22.2.3. Downloaded will store in computer

23. Common Email Protocol

23.1. 1) MIME - Multipurpose Internet Mail Extensions used a digital certificate to trusted authority.

23.2. 3) SMTP - Simple Mail Transfer Protocol for sending emails across the internet.

23.2.1. 2)PGP - Pragmatic General Protocol used encryption program that provides cryptographic privacy and authentication for data communication.

23.3. 4) POP3- Post Office Protocol 3 used to receive emails from a server to local email client

24. Software to Protect and Encrypt e-mail

24.1. MAILVELOPE

24.2. Hushmail

24.3. I2P-BOTE

24.4. Bitmessage

24.5. Sendinc

24.6. RetroShare