[go: up one dir, main page]
Scribd
Upload
23 views9 pages

Presentation WebSec

The document outlines the learning objectives and core concepts of web application security, emphasizing the importance of protecting web applications from various vulnerabilities and attacks. It describes web applications as software that runs on web servers and highlights common vulnerabilities such as SQL Injection and Cross Site Request Forgery. The document also mentions the use of PDFs and videos for further explanation of these vulnerabilities.

Uploaded by

rubixc71
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
23 views9 pages

Presentation WebSec

The document outlines the learning objectives and core concepts of web application security, emphasizing the importance of protecting web applications from various vulnerabilities and attacks. It describes web applications as software that runs on web servers and highlights common vulnerabilities such as SQL Injection and Cross Site Request Forgery. The document also mentions the use of PDFs and videos for further explanation of these vulnerabilities.

Uploaded by

rubixc71
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

Cyber Security by:

Web Applications Security


Web Application Security Learning Objectives

After going through our web security lessons, you
will be able to:

– Learn the core concepts of web application security


– Explore common web app vulnerabilities/exploits
– Understand common methods of threat mitigation
What is web application


A web application (or web app) is an application software
that runs on a web server.

Web applications are accessed by the user through a web
browser with an active internet connection.

These applications are programmed using a client–server
modeled structure.

Lets look at client server architecture.
Web Application Tiers

HTML/
CSS/
Bootstrap
/JS

Python
PHP
Node
Ruby

MySQL
Oracle
Postgres
etc
What is web application security


Web application security is a central component of any
web-based business.


The global nature of the Internet exposes web properties
to attack from different locations and various levels of
scale and complexity.


Web application security deals specifically with the security
surrounding websites, web applications and databases.
Example of web applications


Web applications are usually developed using
programming languages such as HTML, CSS etc


Due to increased demand in online services, web
applications as well as mobile applications have become
popular today.


They include social sites, e-commerce, company/individual
websites, content sharing sites etc.
Example of web applications


What are common web app security vulnerabilities?

Attacks against web apps range from targeted database
manipulation to large-scale network disruption.

Let’s explore some of the common methods of attack or
“vectors” commonly exploited.
– NB: Some will be shared theoretically whereas others
will be practical using manual or digital tools.
– See next slide
Vulnerabilities

We will explore;

SQL Injection
Session Management

- Failure to restrict URL Access


Broken Authentication/Authorization
Sensitive Data Exposure/ Cryptography

Cross Site Request Forgery

Security Misconfiguration
Insufficient Transport Layer Protection
Using Components with known vulnerabilities

Insufficient logging and monitoring

https://www.cloudflare.com/learning/security/what-is-web-application-security/
https://owasp.org/www-project-top-ten/
https://www.ibm.com/developerworks/library/se-owasptop10/
Info


We will use PDF and videos to explain the vulnerabilities.

You might also like