Web 2.0 A Security Nightmare? SSL and Webapps Webmontag Karlsruhe, - PowerPoint PPT Presentation

Jan 08, 2023 •143 likes •254 views

Web 2.0 A Security Nightmare? SSL and Webapps Webmontag Karlsruhe, 29.5.2006 Hanno Bck, http://www.hboeck.de/ Web 2.0 for everyone? Web 2.0 applications should be available for the common user Blog in 1 minute, Get your own

Web 2.0 – A Security Nightmare? SSL and Webapps Webmontag Karlsruhe, 29.5.2006 Hanno Böck, http://www.hboeck.de/
Web 2.0 for everyone? ● Web 2.0 applications should be available for the common user ● »Blog in 1 minute«, »Get your own Wiki« etc. ● Apps are not »Secure by default«
Sniffing
Sniffing is easy ● ethereal ● ettercap ● dsniff ● Solution: Login via https!
No HTTPS ● Wikipedia ● digg.com ● plazes ● del.icio.us ● myblog.de
Have an own rootserver? ● Cool, make your app accessible with either http or https. ● Advanced: mod_rewrite to forward login-page to https. ● And the world is fine?
Problem: IP-Adresses ● One SSL-Cert per IP ● Domain in Cert ● IP-Adresses are always limited ● Strato max. 2, 1&1 max. 8 ● IPv6?
Problem: Certificate ● Expensive cert by Verisign & Co? ● Self-signed? ● CAcert
Everything perfect? ● Own server ● App available via http or https ● Login-page forwards to https ● CAcert-signed cert ● IPv6-tunnel for server and client
Where's my cookie? ● Session-Cookie by default per domain – don't call your page via http after https. ● Workaround: https on other subdomain ● Secure webapps
Completely offtopic: Werbung GPN 5 Gulasch Programmier Nacht 9. - 11.6.2006 CCC Karlsruhe/Entropia www.entropia.de

Recommend

2 nd semester Topic 5: Navigation nightmare More Than Just a Bad Dream--A Nightmare's Impact on

2 nd semester Topic 5: Navigation nightmare More Than Just a Bad Dream--A Nightmare's Impact on the Waking Brain 1.Read the article You awake with a pounding heart and clammy hands. Relax, you think to yourself it was just a bad dream. But

204 views • 8 slides

NIGHTMARE CREATURES II Game Design Presentation - Confidential Kalisto Entertainment 1999

NIGHTMARE CREATURES II Game Design Presentation - Confidential Kalisto Entertainment 1999 1 NIGHTMARE CREATURES II NIGHTMARE CREATURES II Game Overview Working tittle : Nightmare Creatures II Genre : Horror Action- Adventure Game

317 views • 8 slides

UPDATES Recap Christmas in the Sierra Concert Nightmare Before Christmas ALL SHOWS SOLD

UPDATES Recap Christmas in the Sierra Concert Nightmare Before Christmas ALL SHOWS SOLD OUT! Coming Up 12/14 Dinner and Show Nightmare 12/15 Nightmare Before Christmas 12/16 Nightmare Before Christmas 12/22 Holiday

336 views • 6 slides

Imagining Politics beyond Brexit Gone quiet, hasnt it? Last year now seems like a nightmare

Imagining Politics beyond Brexit Gone quiet, hasnt it? Last year now seems like a nightmare from which we are just awakening. The febrile atmosphere of those days when two Prime Ministers struggled to push a withdrawal agreement through

269 views • 8 slides

A NIGHTMARE FOR THE INTERVENTIONAL CARDIOLOGIST-DES STENT ANEURYSM! DR VARUN CHAWLA MD,DM

A NIGHTMARE FOR THE INTERVENTIONAL CARDIOLOGIST-DES STENT ANEURYSM! DR VARUN CHAWLA MD,DM LIFECARE INSTITUTE OF MEDICAL SCIENCES & RESEARCH,AHMEDABAD,INDIA Disclosure Statement of Financial Interest I, Dr Varun Chawla DO NOT have a

677 views • 32 slides

{ domas, @xoreaxeaxeax Christopher Domas Cyber Security Researcher @ Battelle Memorial

The M/o/Vfuscator Turning 'mov' into a soul-crushing RE nightmare { domas, @xoreaxeaxeax Christopher Domas Cyber Security Researcher @ Battelle Memorial Institute ./bio objdump d Mintel a.out 4004e9: mov DWORD PTR

1.6k views • 156 slides

Django, from nightmare to dream with Best Practices by Stphane Wirtel EuroPython 2017 -

Django, from nightmare to dream with Best Practices by Stphane Wirtel EuroPython 2017 - Rimini/y ;-) 11 Luglio 2017 1 / 69 Hello, I am Stphane Python Freelancer Open Source = My Passion/Job PythonFOSDEM CPython contributor PSF, EPS

838 views • 69 slides

Payroll Tax Train Wreck Resolving Your Clients Payroll Tax Nightmare Eric L. Green, Esq. 1

Payroll Tax Train Wreck Resolving Your Clients Payroll Tax Nightmare Eric L. Green, Esq. 1 About Tax Rep LLC Tax Rep is a member driven community that helps each other build their representation practice and help taxpayers, with members being

438 views • 29 slides

The M/o/Vfuscator Turning 'mov' into a soul-crushing RE nightmare { domas / REcon 2015

The M/o/Vfuscator Turning 'mov' into a soul-crushing RE nightmare { domas / REcon 2015 REMath (github.com/REMath) Stephen Dolan http://www.cl.cam.ac.uk/~sd601/papers/mov.pdf It is well-known that the x86 instruction set is baroque,

1.93k views • 158 slides

Speculative Execution Vulnerabilities: From a Simple Oversight to a Technological Nightmare Raoul

Speculative Execution Vulnerabilities: From a Simple Oversight to a Technological Nightmare Raoul Strackx raoul.strackx@cs.kuleuven.be @raoul_strackx imec-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Belgium Hardwear.io, June 14 th , 2019

1.05k views • 81 slides

Client Alert Opening a Franchise: The American Dream or a Landlords Nightmare? Contact

Client Alert Opening a Franchise: The American Dream or a Landlords Nightmare? Contact Attorney Regarding This Matter: In todays challenging and unstable economic client, many Americans, Jonathan L. Neville old and young, rich and

235 views • 6 slides

A Greybeard's Worst Nightmare How Kubernetes and Containers are re-defining the Linux OS Daniel

A Greybeard's Worst Nightmare How Kubernetes and Containers are re-defining the Linux OS Daniel Riek Fosdem 2020 1 Introduction Name: Daniel Riek Twitter: llunved Using GNU/Linux since 1994 Co-founded Free Software start-up

675 views • 32 slides

Roadmap to Brexit Fulvio Fassone ETRC VP Business Development ATRI President Nightmare or

Roadmap to Brexit Fulvio Fassone ETRC VP Business Development ATRI President Nightmare or opportunity ? 29 March 2019 11 pm GMT Brexit The Aviation regulatory framework 1986 : Airline Deregulation Act adopted in USA . The Air Transport

480 views • 15 slides

A webservers nightmare Serving files that let me pwn you BerlinSides 0x7E2 @gehaxelt June

A webservers nightmare Serving files that let me pwn you BerlinSides 0x7E2 @gehaxelt June 23, 2018 Introduction Agenda 1. Intro & something about webservers 2. Interesting files 3. Scanning for files 4. Feedback || Answers

702 views • 52 slides

Living a Nightmare, Dreaming a Dream A Drupal Deployment Dilemma SATURN Conference, April 2015

Living a Nightmare, Dreaming a Dream A Drupal Deployment Dilemma SATURN Conference, April 2015 Gail E. Harris gharris@tvo.org Director & Architect, Web and Mobile Delivery About TVO "use electronic and associated media to provide

143 views • 13 slides

Requirements Nightmare Put to Rest F/A-18 Advanced Weapons Laboratory L-3 Communications

Requirements Nightmare Put to Rest F/A-18 Advanced Weapons Laboratory L-3 Communications Government Services Inc. Susan Weaver Susan.weaver@navy.mil AWL Process Lead 760-939-5793 What We Do The Advanced Weapons Lab, China Lake -- where

414 views • 25 slides

My Nightmare Do you want access to Campus Labs Baseline and/or Compliance Assist? 1 UCSD Student

2/25/2013 Writing ing Good od Sur urvey y Qu Questions stions UCSD Student Affairs Assessment February 2013 My Nightmare Do you want access to Campus Labs Baseline and/or Compliance Assist? 1 UCSD Student Research and Information

158 views • 15 slides

Microservices: A Performance Testers Dream or Nightmare? Simon Eismann Cor-Paul Bezemer

Microservices: A Performance Testers Dream or Nightmare? Simon Eismann Cor-Paul Bezemer Weiyi Shang Duan Okanovi Andr van Hoorn University of Wrzburg University of Alberta Concordia University University of Stuttgart University

540 views • 15 slides

TAKING ACTION TO PREVENT AN INVASIVE MUSSEL NIGHTMARE Presented by: Lisa Scott Okanagan and

TAKING ACTION TO PREVENT AN INVASIVE MUSSEL NIGHTMARE Presented by: Lisa Scott Okanagan and Similkameen Invasive Species Society OASISS who we are A non-profit society established in 1996. Diverse cross-section of members.

1.06k views • 61 slides

Expert Evidence KELVIN KEANE Senior Associate 13 SEPTEMBER 2016 An Experts Worse Nightmare Van

Presents: Expert Evidence KELVIN KEANE Senior Associate 13 SEPTEMBER 2016 An Experts Worse Nightmare Van Oord UK Ltd v Allseas UK Ltd [2015] EWHC 3074 (TCC) November 2015 The Facts AUK was the Principal Contractor engaged by Total E&P

435 views • 27 slides

To Towards Production-Ru Run Heisenbugs Re Reproduction on Commercial Hardware Shiyou Huang

To Towards Production-Ru Run Heisenbugs Re Reproduction on Commercial Hardware Shiyou Huang Bowen Cai and Jeff Huang 1 Whats a coders worst nightmare? https://www.quora.com/What-is-a-coders-worst-nightmare 2 The bug only occurs in

901 views • 50 slides

GREEN BUSINESS DATA TRACKING SYSTEMS: THE END TO THE EXCEL NIGHTMARE NOVEMBER 7, 2013 2013

GREEN BUSINESS DATA TRACKING SYSTEMS: THE END TO THE EXCEL NIGHTMARE NOVEMBER 7, 2013 2013 NATIONAL SUMMIT ON GREEN BUSINESS ENGAGEMENT PROGRAMS Hosted by A Better City (ABC) 34 Participants Representing 30 programs nation

350 views • 17 slides

Drones. Fun and games or a dystopian nightmare? By: Nicky DiCarlo and Kelly Venechanos By: Nicky

Drones. Fun and games or a dystopian nightmare? By: Nicky DiCarlo and Kelly Venechanos By: Nicky DiCarlo and Kelly Venechanos What is a drone? A vehicle designed to be used with no human on board. Often uses 4 or more rotors.

771 views • 49 slides

TRANSITION FROM MONOLITH TO MICROSERVICES: A DREAM OR A TESTERS NIGHTMARE? Natalja Pletneva,

NW SOFTW ARE QUALITY CIFIC CONFERENCE A P TRANSITION FROM MONOLITH TO MICROSERVICES: A DREAM OR A TESTERS NIGHTMARE? Natalja Pletneva, Okko. DATE: OCTOBER 14 PNSQC 1 NW SOFTW ARE QUALITY CIFIC CONFERENCE A P WHO AM

896 views • 44 slides