Download Web Security PowerPoint Presentation

Iframe embed code :

<iframe src='https://www.slidesfinder.com/embedpresentation/MzYzOQ==' width='630' height='570' frameborder='0' marginwidth='0' marginheight='0' scrolling='no' allowfullscreen></iframe>

Presentation url :

Home / Computers & Web / Computers & Web Presentations / Web Security PowerPoint Presentation

Web Security PowerPoint Presentation

PowerPoint is the world's most popular presentation software which can let you create professional Web Security powerpoint presentation easily and in no time. This helps you give your presentation on Web Security in a conference, a school lecture, a business proposal, in a webinar and business and professional representations.

The uploader spent his/her valuable time to create this Web Security powerpoint presentation slides, to share his/her useful content with the world. This ppt presentation uploaded by picworld in Computers & Web ppt presentation category is available for free download,and can be used according to your industries like finance, marketing, education, health and many more.

About This Presentation

picworld

Description : The purpose of web security is to prevent your system sorts of attacks. Find this web security powerpoint presentation to know more.

Published on : Mar 20, 2018
Views : 2955 | Downloads : 7

Download Now

Share on Social Media

Web Security Presentation Transcript

Slide 1 -

Web Security

Slide 2 -

HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password before they are allowed access to certain URLs HTTP/1.1 requires that when a user makes a request for a protected resource the server responds with a authentication request header WWW-Authenticate contains enough pertinent information to carry out a “challenge-response” session between the user and the server Web Server Client Client requests a protected resource Server responds with a 401 (not authorized and a challenge request for the client to authenticate

Slide 3 -

Client Response Well established clients like Firefox, Internet Explorer …. will respond to the challenge request (WWW-Authenticate) by presenting the user with a small pop-up window with data entry fields for userid password a Submit button and a Cancel button entering a valid userid and password will post the data to the server, the server will attempt authentication and if authenticated will serve the originally requested resource.

Slide 4 -

WWW-Authenticate The authentication request received by the browser will look something like: WWW-Authenticate = Basic realm=“defaultRealm” Basic indicates the HTTP Basic authentication is requested realm indicates the context of the login realms hold all of the parts of security puzzle Users Groups ACLs (Access Control Lists) Basic Authentication userid and password are sent base 64 encoded (might as well be plain text) hacker doesn’t even need to unencode all he has to do is “replay” the blob of information he stole over and over ( this is called a “replay attack”)

Slide 5 -

WWW - Authenticate Digest Authentication attempts to overcome the shortcomings of Basic Authentication WWW-Authenticate = Digest realm=“defaultRealm” nonce=“Server SpecificString” see RFC 2069 for description of nonce, each nonce is different the nonce is used in the browser in a 1-way function (MD5, SHA-1….) to encode the userid and password for the server, this function essentially makes the password good for only one time Common browsers don’t use Digest Authentication but an applet could as an applet has access to all of the Java Encryption classes needed to create the creation of a Digest.

Slide 6 -

WWW-Authenticate Secure Sockets Layer (SSL) Invented by Netscape and made public domain for everyone’s use An additional layer to the TCP/IP stack that sits between the Application and Transport layers ensures that all application data is encrypted but TCP/IP headers are not usually run on port 443 (default HTTPS port) Public Key Cryptography owner of a private key sends a public key to all who want to communicate with him (keys are both prime factors of a large (1024 bit) number). Owner keeps the private key secret and uses it to decrypt information sent to him that has been encrypted with the public-key RSA algorithm is most notable public-key cipher algorithm Digital Certificates issued by a disinterested third party (ex. Verisign) the Certificate contains the public-key for the specific Web Server and a digital signature of the certifying authority

Slide 7 -

Back to SSL Once a secure session is established the source requests the destinations certificate ( sent in the http header (uncncrypted)) once the source accepts the authenticity of the certificate it uses the public-key from the certificate to encrypt the generated session key for protecting the conversation between the source and destination. Session is encrypted using a symmetric cipher (slow) conversation is encrypted using an asymmetric cipher (fast) its done this way to speed up overall communications, strong encryption (slow) is used as little as possible while weaker encryption is used for most exchanges actual cipher algorithms are negotiated on a per-session basis

Slide 8 -

Java Cryptographic Packages Separate packages that are now included as part of JDK JCE - Java Cryptography classes JSSE - Java Secure Sockets Extension JAAS - Java Authentication and Authorization Services Java GSS API - Java Generic Security Services API Java Certification Path API

Slide 9 -

JCE JCE covers encryption and decryption symmetric bulk encryption, such as DES, RC2, and IDEA Symmetric stream encryption, such as RC4 Asymmetric encryption, such as RSA Password-based encryption (PBE) key agreement Message Authentication Code (MAC) Strong Cryptography is the default unlimited is available (depending on export restrictions)

Slide 10 -

JSSE Provides support for communications using SSL (Secure Sockets Layer) and TLS (Transport Layer Security) commonly thought of as HTTPS part of javax.net SSL (and thus HTTPS) permits encrypted traffic to be exchanged between the client and server. After an SSL client initiates a conversation with an SSL server, the server sends an X.509 certificate back to the client for authentication. The client then checks the validity of the certificate. Assuming the server is verified, the client generates a premaster secret key, encrypts it with the server's public key from the certificate, and sends the encrypted key back to the server. From this premaster key, the client and server generate a master key for the session. After some basic handshaking, the encrypted exchange can commence. The JSSE library hides these inner workings of the SSL protocol from you.

Slide 11 -

JAAS JAAS provides for the authentication of users and the authorization of tasks based upon that authentication Previously, anyone authenticated had access to the same security restrictions. Now, you can control what tasks are available for a specific authenticated user requires modification of security policies

Slide 12 -

Java GSS-API adds Kerberos V5 support to the Java platform. Kerberos originated at the Massachusetts Institute of Technology (MIT) as project Athena back in 1987. Essentially, a network authentication protocol. Defined in RFC 1510 from 1993 biggest draw is not having to send passwords over the net. offers single sign-on within one domain -- if everything within the domain has been Kerberos-enabled. support is also provided for single sign-on across different security realms over a network. Used in conjunction with JAAS, once a user's identity is established, future authentication requests are no longer necessary.

Slide 13 -

Java Certification Path API Certification Path API provides classes for building and validating certificate chains, an important requirement of a Public Key Infrastructure (PKI). These certificates provide for the storage of security keys for users. By trusting the issuer of a certificate that holds the keys, and trusting the issuer of the certificate that trusts the original certificate, you establish chains of trust Building and validating certification paths is an important part of many standard security protocols, such as SSL/TLS, Secure/MIME (S/MIME), and IP Security (IPsec).

Frequently Asked Questions

> About SlidesFinder?

Slidesfinder is a website that allows users to upload and share their PowerPoint presentations online. It provides a platform for individuals and businesses to share their ideas and knowledge through presentations, and for others to view and download these presentations for educational or professional purposes.
Slidesfinder offers a wide range of presentation topics and categories, including business, education, science, technology, health, and more. Users can also search for presentations using keywords, tags, or by category. The website provides tools to create professional presentations with rich media, animations, and graphics.

One of the key features of Slidesfinder is its user-friendly interface, which allows users to easily upload, view, and share presentations. Users can also embed their presentations in their websites or blogs using the website's embed code feature.
Slidesfinder also offers premium services, such as the ability to create private presentations and to download presentations in high-quality formats. However, the basic features of Slidesfinder are free to use, making it accessible to anyone who wants to share their ideas and knowledge through presentations.

> How do I register with SlidesFinder?

Go to registration page (you can see signup link on top of website page) https://www.slidesfinder.com/signup . If you have facebook/gmail account them just click on SIGN IN WITH FACEBOOK OR SIGN IN WITH GOOGLE button, by this you will be a registered member of slidesfinder without filling any form, required detail automatically will be fatch from your account. If you do not a Facebook account, then click on "Signup". Fill all required fields and you will be a registered member of slidesfinder.

> Is slidesfinder account confirmation is mandatory?

Yes it is mandetory to active your account to login.

> Do I need to signup/login on SlidesFinder before uploading a PowerPoint presentation?

Yes, you need to login with your account before uploading presentation. Your username will be displayed on your uploaded presentation. Your registered email id is needed for sending your stats of uploaded presentation.

Slidesfinder is a sharing website for PowerPoint presentations search and share. Find your interest in the form of powerpoint presentations on slidesfinder and save your valuable time . On Slidesfinder you get presentations from our huge library of professional ppt presentations. We believe in making your search INFORMATIVE and FUN. Find your best ppt presentation from a pool of PowerPoint presentations stacked under important industry categories like business & management, heath & Wellness,eduction & training etc. We provide unique informative PowerPoint presentation for marketers, presenters and educationists. These professional PowerPoint presentations are uploaded by professionals from across numerous industry segments.These ppt presentations are available for FREE download.

Not just finding your interest, but facilitate you broadcast your interest. We have created this platform for easy sharing of PowerPoint presentations, ensuring that these presentations get maximum exposure. Create your slidesfinder account and upload PowerPoint presentations for free, share on social media platforms and BUILD YOUR CROWD WITH PRESENTATION !!

The Great Buddha says, "Share your knowledge.It’s a way to achieve immortality"! So, start sharing knowledge and we are here to make that immortal !!

Re-productivity of content are not allowed. Without prior written permission from author, commercial use of any content is illegal.