1 / 15

Web Applications Security Seminar

Web Applications Security Seminar. David Evans University of Virginia 28 August 2007. Welcome!. Brief Seminar Intro Sign Up Sheets. Do Web Applications Change Security?. No perimeters HTTP = UFBP. Dynamic Rapidly Changing Distributed State. Composed content Complex trust models

phansen
Télécharger la présentation

Web Applications Security Seminar

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Web Applications Security Seminar David Evans University of Virginia 28 August 2007

  2. Welcome! • Brief Seminar Intro • Sign Up Sheets

  3. Do Web Applications Change Security?

  4. No perimeters HTTP = UFBP

  5. Dynamic Rapidly Changing Distributed State

  6. Composed content Complex trust models Personal Information

  7. Real money from virtual actions Competition, fraud, incentives (This is a hoax)

  8. Some things don’t change? • Most Classic Security Principles Still Apply (but get much harder...) • Economy of Mechanism • Fail-safe Defaults • Complete Mediation • Open Design • Least Privilege • Psychological Acceptability • Least Common Mechanism • Separation of Privilege Saltzer & Schroeder, The Protection of Information in Computer Systems, 1973

  9. Seminar Expectations • You already know something about security • Basic understanding of cryptography (e.g., public key crypto, SSL) • System and software security • Minimal web application knowledge expected • Java, AJAX, JavaScript, PHP, Python, Ruby

  10. Seminar Meetings • Tuesdays and Thursday, 11am-12:15 • One student (with help from an assistant) will lead a presentation on a topic • All students will read focus paper(s)

  11. Leading a Topic • Topic leader and assistant • Focus paper (sometimes two) • Background and context papers, other sources, “hands-on” experience • Meet with me at least a week before your scheduled presentation • Office Hours: Mondays 10:30am, Tuesdays 12:15pm (or email to schedule other time)

  12. Pre-Presentation Meeting • Plan for your presentation • What is the main story you want to tell? • What technical nuggets are worth explaining? • What context and background information do you need? • Suggestions for the 2-3 response questions

  13. Responses • Short answers to questions about the focus paper • 3 generic questions • 1-3 specific questions • Feel free to add any additional brilliant ideas you have • Turn in (on paper) at beginning of seminar • Come prepared to the seminar to discuss the paper

  14. Projects • Goal: do something interesting and important enough to write a conference paper • Teams: alone or in a small group • Topic: anything you can convince me is relevant and worthwhile • Start thinking of ideas, finding teammates now: mini-proposal due Oct 2

  15. Questions? • Sign up on registration sheet • Sign up on schedule sheet: • One time as topic leader • One time as assistant • Don’t need to fill in topic now • Thursday: MashupOS • Response questions on website

More Related