Jump to content

WebFund 2014W Lecture 15

From Soma-notes

Revision as of 18:25, 7 March 2014 by Soma (talk | contribs) (→‎Threat Models)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Web Security

Security is (roughly):

confidentiality
integrity
availability

Cryptography (SSL, secure hashes) are tools for achieving security. But they are not the only ones.

Security really matters for web applications because, by design, most are accessible by anyone in the world.

Threat Models

what are the attacker goals?
how may they achieve them?
in other words, how are you in danger? What are the risks?

There are always attacks outside of your threat model.

Attacker Goals

Points of Vulnerability

Retrieved from "https://homeostasis.scs.carleton.ca/wiki/index.php?title=WebFund_2014W_Lecture_15&oldid=18747"