Lecture 5: Modules 5.1-5.6 Web Client Security CSE 628/628A: Sandeep K. Shukla Indian Institute of Technology Kanpur

This document summarizes a lecture on web client security that covers 6 modules: 1) the web security landscape, 2) definitions and threat models, 3) HTTP and content rendering, 4) browser isolation, 5) the security interface, and 6) cookies, frames, and frame busting. It acknowledges contributions from researchers and provides a graph showing trends in reported web vulnerabilities over time, with a peak in cross-site scripting vulnerabilities.

Uploaded by

Harpreet Singh

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

26 views

Lecture 5: Modules 5.1-5.6 Web Client Security CSE 628/628A: Sandeep K. Shukla Indian Institute of Technology Kanpur

Uploaded by

Harpreet Singh

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

You are on page 1/ 11

Lecture 5: Modules 5.1-5.

6
Web Client Security
CSE 628/628A
Sandeep K. Shukla
Indian Institute of Technology Kanpur
Acknowledgements
Dan Boneh (Stanford University)
John C. Mitchell (Stanford University)
Nicolai Zeldovich (MIT)
Jungmin Park (Virginia Tech)
Patrick Schaumont (Virginia Tech)
C. Edward Chow
Arun Hodigere
Web Resources
Lecture 5: Web Client
Security
Total 6 Modules on Web Client Security
Module 5.1: Web Security Landscape
Module 5.2: Web Security Definitions, Goals and
Threat Models
Module 5.3: HTTP & Content Rendering
Module 5.4: Browser Isolation
Module 5.5: Security Interface
Module 5.6: Cookies, Frames and Frame Busting
Module 5.1: Web Security
Landscape
What are the trends?
Web vs System
vulnerabilities
XSS peak

Decline in % web vulns since 2009

49% in 2010 -> 37% in 2011.
Big decline in SQL Injection vulnerabilities
Reported Web Vulnerabilities"In the Wild"

Data from aggregator and validator of NVD-reported vulnerabilities

Web application vulnerabilities

(ISC)2 SSCP Systems Security Certified Practitioner Official Study Guide
From Everand
(ISC)2 SSCP Systems Security Certified Practitioner Official Study Guide
Mike Wills
No ratings yet
PHP Microservices
From Everand
PHP Microservices
Carlos Pérez Sánchez
3/5 (1)
Practical Guide to Penetration Testing: Breaking and Securing Systems
From Everand
Practical Guide to Penetration Testing: Breaking and Securing Systems
Peter Johnson
No ratings yet
Advanced Software Security: Strategies for Robust Backend Systems
From Everand
Advanced Software Security: Strategies for Robust Backend Systems
Adam Jones
No ratings yet
Lec20 Web
No ratings yet
Lec20 Web
43 pages
Building Secure Applications with C++: Best Practices for the Enterprise
From Everand
Building Secure Applications with C++: Best Practices for the Enterprise
Robert Johnson
No ratings yet
Module 5.2: Web Security Definitions, Goals and Threat Models
No ratings yet
Module 5.2: Web Security Definitions, Goals and Threat Models
10 pages
Security in The Browser
No ratings yet
Security in The Browser
6 pages
Web Security
No ratings yet
Web Security
60 pages
Network Security Guidebook: Protocols and Techniques
From Everand
Network Security Guidebook: Protocols and Techniques
Peter Johnson
No ratings yet
Advanced Cybersecurity Strategies: Navigating Threats and Safeguarding Data
From Everand
Advanced Cybersecurity Strategies: Navigating Threats and Safeguarding Data
Adam Jones
No ratings yet
M1 Part3
No ratings yet
M1 Part3
18 pages
The Software Developer's Handbook: Mastering Core Skills and Advanced Practices
From Everand
The Software Developer's Handbook: Mastering Core Skills and Advanced Practices
Adam Jones
No ratings yet
Cybersecurity Guidebook: From Basics to Expert Proficiency
From Everand
Cybersecurity Guidebook: From Basics to Expert Proficiency
William Smith
No ratings yet
HTML 5 Web Security
No ratings yet
HTML 5 Web Security
82 pages
Mastering Secure Coding: Writing Software That Stands Up to Attacks
From Everand
Mastering Secure Coding: Writing Software That Stands Up to Attacks
Larry Jones
No ratings yet
Security in HTML5 Name: Khalid Shaikh Roll No: 43: Abstract
No ratings yet
Security in HTML5 Name: Khalid Shaikh Roll No: 43: Abstract
9 pages
10 Webappsecurity
No ratings yet
10 Webappsecurity
95 pages
Java Secure Coding Techniques: Strategies for Preventing Vulnerabilities
From Everand
Java Secure Coding Techniques: Strategies for Preventing Vulnerabilities
Adam Jones
No ratings yet
Browser Security Model: John Mitchell
No ratings yet
Browser Security Model: John Mitchell
74 pages
Web Application Security Syllabus
No ratings yet
Web Application Security Syllabus
2 pages
Decentralized Identity Explained: Embrace decentralization for a more secure and empowering digital experience
From Everand
Decentralized Identity Explained: Embrace decentralization for a more secure and empowering digital experience
Rohan Pinto
No ratings yet
AI and Deep Learning for Networks
From Everand
AI and Deep Learning for Networks
Gopee Mukhopadhyay
No ratings yet
FALLSEM2024-25_BCSE410L_TH_VL2024250101903_2024-11-18_Reference-Material-I
No ratings yet
FALLSEM2024-25_BCSE410L_TH_VL2024250101903_2024-11-18_Reference-Material-I
31 pages
Web Security Syllabus
No ratings yet
Web Security Syllabus
2 pages
106_HTML5
No ratings yet
106_HTML5
156 pages
CSS Question Bank
No ratings yet
CSS Question Bank
19 pages
CSIT-542 Web Security Syllabus
No ratings yet
CSIT-542 Web Security Syllabus
1 page
Mastering Cybersecurity: A Comprehensive Guidebook
From Everand
Mastering Cybersecurity: A Comprehensive Guidebook
Rob Proutyon
No ratings yet
Lecture 21-Web Evaluation & Web Security-Compressed
No ratings yet
Lecture 21-Web Evaluation & Web Security-Compressed
28 pages
BCA VI Sem Network Management and Security
No ratings yet
BCA VI Sem Network Management and Security
30 pages
Browser Security Model: John Mitchell
No ratings yet
Browser Security Model: John Mitchell
74 pages
Web Browser Security: John Mitchell
No ratings yet
Web Browser Security: John Mitchell
67 pages
Securing Critical Infrastructures
From Everand
Securing Critical Infrastructures
Professor Mohamed K. Kamara Ph.D.
No ratings yet
Computer Security
No ratings yet
Computer Security
34 pages
In-Depth Exploration of Spring Security: Mastering Authentication and Authorization
From Everand
In-Depth Exploration of Spring Security: Mastering Authentication and Authorization
Adam Jones
No ratings yet
ICT 233 Lecture - 2
No ratings yet
ICT 233 Lecture - 2
19 pages
IT430 Short Notes
No ratings yet
IT430 Short Notes
18 pages
IoT Security Mastery: Essential Best Practices for the Internet of Things
From Everand
IoT Security Mastery: Essential Best Practices for the Internet of Things
Peter Jones
No ratings yet
Mastering Computer Programming
From Everand
Mastering Computer Programming
Kameron Hussain
No ratings yet
Isc 08 Web Security
No ratings yet
Isc 08 Web Security
37 pages
An toàn hệ thống web
No ratings yet
An toàn hệ thống web
74 pages
Week10 P
No ratings yet
Week10 P
37 pages
Unit 5
No ratings yet
Unit 5
21 pages
Writing Secure and Maintainable Python Code: Unlock the Secrets of Expert-Level Skills
From Everand
Writing Secure and Maintainable Python Code: Unlock the Secrets of Expert-Level Skills
Larry Jones
No ratings yet
Blockchain and IoT based Smart Healthcare Systems
From Everand
Blockchain and IoT based Smart Healthcare Systems
L. Ashok Kumar
No ratings yet
Web Security Notes U1 PDF
No ratings yet
Web Security Notes U1 PDF
18 pages
The Palo Alto Networks Handbook: Practical Solutions for Cyber Threat Protection
From Everand
The Palo Alto Networks Handbook: Practical Solutions for Cyber Threat Protection
Robert Johnson
No ratings yet
CSE 477: Introduction To Computer Security
No ratings yet
CSE 477: Introduction To Computer Security
36 pages
Browser Security
No ratings yet
Browser Security
31 pages
Security
No ratings yet
Security
11 pages
Cybersecurity in Cloud Computing
From Everand
Cybersecurity in Cloud Computing
Akula Achari
No ratings yet
Mastering Cybersecurity Foundations: Building Resilience in a Digital World
From Everand
Mastering Cybersecurity Foundations: Building Resilience in a Digital World
Robert Johnson
No ratings yet
Web Security
No ratings yet
Web Security
36 pages
Webinar 1531 Slides
No ratings yet
Webinar 1531 Slides
16 pages
Web Security Vulnerabilities
No ratings yet
Web Security Vulnerabilities
50 pages
Web Browser Security
0% (1)
Web Browser Security
16 pages
Web Security: Part 1
No ratings yet
Web Security: Part 1
46 pages
Web Security
No ratings yet
Web Security
4 pages
WEB TECHNOLOGIES - ITC 351 Lecture - 2-1
No ratings yet
WEB TECHNOLOGIES - ITC 351 Lecture - 2-1
19 pages
Module-2 3
No ratings yet
Module-2 3
28 pages
Module-0 3
No ratings yet
Module-0 3
6 pages
Systems and Network Security CSE 628/628A: Sandeep K. Shukla Indian Institute of Technology Kanpur
No ratings yet
Systems and Network Security CSE 628/628A: Sandeep K. Shukla Indian Institute of Technology Kanpur
7 pages
More Control Hijacking Attacks: Format String Vulnerabilities
No ratings yet
More Control Hijacking Attacks: Format String Vulnerabilities
8 pages
Module-0 2
No ratings yet
Module-0 2
8 pages
Module-1 1
No ratings yet
Module-1 1
23 pages
Module-0 5
No ratings yet
Module-0 5
12 pages
Advanced Control Hijacking Attacks
No ratings yet
Advanced Control Hijacking Attacks
13 pages
Module-3 2
No ratings yet
Module-3 2
9 pages
Module-4.2 0
No ratings yet
Module-4.2 0
15 pages
Defense Against Control Hijacking - Platform Defenses
No ratings yet
Defense Against Control Hijacking - Platform Defenses
8 pages
Module-2 1
No ratings yet
Module-2 1
10 pages
Introduction To Browser Isolation
No ratings yet
Introduction To Browser Isolation
11 pages
Other Issues in Access Control
No ratings yet
Other Issues in Access Control
17 pages
Unix and Windows Access Control
No ratings yet
Unix and Windows Access Control
18 pages
Module 5.3: HTTP & Content Rendering
No ratings yet
Module 5.3: HTTP & Content Rendering
23 pages
Module 5.5: Security User Interface
No ratings yet
Module 5.5: Security User Interface
11 pages
Lecture 6: Modules 6.1-6.10 Web Server Security CSE 628/628A
No ratings yet
Lecture 6: Modules 6.1-6.10 Web Server Security CSE 628/628A
23 pages
Module 5.4: Browser Isolation
No ratings yet
Module 5.4: Browser Isolation
21 pages
Module 5.6: Cookies, Frames and Frame Busting
No ratings yet
Module 5.6: Cookies, Frames and Frame Busting
13 pages
Lecture 7: Modules 7.1-7.10 Network Security CSE 628/628A: Sandeep K. Shukla Indian Institute of Technology Kanpur
No ratings yet
Lecture 7: Modules 7.1-7.10 Network Security CSE 628/628A: Sandeep K. Shukla Indian Institute of Technology Kanpur
17 pages
Defenses and Protections Against XSS
No ratings yet
Defenses and Protections Against XSS
13 pages
Lecture 7: Modules 7.1-7.10 Network Security CSE 628/628A: Sandeep K. Shukla Indian Institute of Technology Kanpur
No ratings yet
Lecture 7: Modules 7.1-7.10 Network Security CSE 628/628A: Sandeep K. Shukla Indian Institute of Technology Kanpur
12 pages
Module6 5
No ratings yet
Module6 5
6 pages
Module7 7
No ratings yet
Module7 7
5 pages
Module6 3
No ratings yet
Module6 3
17 pages
Email Security, Certificates
No ratings yet
Email Security, Certificates
12 pages
Module7 6
No ratings yet
Module7 6
8 pages
Digital Signature, Hash Functions
No ratings yet
Digital Signature, Hash Functions
9 pages