LECTURE 5 (10 August 2009)
In this lecture I learn about Operating System Security. This lecture cover level of protection, method that use for memory protection, how to threats that damage the authentication process and encrypted password file. In operating system we use Segmentation as a security method.
There are level of protection
• No protection
• Isolation
• Share all or share nothing
• Share via access limitation
• Share by capabilities
• Limit use of an object
• Granularity of protection
Method use for memory protection
• Fence
• Relocation
• Base / bound register
• Tagged architecture
• Segmentation
• Paging
• Paging combined with segmentation
Threat that damage the authentication process
• Spoofing
• Eavesdropping
• Modification
• Masquerading
Encrypted password file
• Conventional encryption
• One way cipher
• Salted password (UNIX)
LAB 5 (11 August 2009)
Topic of this lab is Web Application Security. In this lab, I must know to describe the flaw of web application and how it is exploited. Besides that, I also have to exploit the web vulnerabilities. After that, I need to list prevention method that can be taken to overcome web application vulnerabilities.
Web application
An application that can be accessed using a web browser over a network, either the Internet or within the Local Area Network. It is developed using browser-supported language such as HTML, JavaScript, PHP, ASP and etc. The script produced is then rendered by common web browser. Web application let user to access application or system anywhere and at any time provided the user is connected to a network connection and there is a web browser installed on the machine.
This ease of usage makes webapp popular among Internet user. Moreover the ability to update and maintain web applications without distributing and installing software on potentially thousands of client computers contribute to the popularity of the webapp. Nowadays webapp is used for accessing mail, online banking, online shopping, online reservation, wikis and many other functions.
WebGoat
Simulation toolkit used to demonstrate how we can exploit the vulnerabilities of a poorly design web application.
WebScarab
Tool for everyone who need to expose the working of an HTTP(S) based application, whether to allow the developer to debug otherwise difficult problems, or to allow a security specialist to identify vulnerabilities in the way that application has been designed or implemented.
No comments:
Post a Comment