Security for the Web
What is Security?
Confidentiality
Integrity
Availability
Who is the Enemy?
General Principles
Security and the Web
Server Security
Server Implementation
Configuration Files
Locking Down the Server
CGI Scripts
Don’t Believe Input
Example: Buggy “Mail” Script
Example: Buffer Overflow
Example: “Hidden” Fields
Example: User Misbehavior
Client Problems
Active Content
Java
ActiveX
Javascript
Cryptography From 30,000 Feet
Public Key Cryptography
Cryptographic Protocols
Cryptography and the Web
Are Certificates Useful?
Is Crypto Useful on the Web?
Authentication on the Web
Cookies
Tracking Users
Firewalls
Firewalls and the Web
How to Use Firewalls
The Web, Firewalls, and Databases
Protecting Databases on the Web
The Wrong Choice
Protect the Valuable Data
Other Channels
Limitations of Firewalls
References
Email: smb@research.att.com
Home Page: http://www.research.att.com/~smb
Download presentation source