Difference between revisions of "WebFund 2014W Lecture 15"
Jump to navigation
Jump to search
(Created page with "==Web Security== Security is (roughly): * confidentiality * integrity * availability Cryptography (SSL, secure hashes) are tools for achieving security. But they are not the...") |
|||
| Line 11: | Line 11: | ||
==Threat Models== | ==Threat Models== | ||
* what are the attacker goals? | |||
* how may they achieve them? | |||
* in other words, how are you in danger? What are the risks? | |||
==Attacker Goals== | ==Attacker Goals== | ||
==Points of Vulnerability== | ==Points of Vulnerability== | ||
Revision as of 14:24, 7 March 2014
Web Security
Security is (roughly):
- confidentiality
- integrity
- availability
Cryptography (SSL, secure hashes) are tools for achieving security. But they are not the only ones.
Security really matters for web applications because, by design, most are accessible by anyone in the world.
Threat Models
- what are the attacker goals?
- how may they achieve them?
- in other words, how are you in danger? What are the risks?