securing the social web by moving beyond client server
play

Securing the Social Web by Moving Beyond Client-Server Security - PDF document

Apr 23, 2023 •371 likes •448 views

QCon SF 2010 file:///home/recht/projekt/qcon/wed/Securing the w... Securing the Social Web by Moving Beyond Client-Server Security Tyler Close Google, engineer Client-Server Model Isolated clients connect to a single server. One

  1. QCon SF 2010 file:///home/recht/projekt/qcon/wed/Securing the w... Securing the Social Web by Moving Beyond Client-Server Security Tyler Close Google, engineer Client-Server Model Isolated clients connect to a single server. One identification and one possible attacker. Web Model 1 of 6 2010-11-11 19:47

  2. QCon SF 2010 file:///home/recht/projekt/qcon/wed/Securing the w... Social (email, chat, napkins, …) clients connect to many servers. One identification but many possible attackers. Web as Client-Server When used as a Client-Server model, all those extra arrows are attack vectors. Different names for different combinations: phishing, XSS, CSRF , clickjacking, … Phishing One client gives another a link to an 2 of 6 2010-11-11 19:47

  3. QCon SF 2010 file:///home/recht/projekt/qcon/wed/Securing the w... unexpected server. XSS A client gives a server content that it gives to another client. CSRF or clickjacking A server gives a client a link to an unexpected server. 3 of 6 2010-11-11 19:47

  4. QCon SF 2010 file:///home/recht/projekt/qcon/wed/Securing the w... But happy users Note the happy versus sad faces. Those other arrows aren't just attack vectors, they are also work and play vectors. Social Computing means ever more use of those other arrows. Need a different security model. Where to from here? Social Web means frequent referrals over diverse channels Requests come from complex, multi-party collaboration " Who sent this request?" is a question with no useful answer " What access has been applied?" can be tracked using explicit token passing web-key Every URL for an access controlled 4 of 6 2010-11-11 19:47

  5. QCon SF 2010 file:///home/recht/projekt/qcon/wed/Securing the w... resource carries the corresponding permission token. ./#s=4mrz4gknjpc6zi ./#s= (permission token) But what if… … accidentally send web-key for bank account Don't put valuable web-keys in harm's way Put them in the Introducer instead Web Introducer DEMO: Edit a syndicated blog post Go forth and make secure, social, killer 5 of 6 2010-11-11 19:47

  6. QCon SF 2010 file:///home/recht/projekt/qcon/wed/Securing the w... apps! http://web-send.org/ 6 of 6 2010-11-11 19:47

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Evolution of the Web 1 Client Server 2 2 / 22 1 Client Server 2 2 / 22 1 Client Server

Evolution of the Web 1 Client Server 2 2 / 22 1 Client Server 2 2 / 22 1 Client Server

E LIOM Tierless Web programming from the ground up Gabriel R ADANNE Jrme V OUILLON Vincent B ALAT Vasilis P APAVASILEIOU Evolution of the Web 1 Client Server 2 2 / 22 1 Client Server 2 2 / 22 1 Client Server DOM 2 2 / 22 1

778 views • 42 slides
Multi-Threaded Servers December 6, 2007 1 Client-Server Communication Client Client Client

Multi-Threaded Servers December 6, 2007 1 Client-Server Communication Client Client Client

Multi-Threaded Servers December 6, 2007 1 Client-Server Communication Client Client Client Client Client Client Client Client Client Google Client Client Client Client Client Client Many clients; 1 server Server starts and then

333 views • 6 slides
Services Do A for me. Sockets and Client/Server OK, heres your answer.

Services Do A for me. Sockets and Client/Server OK, heres your answer.

Services Do A for me. Sockets and Client/Server OK, heres your answer. Communication Now do B. OK, here. Client Server Jeff Chase request/response paradigm ==> client/server roles Duke University - Remote

323 views • 8 slides
Sockets and Client/Server Communication Jeff Chase Duke University Services Do A for me.

Sockets and Client/Server Communication Jeff Chase Duke University Services Do A for me.

Sockets and Client/Server Communication Jeff Chase Duke University Services Do A for me. OK, heres your answer. Now do B. OK, here. Server Client request/response paradigm ==> client/server roles - Remote

628 views • 46 slides
Interfaces as Contracts A client and a server are bound by a contract The server promises

Interfaces as Contracts A client and a server are bound by a contract The server promises

Interfaces as Contracts A client and a server are bound by a contract The server promises to do its job Defined by the postconditions As long as the client uses the server correctly Defined by the pre-conditions Bertrand Meyer

336 views • 8 slides
Socket Programming Socket Programming Srinidhi Varadarajan Client- -server paradigm server

Socket Programming Socket Programming Srinidhi Varadarajan Client- -server paradigm server

Socket Programming Socket Programming Srinidhi Varadarajan Client- -server paradigm server paradigm Client Client: applicat ion initiates contact with server t r anspor t net wor k (speaks first) dat a link physical

395 views • 20 slides
multi-platform, multi-os client/server Client/Server Communication Suppose we send data

multi-platform, multi-os client/server Client/Server Communication Suppose we send data

multi-platform, multi-os client/server Client/Server Communication Suppose we send data between clients and servers The Java stream hierarchy is a rich source of options Object streams, Data streams, Buffered Readers, Often

266 views • 3 slides
Web Security Thierry Sans Securing the web architecture means securing ... The network

Web Security Thierry Sans Securing the web architecture means securing ... The network

Web Security Thierry Sans Securing the web architecture means securing ... The network The operating system The web server ( Apache for instance) The administration server ( SSH for instance) The database ( Oracle for instance)

1.37k views • 61 slides
Binding: Connecting From Procedure to Client and Server Remote Procedure Server exports its

Binding: Connecting From Procedure to Client and Server Remote Procedure Server exports its

Binding: Connecting From Procedure to Client and Server Remote Procedure Server exports its interface Three main concerns Identifies itself to network name server Parameter passing Tells local runtime its dispatcher address Failure cases Import

115 views • 7 slides
CS 10: Problem solving via Object Oriented Programming Client/Server Agenda 1. Sockets 2.

CS 10: Problem solving via Object Oriented Programming Client/Server Agenda 1. Sockets 2.

CS 10: Problem solving via Object Oriented Programming Client/Server Agenda 1. Sockets 2. Server 3. Multithreaded server 4. Chat server 2 Sockets are a way for computers to communicate Client 1 makes connection over socket IP:

503 views • 35 slides
Server algorithms and their design many ways that a client/server can be designed each different

Server algorithms and their design many ways that a client/server can be designed each different

slide 1 gaius Server algorithms and their design many ways that a client/server can be designed each different algorithm has various benefits and problems are able to classify these algorithms by looking at the various server differences the

400 views • 25 slides
Server types concurrent, connectionless very uncommon a process is created for each

Server types concurrent, connectionless very uncommon a process is created for each

TCP week 8 5/12/02 1 Clients & Servers Client: in general, an application that initiates a peer-to-peer communication end users usually invoke client software Server: waits for incoming communication requests from a client

552 views • 7 slides
Server and Threads vanilladb.org Where are we? VanillaCore JDBC Interface (at Client Side)

Server and Threads vanilladb.org Where are we? VanillaCore JDBC Interface (at Client Side)

Server and Threads vanilladb.org Where are we? VanillaCore JDBC Interface (at Client Side) Remote.JDBC (Client/Server) Server Query Interface Tx Planner Parse Algebra Storage Interface Sql/Util Concurrency Recovery Metadata Index

787 views • 66 slides
Slow Orbit Feedback - Schematics oco Console Client Event @ 0.5Hz CDEV BPM CORBA Server

Slow Orbit Feedback - Schematics oco Console Client Event @ 0.5Hz CDEV BPM CORBA Server

Top-up Operation at the Swiss Light Source Slow Orbit Feedback - Schematics oco Console Client Event @ 0.5Hz CDEV BPM CORBA Server Event Server Server Event @ 2Hz TRACY Feedback Server Client Poll FB Log Model Server Event

208 views • 8 slides
Content Server Caching Network Client Web Server Browser Avoid Network Latency Avoid Queuing

Content Server Caching Network Client Web Server Browser Avoid Network Latency Avoid Queuing

Content Server Caching Network Client Web Server Browser Avoid Network Latency Avoid Queuing Delays at Server Cache Content Locally at client Updates? Cache Content at proxies Proxy Server Client Proxy Server Content Server Proxy

781 views • 14 slides
Distributed Processing Distributed Processing, Client/Server, and Clusters , Chapter 13

Distributed Processing Distributed Processing, Client/Server, and Clusters , Chapter 13

Distributed Processing Distributed Processing, Client/Server, and Clusters , Chapter 13 Chapter 13 1 Client/Server Computing Client/Server Computing Client machines are generally single-user PCs Cli t hi ll i l PC or

824 views • 55 slides
Authentication & Impersonation CS 161: Computer Security Prof. David Wagner February 21, 2013

Authentication & Impersonation CS 161: Computer Security Prof. David Wagner February 21, 2013

Authentication & Impersonation CS 161: Computer Security Prof. David Wagner February 21, 2013 Goals For Today Authentication A broad look at the problem of impersonation Users not interacting with what they think they are

546 views • 38 slides
PHISHI PHISHING NG AWARENESS AWARENESS Feedback on a banks strategy PTS 2019 TABLE OF

PHISHI PHISHING NG AWARENESS AWARENESS Feedback on a banks strategy PTS 2019 TABLE OF

0 2 . 0 7 . 2 0 1 9 T L P : W H I T E P A S S T H E S A L T PHISHI PHISHING NG AWARENESS AWARENESS Feedback on a banks strategy PTS 2019 TABLE OF CONTENT 1. PRESENTATION 2. SWORDPHISH GENESIS 3. TOOL OVERVIEW 4. USAGE AT SOCIT

296 views • 28 slides
Phi.sh/$oCiaL: The Phishing landscape through Short URL's 1. Introduction With the advent of

Phi.sh/$oCiaL: The Phishing landscape through Short URL's 1. Introduction With the advent of

Phi.sh/$oCiaL: The Phishing landscape through Short URL's 1. Introduction With the advent of Web 2.0 technologies, social services like Twitter, Facebook, and MySpace have emerged as popular media for information sharing; While phishing

813 views • 33 slides
Cybersecurity Solutions Jessie Pudelek Kevin Hill This manuscript has been authored by Fermi

Cybersecurity Solutions Jessie Pudelek Kevin Hill This manuscript has been authored by Fermi

FERMILAB-SLIDES-19-037-CD End-User Security: A Cornerstone of Defense-in-Depth Cybersecurity Solutions Jessie Pudelek Kevin Hill This manuscript has been authored by Fermi Research Alliance, LLC under Contract No. DE-AC02-07CH11359 with the

729 views • 28 slides
Visualization and Nonphotorealistic Rendering Adrien Treuille Carnegie Mellon Universtiy

Visualization and Nonphotorealistic Rendering Adrien Treuille Carnegie Mellon Universtiy

Visualization and Nonphotorealistic Rendering Adrien Treuille Carnegie Mellon Universtiy Saturday, February 27, 2010 Outline Visualization Non-photorealistic Rendering Cutaway Illustration Contour Drawing Good photographs.

1.02k views • 78 slides
CADTH Drug Portfolio Information Session Pharmaceutical Manufacturers, Industry Associations,

CADTH Drug Portfolio Information Session Pharmaceutical Manufacturers, Industry Associations,

CADTH Drug Portfolio Information Session Pharmaceutical Manufacturers, Industry Associations, and Consultants OCTOBER 14, 2015 Welcome ROBYN OSGOOD MODERATOR Presenters Dr. Brian ORourke President and Chief Executive Officer, CADTH

742 views • 53 slides
CSE 154 LECTURE 15: MORE PHP Arrays $name = array(); # create $name =

CSE 154 LECTURE 15: MORE PHP Arrays $name = array(); # create $name =

CSE 154 LECTURE 15: MORE PHP Arrays $name = array(); # create $name = array(value0, value1, ..., valueN); $name[index] # get element value $name[index] = value; # set element

484 views • 25 slides
Introduction R-php is an open-source project for the realization of a web-oriented statistical

Introduction R-php is an open-source project for the realization of a web-oriented statistical

Introduction Introduction R-php modules Main features of R-php Main features of R-php Software needed to install R-php Introduction R-php is an open-source project for the realization of a web-oriented statistical software. Using R via PHP:

205 views • 7 slides

More recommend