3.0 WEB AND APPLICATION SECURITY

Get Started. It's Free
or sign up with your email address
Rocket clouds
3.0 WEB AND APPLICATION SECURITY by Mind Map: 3.0 WEB AND APPLICATION SECURITY

1. Process of giving someone permission to do or have something

2. Spam filters

3. b) CGI Operation - information may be passed to and from the browser and server

4. Advantages

4.1. Easy to use

5. b) Repudiation : Non-repudiation, logging, audit trails, digital signatures

6. iii. Trojan Horse

7. i. Viruses

8. 5) IMAP - Internet Message Access Protocol used for accesing email on a web server from a local email client

9. Application threats and countermeasure

9.1. a) Spoofing Identify : Authentication, protect keys & password

9.2. d) Elevation pf Privilege : Authorization

9.3. c) Denial of Service : Availability, access control

10. Features to secure web application

10.1. a) Authentication :

10.1.1. Process of determining whether someone is, in fact, who or what it is declared to be

10.2. b) Authorization :

10.2.1. Antivirus software

11. Threat Modeling for Web Application

11.1. 1) Identify security objective -help to focus the threat modeling activity and determine how much effort to spent on subsequent.

11.2. 2) Application Overview - itemizing application characteristics and actors help to identify relevant threat.

11.3. 3) Decompose Application - a detailed understanding of the mechanics of application to uncover more relevant and detailed threat.

11.4. 4) Identify Threats - identify threat relevant to application scenarion and context.

11.5. 5) Identify Vulnerabilities - review the layers of application to identify weakness threat and use vulnerability categories to focus areas mistakes.

12. Common Security Threats on Web

12.1. a) Threats on Client Server

12.1.1. Many computers are vulnerable to attacks (worms, viruses, Trojan horse) so on that are created by hackers, crackers, or malicious codes

12.2. b) Threats on Server Side

12.2.1. Hackers usually attack network that are not properly secured and can steal the resources on the computer

12.2.2. Data available on web server is exposed to unauthorized access

12.3. c) Network Threats

13. Client Authorization

13.1. a) Client Side Data

13.1.1. Performed by the client

13.1.2. Can be seen and edited by the user

13.1.3. Cannot read files off server directly, must communicate via HTTP requests

13.2. b) Server Side Data

13.2.1. Performed by the server

13.2.2. Cannot be seen by the user

14. Common Gateway Interface (CGI)

14.1. a) CGI Script -any program that runs on a web server.

15. Tools for web based solution

15.1. a) Stinger

15.1.1. Use to detect and remove certain viruses in the browser hijacked system

15.2. Cwshredder

15.2.1. Scan entire system and looks for hijacking in the browser

15.3. c) Microsoft Anti Spyware

15.3.1. Use to protect a windows operating system from spyware and other potentially unwanted software

16. Implement Email Security

16.1. Strong password

16.2. Encrypt message

17. How Email Works

17.1. 1) the sender uses a MUA to compose an email.

17.2. 2) the mail is sent to MTA for sending the email to the receipient' MTA.

17.3. 3) the recipient's MTA receives the email and passed it to a MDA (using POP or IMAP protocol).

17.4. 4) the recipient uses an MUA to check and retrieve messages from the MDA.

18. Advantages and Limitations of Email.

18.1. Limitations

18.1.1. Set reminders to yourself

18.1.2. Info at your fingertips

18.1.2.1. Emotional responses

18.1.3. Attachment size limits

18.1.4. Recipient limits

19. Important Elements of Email

19.1. a) MUA : Mail User Agent

19.1.1. Allow user to read and compose email message

19.2. b) MTA : Mail Transfer Agent

19.2.1. Transport email using SMTP

19.3. c) MDA : Mail Delivery Agent

19.3.1. Delivery email to a local recipient's mailbox

19.4. d) MRA : Mail Retrieval Agent

19.4.1. Fetches email from mail server

20. Differences between Web-based and POP3 email

20.1. a) Web-based email

20.1.1. Use Gmail, Yahoo

20.1.2. Access to web browser

20.1.3. Downloaded will be store in server

20.2. b) POP3 email

20.2.1. Use Outlook, Windows

20.2.2. Access to computer

20.2.3. Downloaded will store in computer

21. Email encryption and authentication

21.1. a) Encryption

21.1.1. Protects against sniffing, unsecured attachment and also spoofing

21.1.2. Use public key encryption to protect messages

21.2. b) Authentication

21.2.1. Verifies that an email is actually from the user

22. Common Email Protocol

22.1. 1) MIME - Multipurpose Internet Mail Extensions used a digital certificate to trusted authority.

22.2. 3) SMTP - Simple Mail Transfer Protocol for sending emails across the internet.

22.2.1. 2)PGP - Pragmatic General Protocol used encryption program that provides cryptographic privacy and authentication for data communication.

22.3. 4) POP3- Post Office Protocol 3 used to receive emails from a server to local email client

23. Risk Related with Email Security

23.1. a) Email Spoofing

23.2. b) Spreading Malware

23.2.1. ii. Worms

23.3. d) Email Spamming

23.4. c) Email Bombing

24. Software to Protect and Encrypt e-mail

24.1. MAILVELOPE

24.2. Hushmail

24.3. I2P-BOTE

24.4. Bitmessage

24.5. Sendinc

24.6. RetroShare