Security for the Web

2/18/00


Click here to start


Table of Contents

Security for the Web

What is Security?

Confidentiality

Integrity

Availability

Who is the Enemy?

General Principles

Security and the Web

Server Security

Server Implementation

Configuration Files

Locking Down the Server

CGI Scripts

Don’t Believe Input

Example: Buggy “Mail” Script

Example: Buffer Overflow

Example: “Hidden” Fields

Example: User Misbehavior

Client Problems

Active Content

Java

ActiveX

Javascript

Cryptography From 30,000 Feet

Public Key Cryptography

Cryptographic Protocols

Cryptography and the Web

Are Certificates Useful?

Is Crypto Useful on the Web?

Authentication on the Web

Cookies

Tracking Users

Firewalls

Firewalls and the Web

How to Use Firewalls

The Web, Firewalls, and Databases

Protecting Databases on the Web

The Wrong Choice

Protect the Valuable Data

Other Channels

Limitations of Firewalls

References

Author: Bellovin/Finger

Email: smb@research.att.com

Home Page: http://www.research.att.com/~smb

Download presentation source