prev
next
out of 12

Application Level Web Security

Embed Size (px)

Citation preview

  • 8/8/2019 Application Level Web Security

    1/12

    Abstracting Application-Level Web Security

    David ScottLaboratory For Communications Engineering

    Engineering DepartmentTrumpington Street

    CambridgeCB2 1PZ

    [email protected]

    Richard SharpComputer Laboratory

    William Gates BuildingJJ Thompson Avenue

    CambridgeCB3 0FD

    [email protected]

    ABSTRACT

    Categories and Subject Descriptors

    General Terms

    Keywords

    1. INTRODUCTION

    Copyright is held by the author/owner(s). , May 711, 2002, Honolulu, Hawaii, USA.ACM 1-58113-449-5/02/0005.

    396

  • 8/8/2019 Application Level Web Security

    2/12

    2. APPLICATION-LEVEL SECURITY -

    Form Modication

    SQL Attacks

    Cross-Site Scripting

    -

    2.1 Motivation and Contributions

    397

  • 8/8/2019 Application Level Web Security

    3/12

    3. TECHNICAL DETAILS

    Security Policy Compiler

    SPDL Specification

    Security GatewayWeb Server

    Network

    Web Files

    Clients

    3.1 System Overview

    398

  • 8/8/2019 Application Level Web Security

    4/12

    -

    3.2 Security Policy Description Language

    3.4.2

    -

    399

  • 8/8/2019 Application Level Web Security

    5/12

    400

  • 8/8/2019 Application Level Web Security

    6/12

  • 8/8/2019 Application Level Web Security

    7/12

    3.4.1

    3.4.2

    3.4.1 Client-side Form Validation

    3.4.2 Message Authentication Codes

    402

  • 8/8/2019 Application Level Web Security

    8/12

    3.5 Extensions

    3.5.1 Restricting Values of Select Parameters

    3.5.2 Protecting against Server Misconguration

    4. CASE STUDY

    403

  • 8/8/2019 Application Level Web Security

    9/12

    5. GENERALISING OUR SYSTEM

    -

    H T T P - p r o x y D y n a m i c G e n e r a t i o n

    S e c u r i t y G a t e w a y

    0

    10

    20

    30

    A d d i t i o n a

    l L a

    t e n c y

    P e r - r e q u e s

    t ( m s

    )

    1 2 3 4 5 6 7 8

    Number of client machines

    0

    1

    2

    3

    4

    5

    6

    T o

    t a l T h r o u g

    h p u

    t ( M b i t s p e r s e c

    )

    404

  • 8/8/2019 Application Level Web Security

    10/12

    6. SYSTEM PERFORMANCE

    -

    405

  • 8/8/2019 Application Level Web Security

    11/12

    1 2 3 4 5 6 7 8 9 10

    Number of client machines

    0

    5

    10

    15

    20

    25

    30

    T o

    t a l T h r o u g

    h p u

    t ( M b i t s p e r s e c

    )

    7. RELATED WORK

    8. CONCLUSIONS AND FURTHER WORK

    406

  • 8/8/2019 Application Level Web Security

    12/12

    Acknowledgement

    9. REFERENCES

    407


ISA 3200 NETWORK SECURITY Chapter 7: Working with Proxy Servers & Application-Level Firewalls

ISA 3200 NETWORK SECURITY Chapter 7: Working with Proxy Servers & Application-Level Firewalls

Documents
Security Model Overview - LivePerson · 2017-02-03 · LIVEPERSON SECURITY MODEL OVERVIEW APPLICATION LEVEL SECURITY CHAT SESSION SECURITY The main service that LivePerson protects

Security Model Overview - LivePerson · 2017-02-03 · LIVEPERSON SECURITY MODEL OVERVIEW APPLICATION LEVEL SECURITY CHAT SESSION SECURITY The main service that LivePerson protects

Documents
COEN 350 IPSec, SSL, SSH,. Communication Security Decision: What Layer? Implemented at application level Application change OS does not change Implemented

COEN 350 IPSec, SSL, SSH,. Communication Security Decision: What Layer? Implemented at application level Application change OS does not change Implemented

Documents
Application-level simulation for network security · been successfully used for testing intrusion detection algorithms, conducting network security analysis, and developing overlay

Application-level simulation for network security · been successfully used for testing intrusion detection algorithms, conducting network security analysis, and developing overlay

Documents
EmpowHR EmpowHR Security Overview. 2 Application Security Administration Permission List Roles User Profiles Row level security Distributed Security Administration

EmpowHR EmpowHR Security Overview. 2 Application Security Administration Permission List Roles User Profiles Row level security Distributed Security Administration

Documents
MANAGING APPLICATION SECURITY...AN APPLICATION SECURITY PROGRAM MANAGING APPLICATION SECURITY PAGE 13 What do you use to track the effectiveness of your application security program?

MANAGING APPLICATION SECURITY...AN APPLICATION SECURITY PROGRAM MANAGING APPLICATION SECURITY PAGE 13 What do you use to track the effectiveness of your application security program?

Documents
INF3510 Information Security L12: Application Security · INF3510 Information Security L12: Application Security Audun Jøsang University of Oslo Spring 2017 . Outline • Application

INF3510 Information Security L12: Application Security · INF3510 Information Security L12: Application Security Audun Jøsang University of Oslo Spring 2017 . Outline • Application

Documents
Dual-Level Security based Cyclic18 Steganographic Method ... · Dual-Level Security based Cyclic18 Steganographic Method and its Application for Secure Transmission of Keyframes during

Dual-Level Security based Cyclic18 Steganographic Method ... · Dual-Level Security based Cyclic18 Steganographic Method and its Application for Secure Transmission of Keyframes during

Documents
Salesforce Security - Carahsoft · 2020. 1. 2. · Salesforce Security Provides Multi-layer Zones of Trust. Adaptive Flexible Security Model. Application-level Security. Infrastructure-level

Salesforce Security - Carahsoft · 2020. 1. 2. · Salesforce Security Provides Multi-layer Zones of Trust. Adaptive Flexible Security Model. Application-level Security. Infrastructure-level

Documents
P2P. Application-level overlays Focus at the application level

P2P. Application-level overlays Focus at the application level

Documents
Some topics in application level security Databases Sendmail DRM

Some topics in application level security Databases Sendmail DRM

Documents
Security at scale - OWASP · Security at scale: Web application security in a continuous deployment environment OWASP AppSec DC ... –sha1sum sensitive platform level files –Hourly/daily

Security at scale - OWASP · Security at scale: Web application security in a continuous deployment environment OWASP AppSec DC ... –sha1sum sensitive platform level files –Hourly/daily

Documents
Application-level simulation for network security - DAI-Labor

Application-level simulation for network security - DAI-Labor

Documents
Web Application Security with the Application Security Manager (ASM)

Web Application Security with the Application Security Manager (ASM)

Documents
Abstracting application-level security policy for ubiquitous computing

Abstracting application-level security policy for ubiquitous computing

Documents
Application-Level Firewall Protection Profile7 Keywords: information flow control, firewall, network security, proxy server, application gateway, protection profile 1.2 PP OVERVIEW

Application-Level Firewall Protection Profile7 Keywords: information flow control, firewall, network security, proxy server, application gateway, protection profile 1.2 PP OVERVIEW

Documents
Security from Head to Toe Security At The Application Level Damon Hart-Davis Principal Consultant Code Red

Security from Head to Toe Security At The Application Level Damon Hart-Davis Principal Consultant Code Red

Documents
1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level

1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level

Documents
Performance Characteristics of Application-level Security Protocols

Performance Characteristics of Application-level Security Protocols

Documents
Security on a New Level - origin-eu.zyxel.comorigin-eu.zyxel.com/uploads/images/ag_usg_series_2012_spring_5-000...ZyWALL USG Series Application Guide Security on a New Level The Future

Security on a New Level - origin-eu.zyxel.comorigin-eu.zyxel.com/uploads/images/ag_usg_series_2012_spring_5-000...ZyWALL USG Series Application Guide Security on a New Level The Future

Documents
Application-level simulation for network security · lized for testing intrusion detection algorithms, conducting network security analysis, and developing distributed security frameworks

Application-level simulation for network security · lized for testing intrusion detection algorithms, conducting network security analysis, and developing distributed security frameworks

Documents
Data and Application Security for Distributed Application ...candan/papers/chapterfinal.pdf · Data and Application Security for Distributed Application ... Security for Distributed

Data and Application Security for Distributed Application ...candan/papers/chapterfinal.pdf · Data and Application Security for Distributed Application ... Security for Distributed

Documents
Dynamic Application Level Security Sensors - Cyber and Information

Dynamic Application Level Security Sensors - Cyber and Information

Documents
Defending Against Application Level DoS Attacks€¦ · Defending Against Application Level DoS Attacks Roberto Suggi Liverani Security-Assessment.com . OWASP Who am I? Roberto Suggi

Defending Against Application Level DoS Attacks€¦ · Defending Against Application Level DoS Attacks Roberto Suggi Liverani Security-Assessment.com . OWASP Who am I? Roberto Suggi

Documents
Application Guidance - CCP Security and … · October 2015 Issue No:1.1 Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level

Application Guidance - CCP Security and … · October 2015 Issue No:1.1 Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level

Documents
UNIT V Address Translation-application level proxies-VPN ...€¦ · Address Translation-application level proxies-VPN- ideal firewall. INTERNET SECURITY 5.1 THE INTERNET – UNDERSTANDING

UNIT V Address Translation-application level proxies-VPN ...€¦ · Address Translation-application level proxies-VPN- ideal firewall. INTERNET SECURITY 5.1 THE INTERNET – UNDERSTANDING

Documents
Extend Enterprise Application-level Security to Your AWS Environment

Extend Enterprise Application-level Security to Your AWS Environment

Technology
NGSEC Web Application Security Game 1€¦ · Learn Security Online, Inc. © NGSEC Web Application Security Game 1 Level 1

NGSEC Web Application Security Game 1€¦ · Learn Security Online, Inc. © NGSEC Web Application Security Game 1 Level 1

Documents
GL Pricelist - Godrej Locking Solutions and Systems ... Security Level 5 Advanced Electronic Security GodreiSecurity Level 4 Elite Security ULTRA Exs Godrej Security Level 3 Security

GL Pricelist - Godrej Locking Solutions and Systems ... Security Level 5 Advanced Electronic Security GodreiSecurity Level 4 Elite Security ULTRA Exs Godrej Security Level 3 Security

Documents
The SecuriTy TeSTing improvemenTS profile (STip)...Dynamic Application Security Testing Automated Model-based security testing At this level, security test engineers define and execute

The SecuriTy TeSTing improvemenTS profile (STip)...Dynamic Application Security Testing Automated Model-based security testing At this level, security test engineers define and execute

Documents