tailieunhanh - Lecture Web technology and online services: Lesson 14 - Web Security

Lecture "Web Technology and online services: Lesson 14 - Web Security" provide students with knowledge about: Overview of web security; HTTPS; Session Management; Authentication; Common Web Attacks. Please refer to the detailed content of the lecture! | IT4409 Web Technologies and e-Services Lec 14 Web Security 1 Outline 1. What is web security 2. HTTPS 3. Session Management 4. Authentication 5. Common Web Attacks 2 What is web security Website security is the act practice of protecting websites from unauthorized access use modification destruction or disruption. Mozilla Effective website security requires design effort across the whole of the website Web application Configuration of the web server Policies for creating and renewing passwords Client-side code. 3 Facts and Stats 95 of breached records came from only three industries in 2016 There is a hacker attack every 39 seconds 43 of cyber attacks target small business The average cost of a data breach in 2020 will exceed 150 million In 2018 hackers stole half a billion personal records Over 75 of healthcare industry has been infected with malware over 2018 Large-scale DDoS attacks increase in size by 500 4 Facts and Stats Approximately 6 trillion is expected to be spent globally on cybersecurity by 2021 By 2020 there will be roughly 200 billion connected devices Unfilled cybersecurity jobs worldwide will reach million by 2021 95 of cybersecurity breaches are due to human error More than 77 of organizations do not have a Cyber Security Incident Response plan Most companies take nearly 6 months to detect a data breach even major ones Share prices fall on average after a breach Total cost for cybercrime committed globally has added up to over 1 trillion dollars in 2018 5 Outline 1. What is web security 2. HTTPS 3. Session Management 4. Authentication 5. Common Web Attacks 6 HTTPS Hypertext transfer protocol secure HTTPS is the secure version of HTTP which is the primary protocol used to send data between a web browser and a website. HTTPS is encrypted in order to increase security of data transfer. This is particularly important when users transmit sensitive data such as by logging into a bank account email service or health insurance provider. 7 HTTPS