Are you looking to learn web development but don't know where to start? Do you struggle to keep track of all the different languages, frameworks, and tools that are used in web development? Look no further! Our web development notes have got you covered.
Our comprehensive notes cover all the ess...
Southern Alberta Institute of Technology (SAIT
)
Web Programming
CPRG 213A
All documents for this subject (12)
Seller
Follow
arshshops24
Content preview
Web Security
Chapter 11. Basic Issues in Web
Security
Table of Contents
Objectives 1
11.1 Introduction to Web Security................................................................................................................. 1
11.1.1 Why the Internet is Insecure? ..................................................................................................... 1
11.1.2 Why make information secure? ................................................................................................... 2
11.2 Common vulnerabilities ........................................................................................................................ 2
11.2.1 SQL Injection ............................................................................................................................... 2
11.2.2 Buffer Overflow ........................................................................................................................... 3
11.2.3 Sensitive Data Exposure .............................................................................................................. 3
11.2.4 Broken Authentication and Session Management........................................................................ 3
11.2.5 Security Misconfiguration............................................................................................................ 3
11.3 Web Security Solutions ......................................................................................................................... 3
11.3.1 HTTPS 3
11.3.2 Certificates ................................................................................................................................... 4
11.3.3 Encryption .................................................................................................................................... 4
11.4 Discussion ............................................................................................................................................. 4
Objectives
At the end of this chapter you will be able to:
• Understand the need for web security;
• Understand some of the common web security vulnerabilities; and
• Understand some of the web security solutions.
11.1 Introduction to Web Security
When information transmitted over the web, not only does the data have reach its destination, but it needs to arrive
intact and uncorrupted (integrity), and other people should be prevented from seeing it (confidentiality). The
nature of the Internet makes directing information to reach its destination relatively trivial, but ensuring its
integrity and confidentiality is more difficult. Fortunately, encryption algorithms have made both integrity and
confidentiality feasible. Additionally, users like to know that the information they receive is genuine
(authentication) and that the sender of the information cannot deny that they sent it (non-repudiation).
The web is an interconnection of networks. Everybody uses the Internet to transfer data and that the data has
value (and cost), and so it is a subject to theft. Types of information that are stolen include personal user's
information, commercial or technical data (including commercial secrets and intellectual property), or even
security and military information. Leaking of such information can stay undiscovered for months, if not years,
doing damage to people that sent information and also to third parties.
11.1.1 Why the Internet is Insecure?
One of the main reasons for such vulnerabilities is the fact that web application developers are often not very well
versed with secure programming techniques. As a result, security of the application is not necessarily one of the
design goals. This is exacerbated by the rush to meet deadlines in the fast-moving e-commerce world.
The Internet is a packet-passing network, and so information sent from one machine to another passes through
1
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller arshshops24. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $20.49. You're not tied to anything after your purchase.