nach oben

Erschienen in:

2023 | OriginalPaper | Buchkapitel

9. World Wide Web Security

verfasst von : Seth James Nielson

Erschienen in: Discovering Cybersecurity

Verlag: Apress

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The Internet and the World Wide Web have specific security needs and challenges, many of which relate to how applications are built on top of the original stateless HTTP protocol. We will examine these issues and the many solutions that address them.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Classical Network Security Technology

Nächstes Kapitel Overlay Security: Email and Social Media

A URI is technically a broader term than URL, and in some circumstances, the differences might be important. However, in most circumstances, they are used interchangeably.

There is also a brief overview of HTTP in Appendix C if you want to review how it interacts with other network protocols such as TCP and IP.

There are a couple of minor components that tie the two pieces together. For example, the URL in the HTTP request method must match the Common Name in the certificate sent back by the web server. But all of the HTTP request methods (e.g., GET and POST requests) and responses (e.g., 200 and 404 responses) work exactly the same.

In many cases, an eavesdropper could figure out the domain from the destination IP address that is unencrypted. However, sometimes more than one host name is associated with an IP address, and this extension leaks which of the host names the client is connecting to.

Web developers that work with both the frontend and backend are called full-stack developers.

Duo auth API.

Owasp security knowledge framework.

Owasp top ten.

Software assurance maturity model.

Ssl/tls strong encryption: How-to.

10.

Wstg—stable.

24.

CVE-2022-45808. 11 2022.

56.

Berners-Lee, T. 1996. WWW: Past, present, and future. Computer 29(10): 69–77.CrossRef

87.

Curry, S. 2019. Cracking my windshield and earning $10,000 on the tesla bug bounty program.

95.

Dotzon, C. 2019. Practical Cloud Security: A Guide for Secure Design and Deployment. Sebastopol: O’Reilly Media.

108.

FingerpringJS, Inc. Frequently asked questions.

129.

Hauk, C. 2023. What is browser fingerprinting? How it works and how to stop it. Pixel Privacy.

135.

Hoglund, G., and G. McGraw. 2004. Exploiting Software. Addison-Wesley Professional.

137.

Howard, M., D. LeBlanc, and J. Viega. 2009. 24 Deadly Sins of Software Security. McGraw-Hill.

205.

Peterson, L.L., and B.S. Davie. 2021. Computer Networks, 6th ed. Morgan Kaufmann.MATH

217.

Rice, L. 2020. Container Security: Fundamental Technology Concepts That Protect Containerized Applications. Sebastopol: O’Reilly Media.

218.

Ristic I., et al. 2006. Web application firewall evaluation criteria. Technical report, Web Application Security Consortium.

237.

Seitz, J., and T. Arnold. 2021. Black Hat Python: Python Programming for Hackers and Pentesters, 2nd ed. No Starch Press.

255.

Stuttard, D., and M. Pinto. 2011. The Web Application Hacker’s Handbook: Finding and Exploiting Security, 2nd ed. Wiley.

264.

Toulas, B. 2023. 75k wordpress sites impacted by critical online course plugin flaws. Bleeping Computer. www.bleepingcomputer.com/news/security/75k-wordpress-sites-impacted-by-critical-online-course-plugin-flaws/.

265.

Tracy, M., W. Jansen, K. Scarfone, and T. Winograd. 2007. Guidelines on securing public web servers. Special Publication (NIST SP) 800-44r2, National Institute of Standards and Technology, Gaithersburg.

272.

Vehent, J. 2018. Securing DevOps: Security in the Cloud. Shelter Island/New York: Manning Publications Co.

283.

Wilson, Y., and A. Hingnikar. 2022. Solving Identity Management in Modern Applications: Demystifying OAuth 2.0, OpenID Connect, and SAML 2, 2nd ed. Apress.

284.

Wiseman, B. 2017. Page not found: A brief history of the 404 error.

287.

Yaworski, P. 2019. Real-World Bug Hunting: A Field Guide to Web Hacking. No Starch Press.

Titel: World Wide Web Security
verfasst von: Seth James Nielson
Verlag: Apress
Buch: Discovering Cybersecurity
Print ISBN: 978-1-4842-9559-5

Electronic ISBN: 978-1-4842-9560-1

Copyright-Jahr: 2023
DOI: https://doi.org/10.1007/978-1-4842-9560-1_9

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner