The World Wide Web is used to carry out fraud, identity theft, malware downloads, and direct attacks on computers. This tutorial gives an overview of threats and defenses related to the World Wide Web which should concern all Internet users. The tutorial is organized into four major parts. After a short introduction, the first major part covers the protocols and technologies underlying the Web. These technologies allow the Web to be dynamic and powerful, but expose servers and clients to risks. The second major part describes threats to TCP/IP connections between clients and servers, and cryptographic means to protect connections at the IP and transport layers. The third major part describes threats to Web servers and defensive methods to protect servers. The fourth major part discusses threats to Web browsers and available security measures on the client side. The tutorial concludes with several observations about current trends and open issues.
Outline:
1. Introduction
2. Web protocols and technologies
- HTML, URLs, HTTP, cookies, Java, ActiveX, Javascript, VBScript, CGI
3. Secure communications
- Cryptography, RSA, signatures, certificates, SSL/TLS, IPSec, DNSSEC
4. Web server security
- Data loss, password attacks, cookie reuse, exploits, malware, input attacks, DoS, denial of service, server defenses
5. Web browser security
- Threats to privacy, cookies, web bugs, spyware, phishing, browser exploits, malware
6. Conclusions and open issues
Part Number and Titles
Preview: 5 min 33 s, 7 slides
Part 1: 25 min 2 s, 28 slides
Part 2: 26 min 22 s, 30 slides
Part 3: 30 min 41 s, 44 slides
Part 4: 34 min 00 s, 26 slides
Part 5: 22 min 44 s, 21 slides
Part 6: 19 min 46 s, 31 slides
Part 7: 20 min 17 s, 33 slides
Total Presentation Time
3 hr 4 min 25 s (including preview)
Total Number of Slides
220
.gif){kind=spacer}
.gif){kind=spacer}
Available for purchase at US$200 for Communications Society Members and US$250 for Non-Members.