tailieunhanh - Chapter 7 : WEB Security

Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction (SET) Recommended Reading and WEB Sites | Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden Henric Johnson Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction (SET) Recommended Reading and WEB Sites Henric Johnson Web Security Considerations The WEB is very visible. Complex software hide many security flaws. Web servers are easy to configure and manage. Users are not aware of the risks. Henric Johnson Security facilities in the TCP/IP protocol stack Henric Johnson SSL and TLS SSL was originated by Netscape TLS working group was formed within IETF First version of TLS can be viewed as an Henric Johnson SSL Architecture Henric Johnson SSL Record Protocol Operation Henric Johnson SSL Record Format Henric Johnson SSL Record Protocol Payload Henric Johnson Handshake Protocol The most complex part of SSL. Allows the server and client to authenticate each other. Negotiate encryption, MAC algorithm and cryptographic keys. Used before any application data are transmitted. Henric Johnson Handshake Protocol Action Henric Johnson Transport Layer Security The same record format as the SSL record format. Defined in RFC 2246. Similar to SSLv3. Differences in the: version number message authentication code pseudorandom function alert codes cipher suites client certificate types certificate_verify and finished message cryptographic computations padding Henric Johnson Secure Electronic Transactions An open encryption and security specification. Protect credit card transaction on the Internet. Companies involved: MasterCard, Visa, IBM, Microsoft, Netscape, RSA, Terisa and Verisign Not a payment system. Set of security protocols and formats. Henric Johnson SET Services Provides a secure communication channel in a transaction. Provides tust by the use of digital certificates. Ensures privacy. Henric Johnson SET Overview Key Features of SET: Confidentiality of information Integrity of data Cardholder account authentication Merchant authentication Henric Johnson SET Participants Henric Johnson Sequence of events for transactions The customer opens an account. The customer receives a certificate. Merchants have their own certificates. The customer places an order. The merchant is verified. The order and payment are sent. The merchant request payment authorization. The merchant confirm the order. The merchant provides the goods or service. The merchant requests payments. Henric Johnson Dual Signature Henric Johnson Payment processing Cardholder sends Purchase Request Henric Johnson Payment processing Merchant Verifies Customer Purchase Request Henric Johnson Payment processing Payment Authorization: Authorization Request Authorization Response Payment Capture: Capture Request Capture Response Henric Johnson Recommended Reading and WEB sites Drew, G. Using SET for Secure Electronic Commerce. Prentice Hall, 1999 Garfinkel, S., and Spafford, G. Web Security & Commerce. O’Reilly and Associates, 1997 MasterCard SET site Visa Electronic Commerce Site SETCo (documents and glossary of terms) Henric Johnson

• An ninh - Bảo mật
• WEB Security
• Secure Electronic Transaction
• network security
• information security
• security mechanisms
• security services
• security architecture
• encryption system
• Network Security Fundamentals
• Guide to Network Security Fundamentals
• Protect e mail systems
• World Wide Web vulnerabilities
• internet skills
• electronic information
• web domain name
• how to create web pages
• web programming
• web development
• web management
• documentation on Drupal 6
• Web Services Security
• Securing
• NET Web Services
• Securing Web Services
• Security Assertion
• WS Security
• XML Security
• security rules
• encryption techniques
• security techniques
• Web engineering
• Introduction to web engineering
• Web applications
• Web application development
• Web application security
• Security terminology
• Bảo mật mạng
• Email security
• Lecture Web Technology and online services
• Web Technology and online services
• Công nghệ web và dịch vụ trực tuyến
• Common Web Attacks
• documents on Web Applications
• Web Components
• Security
• General Security Concepts
• Security Concepts
• computer network security
• security awareness for teens
• hacker highschool
• làm sao để trở thành hacker
• sách học bảo mật máy tính
• web privacy
• Implementing web service security policies
• Education database system
• JSON web tokens
• Evaluate existing solutions
• The information security risk
• The education database system
• ICT 5 Web Development
• Web Techniques
• Environment variables
• Setting Response Header
• Global arrays
• Lecture Network security
• Computer network
• Computer hacking
• Internet security
• Tăng tốc lướt Web
• thủ thuật trình duyệt web
• website domain names
• website optimization
• website building
• web design
• Building a Web Site for Dummies
• Web Site
• computer engineering
• computer tips
• computer protection
• programming languages​​
• SSL Security Windows
• computer security
• google hacking
• search results
• security system
• ackers search
• vulnerabilities in website security
• web administrators
• Architecture and Security
• Secure Communications
• Cryptography
• Architecture Patterns
• Security Assessments
• Lecture notes on Computer and network security
• PHP exploits
• SQL injection
• Slowloris attack
• Cross site scripting
• Browser side exploits
• Server side cross site scripting