Web Security

Lecturer : MSc.Nguyn Duy

Email : duyn@uit.edu.vn

Outline
1

Overview HTTP & Web Application

Web Security Threats

33

Secure Socket Layer

44

Web Security Process

Nguyn Duy

Network Security

Outline
1

Overview HTTP & Web Application

Web Security Threats

33

Secure Socket Layer

44

Web Security Process

Nguyn Duy

Network Security

Overview HTTP
Web page consists of objects
Object can be HTML file, JPEG image, Java
applet, audio file,
Web page consists of base HTML-file which
includes several referenced objects
Each object is addressable by a URL
Example URL:
www.uit.edu.vn/someDept/pic.gif
host name
Nguyn Duy

path name
Network Security

Overview HTTP
HTTP: hypertext transfer protocol
Webs application layer protocol
Client/Server model
client: browser that requests, receives, displays
Web objects
server: Web server sends objects in response to
requests

HTTP 1.0: RFC 1945

HTTP 1.1: RFC 2068
Nguyn Duy

Network Security

Overview HTTP

PC running
Explorer

Server
running
Apache Web
server
Mac running
Navigator

Nguyn Duy

Network Security

Overview HTTP
Use TCP
client initiates TCP connection (creates socket) to
server, port 80
server accepts TCP connection from client
HTTP messages (application-layer protocol messages)
exchanged between browser (HTTP client) and Web
server (HTTP server)
TCP connection closed

HTTP is stateless
Nguyn Duy

Network Security

HTTP Connection
Nonpersistent HTTP
Persistent HTTP
At most one object Multiple objects can
is sent over a TCP
be sent over single TCP
connection.
connection between
client and server.
HTTP/1.0 uses
nonpersistent HTTP HTTP/1.1 uses
persistent connections
in default mode
Nguyn Duy

Network Security

Non-persistent HTTP
(contains text,
references to 10
jpeg images)

Suppose user enters URL:

www.uit.edu.vn/someDepartment/home.index
1a. HTTP client initiates TCP connection
to HTTP server (process) at
www.someSchool.edu on port 80

1b. HTTP server at host

www.someSchool.edu waiting
for TCP connection at port 80.
accepts connection, notifying
client

2. HTTP client sends HTTP request

message (containing URL) into TCP

connection socket. Message
indicates that client wants object
someDepartment/home.index

3. HTTP server receives request

message, forms response message

containing requested object, and
sends message into its socket

time
Nguyn Duy

Network Security

Non-persistent HTTP (cont.)

4. HTTP server closes TCP connection.
5. HTTP client receives response

message containing html file,

displays html. Parsing html file,
finds 10 referenced jpeg objects

time 6. Steps 1-5 repeated for each of 10

jpeg objects

Nguyn Duy

Network Security

10

Persistent HTTP
Nonpersistent HTTP issues:
requires 2 RTTs per object
OS overhead for each TCP
connection
browsers often open parallel TCP
connections to fetch referenced
objects
Persistent HTTP
server leaves connection open
after sending response
subsequent HTTP messages
between same client/server sent
over open connection

Nguyn Duy

Persistent without pipelining:

client issues new request only
when previous response has
been received
one RTT for each referenced
object
Persistent with pipelining:
default in HTTP/1.1
client sends requests as soon as
it encounters a referenced
object
as little as one RTT for all the
referenced objects

Network Security

11

HTTP message
Two types of HTTP messages: request, response
HTTP request message:
request line
(GET, POST,
HEAD commands)
header
lines
Carriage return,
line feed
indicates end
of message
Nguyn Duy

GET /somedir/page.html HTTP/1.1

Host: www.someschool.edu
User-agent: Mozilla/4.0
Connection: close
Accept-language:fr
(extra carriage return, line feed)

Network Security

12

HTTP message
HTTP response message:
status line
(protocol
status code
status phrase)
header
lines

data, e.g.,
requested
HTML file

Nguyn Duy

HTTP/1.1 200 OK
Connection close
Date: Thu, 06 Aug 1998 12:00:15 GMT
Server: Apache/1.3.0 (Unix)
Last-Modified: Mon, 22 Jun 1998 ...
Content-Length: 6821
Content-Type: text/html
data data data data data ...

Network Security

13

Overview Web Application

Nguyn Duy

Network Security

14

How Web Application work?

Nguyn Duy

Network Security

15

Web Application Architecture

Nguyn Duy

Network Security

16

Outline
1

Overview HTTP

Web Security Threats

33

Secure Socket Layer

44

Web Security Process

Nguyn Duy

Network Security

17

Web Security Threats

Nguyn Duy

Network Security

18

Web Security Threats

Nguyn Duy

Network Security

19

Web Security Threats

Nguyn Duy

Network Security

20

Web Security Threats

1

Cross Site Scripting

Session Hijacking

33

SQL Injection

44

Denial of Service

35

Hacking Web Server

Nguyn Duy

Network Security

21

Web Security Threats

1

Cross Site Scripting

Session Hijacking

33

SQL Injection

44

Denial of Service

35

Hacking Web Server

Nguyn Duy

Network Security

22

How XSS attack work

Nguyn Duy

Network Security

23

Cross Site Scripting

Nguyn Duy

Network Security

24

Cross Site Scripting

Nguyn Duy

Network Security

25

Cross Site Scripting

Nguyn Duy

Network Security

26

Cross Site Scripting

Nguyn Duy

Network Security

27

Cross Site Scripting

Nguyn Duy

Network Security

28

Web Security Threats

1

Cross Site Scripting

Session Hijacking

33

SQL Injection

44

Denial of Service

35

Hacking Web Server

Nguyn Duy

Network Security

29

Cross Site Scripting

Nguyn Duy

Network Security

30

Cross Site Scripting

Nguyn Duy

Network Security

31

Cross Site Scripting

Nguyn Duy

Network Security

32

Cross Site Scripting

Nguyn Duy

Network Security

33

Cross Site Scripting

Nguyn Duy

Network Security

34

Cross Site Scripting

Nguyn Duy

Network Security

35

Cross Site Scripting

Nguyn Duy

Network Security

36

Cross Site Scripting

Nguyn Duy

Network Security

37

Cross Site Scripting

Nguyn Duy

Network Security

38

Cross Site Scripting

Nguyn Duy

Network Security

39

Web Security Threats

1

Cross Site Scripting

Session Hijacking

33

SQL Injection

44

Denial of Service

35

Hacking Web Server

Nguyn Duy

Network Security

40

What is SQL Injection

Nguyn Duy

Network Security

41

What is SQL Injection

Nguyn Duy

Network Security

42

Cross Site Scripting

Nguyn Duy

Network Security

43

Cross Site Scripting

Nguyn Duy

Network Security

44

Cross Site Scripting

Nguyn Duy

Network Security

45

Cross Site Scripting

Nguyn Duy

Network Security

46

Cross Site Scripting

Nguyn Duy

Network Security

47

Web Security Threats

1

Cross Site Scripting

Session Hijacking

33

SQL Injection

44

Denial of Service

35

Hacking Web Server

Nguyn Duy

Network Security

48

Cross Site Scripting

Nguyn Duy

Network Security

49

Cross Site Scripting

Nguyn Duy

Network Security

50

Cross Site Scripting

Nguyn Duy

Network Security

51

Web Security Threats

1

Cross Site Scripting

Session Hijacking

33

SQL Injection

44

Denial of Service

35

Hacking Web Server

Nguyn Duy

Network Security

52

Cross Site Scripting

Nguyn Duy

Network Security

53

Cross Site Scripting

Nguyn Duy

Network Security

54

Outline
1

Overview HTTP

Web Security Threats

33

Secure Socket Layer

44

Web Security Process

Nguyn Duy

Network Security

55

Security facilities in the TCP/IP

Nguyn Duy

Network Security

56

SSL Architecture

Nguyn Duy

Network Security

57

SSL Record Protocol Operation

Nguyn Duy

Network Security

58

SSL Record Format

Nguyn Duy

Network Security

59

Handshake Protocol
The most complex part of SSL.
Allows the server and client to authenticate
each other
Negotiate encryption, MAC algorithm and
cryptographic keys
Used before any application data are
transmitted

Nguyn Duy

Network Security

60

Handshake Protocol Action

Nguyn Duy

Network Security

61

Outline
1

Overview HTTP

Web Security Threats

33

Secure Socket Layer

44

Web Security Process

Nguyn Duy

Network Security

62

Web Security Process

Nguyn Duy

Network Security

63

Question ???