1. iii. Trojan Horse
2. i. Viruses
3. Threat Modeling for Web Application
3.1. 1) Identify security objective -help to focus the threat modeling activity and determine how much effort to spent on subsequent.
3.2. 2) Application Overview - itemizing application characteristics and actors help to identify relevant threat.
3.3. 3) Decompose Application - a detailed understanding of the mechanics of application to uncover more relevant and detailed threat.
3.4. 4) Identify Threats - identify threat relevant to application scenarion and context.
3.5. 5) Identify Vulnerabilities - review the layers of application to identify weakness threat and use vulnerability categories to focus areas mistakes.
4. Common Security Threats on Web
4.1. a) Threats on Client Server
4.1.1. Many computers are vulnerable to attacks (worms, viruses, Trojan horse) so on that are created by hackers, crackers, or malicious codes
4.2. b) Threats on Server Side
4.2.1. Hackers usually attack network that are not properly secured and can steal the resources on the computer
4.2.2. Data available on web server is exposed to unauthorized access
4.3. c) Network Threats
5. Client Authorization
5.1. a) Client Side Data
5.1.1. Performed by the client
5.1.2. Can be seen and edited by the user
5.1.3. Cannot read files off server directly, must communicate via HTTP requests
5.2. b) Server Side Data
5.2.1. Performed by the server
5.2.2. Cannot be seen by the user
6. Tools for web based solution
6.1. a) Stinger
6.1.1. Use to detect and remove certain viruses in the browser hijacked system
6.2. Cwshredder
6.2.1. Scan entire system and looks for hijacking in the browser
6.3. c) Microsoft Anti Spyware
6.3.1. Use to protect a windows operating system from spyware and other potentially unwanted software
7. How Email Works
7.1. 1) the sender uses a MUA to compose an email.
7.2. 2) the mail is sent to MTA for sending the email to the receipient' MTA.
7.3. 3) the recipient's MTA receives the email and passed it to a MDA (using POP or IMAP protocol).
7.4. 4) the recipient uses an MUA to check and retrieve messages from the MDA.
8. Important Elements of Email
8.1. a) MUA : Mail User Agent
8.1.1. Allow user to read and compose email message
8.2. b) MTA : Mail Transfer Agent
8.2.1. Transport email using SMTP
8.3. c) MDA : Mail Delivery Agent
8.3.1. Delivery email to a local recipient's mailbox
8.4. d) MRA : Mail Retrieval Agent
8.4.1. Fetches email from mail server
9. Email encryption and authentication
9.1. a) Encryption
9.1.1. Protects against sniffing, unsecured attachment and also spoofing
9.1.2. Use public key encryption to protect messages
9.2. b) Authentication
9.2.1. Verifies that an email is actually from the user
10. Risk Related with Email Security
10.1. a) Email Spoofing
10.2. b) Spreading Malware
10.2.1. ii. Worms
10.3. d) Email Spamming
10.4. c) Email Bombing
11. Process of giving someone permission to do or have something
12. Spam filters
13. b) CGI Operation - information may be passed to and from the browser and server
14. Advantages
14.1. Easy to use
15. b) Repudiation : Non-repudiation, logging, audit trails, digital signatures
16. 5) IMAP - Internet Message Access Protocol used for accesing email on a web server from a local email client
17. Application threats and countermeasure
17.1. a) Spoofing Identify : Authentication, protect keys & password
17.2. d) Elevation pf Privilege : Authorization
17.3. c) Denial of Service : Availability, access control
18. Features to secure web application
18.1. a) Authentication :
18.1.1. Process of determining whether someone is, in fact, who or what it is declared to be
18.2. b) Authorization :
18.2.1. Antivirus software
19. Common Gateway Interface (CGI)
19.1. a) CGI Script -any program that runs on a web server.
20. Implement Email Security
20.1. Strong password
20.2. Encrypt message
21. Advantages and Limitations of Email.
21.1. Limitations
21.1.1. Set reminders to yourself
21.1.2. Info at your fingertips
21.1.2.1. Emotional responses
21.1.3. Attachment size limits
21.1.4. Recipient limits
22. Differences between Web-based and POP3 email
22.1. a) Web-based email
22.1.1. Use Gmail, Yahoo
22.1.2. Access to web browser
22.1.3. Downloaded will be store in server
22.2. b) POP3 email
22.2.1. Use Outlook, Windows
22.2.2. Access to computer
22.2.3. Downloaded will store in computer
23. Common Email Protocol
23.1. 1) MIME - Multipurpose Internet Mail Extensions used a digital certificate to trusted authority.
23.2. 3) SMTP - Simple Mail Transfer Protocol for sending emails across the internet.
23.2.1. 2)PGP - Pragmatic General Protocol used encryption program that provides cryptographic privacy and authentication for data communication.