Suche senden
Hochladen
Web Architecture
•
Als PPTX, PDF herunterladen
•
6 gefällt mir
•
3,982 views
Durch KI verbesserter Titel
Sumedt Jitpukdebodin
Folgen
This slide is my presentation in 2600Thailand Meeting
Weniger lesen
Mehr lesen
Bildung
Melden
Teilen
Melden
Teilen
1 von 47
Jetzt herunterladen
Empfohlen
Fundamentals of Web for Non-Developers
Fundamentals of Web for Non-Developers
Lemi Orhan Ergin
Busy Architects Guide to Modern Web Architecture in 2014
Busy Architects Guide to Modern Web Architecture in 2014
Particular Software
Web Fundamentals
Web Fundamentals
arunv
Architecture Best Practices
Architecture Best Practices
AWS Germany
SOA and web services
SOA and web services
Sreekanth Narayanan
Basic web architecture
Basic web architecture
Ralu Mihordea
RESTful Web Services
RESTful Web Services
Imran M Yousuf
Introduction to Web Technology
Introduction to Web Technology
Rob Bertholf
Empfohlen
Fundamentals of Web for Non-Developers
Fundamentals of Web for Non-Developers
Lemi Orhan Ergin
Busy Architects Guide to Modern Web Architecture in 2014
Busy Architects Guide to Modern Web Architecture in 2014
Particular Software
Web Fundamentals
Web Fundamentals
arunv
Architecture Best Practices
Architecture Best Practices
AWS Germany
SOA and web services
SOA and web services
Sreekanth Narayanan
Basic web architecture
Basic web architecture
Ralu Mihordea
RESTful Web Services
RESTful Web Services
Imran M Yousuf
Introduction to Web Technology
Introduction to Web Technology
Rob Bertholf
Rest & RESTful WebServices
Rest & RESTful WebServices
Prateek Tandon
High performance website
High performance website
Chamnap Chhorn
Introduction To REST
Introduction To REST
Bhavya Siddappa
introduction to web technology
introduction to web technology
vikram singh
External Data Access with jQuery
External Data Access with jQuery
Doncho Minkov
Seo and analytics basics
Seo and analytics basics
Sreekanth Narayanan
Restful web services ppt
Restful web services ppt
OECLIB Odisha Electronics Control Library
REST-API introduction for developers
REST-API introduction for developers
Patrick Savalle
იოსებ ძმანაშვილი - The Web APIs
იოსებ ძმანაშვილი - The Web APIs
unihack
Introduction to the Web API
Introduction to the Web API
Brad Genereaux
The never-ending REST API design debate -- Devoxx France 2016
The never-ending REST API design debate -- Devoxx France 2016
Restlet
Representational State Transfer
Representational State Transfer
Alexei Skachykhin
Restful web services by Sreeni Inturi
Restful web services by Sreeni Inturi
Sreeni I
REST API Design for JAX-RS And Jersey
REST API Design for JAX-RS And Jersey
Stormpath
Elegant Rest Design Webinar
Elegant Rest Design Webinar
Stormpath
Web Technology Fundamentals
Web Technology Fundamentals
sunmitraeducation
REST and ASP.NET Web API (Milan)
REST and ASP.NET Web API (Milan)
Jef Claes
The RESTful Soa Datagrid with Oracle
The RESTful Soa Datagrid with Oracle
Emiliano Pecis
5. HTML5
5. HTML5
Jalpesh Vasa
Vskills angular js sample material
Vskills angular js sample material
Vskills
Web architecture mechanism and threats
Web architecture mechanism and threats
Sumedt Jitpukdebodin
Java API for WebSocket 1.0: Java EE 7 and GlassFish
Java API for WebSocket 1.0: Java EE 7 and GlassFish
Arun Gupta
Weitere ähnliche Inhalte
Was ist angesagt?
Rest & RESTful WebServices
Rest & RESTful WebServices
Prateek Tandon
High performance website
High performance website
Chamnap Chhorn
Introduction To REST
Introduction To REST
Bhavya Siddappa
introduction to web technology
introduction to web technology
vikram singh
External Data Access with jQuery
External Data Access with jQuery
Doncho Minkov
Seo and analytics basics
Seo and analytics basics
Sreekanth Narayanan
Restful web services ppt
Restful web services ppt
OECLIB Odisha Electronics Control Library
REST-API introduction for developers
REST-API introduction for developers
Patrick Savalle
იოსებ ძმანაშვილი - The Web APIs
იოსებ ძმანაშვილი - The Web APIs
unihack
Introduction to the Web API
Introduction to the Web API
Brad Genereaux
The never-ending REST API design debate -- Devoxx France 2016
The never-ending REST API design debate -- Devoxx France 2016
Restlet
Representational State Transfer
Representational State Transfer
Alexei Skachykhin
Restful web services by Sreeni Inturi
Restful web services by Sreeni Inturi
Sreeni I
REST API Design for JAX-RS And Jersey
REST API Design for JAX-RS And Jersey
Stormpath
Elegant Rest Design Webinar
Elegant Rest Design Webinar
Stormpath
Web Technology Fundamentals
Web Technology Fundamentals
sunmitraeducation
REST and ASP.NET Web API (Milan)
REST and ASP.NET Web API (Milan)
Jef Claes
The RESTful Soa Datagrid with Oracle
The RESTful Soa Datagrid with Oracle
Emiliano Pecis
5. HTML5
5. HTML5
Jalpesh Vasa
Vskills angular js sample material
Vskills angular js sample material
Vskills
Was ist angesagt?
(20)
Rest & RESTful WebServices
Rest & RESTful WebServices
High performance website
High performance website
Introduction To REST
Introduction To REST
introduction to web technology
introduction to web technology
External Data Access with jQuery
External Data Access with jQuery
Seo and analytics basics
Seo and analytics basics
Restful web services ppt
Restful web services ppt
REST-API introduction for developers
REST-API introduction for developers
იოსებ ძმანაშვილი - The Web APIs
იოსებ ძმანაშვილი - The Web APIs
Introduction to the Web API
Introduction to the Web API
The never-ending REST API design debate -- Devoxx France 2016
The never-ending REST API design debate -- Devoxx France 2016
Representational State Transfer
Representational State Transfer
Restful web services by Sreeni Inturi
Restful web services by Sreeni Inturi
REST API Design for JAX-RS And Jersey
REST API Design for JAX-RS And Jersey
Elegant Rest Design Webinar
Elegant Rest Design Webinar
Web Technology Fundamentals
Web Technology Fundamentals
REST and ASP.NET Web API (Milan)
REST and ASP.NET Web API (Milan)
The RESTful Soa Datagrid with Oracle
The RESTful Soa Datagrid with Oracle
5. HTML5
5. HTML5
Vskills angular js sample material
Vskills angular js sample material
Ähnlich wie Web Architecture
Web architecture mechanism and threats
Web architecture mechanism and threats
Sumedt Jitpukdebodin
Java API for WebSocket 1.0: Java EE 7 and GlassFish
Java API for WebSocket 1.0: Java EE 7 and GlassFish
Arun Gupta
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)
Nordic APIs
Conf2013 bchristensen thebig_t
Conf2013 bchristensen thebig_t
Beau Christensen
Unit 1 b
Unit 1 b
Sheetal Verma
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
CA API Management
Institutionalizing Open Source - Puneet Sachdev - Nasscom Tech Series - June ...
Institutionalizing Open Source - Puneet Sachdev - Nasscom Tech Series - June ...
Puneet Sachdev
HTTP_Header_Security.pdf
HTTP_Header_Security.pdf
ksudhakarreddy5
E-Business And Technology Essay
E-Business And Technology Essay
Pamela Wright
Asynchronous architecture (Node.js & Vert.x)
Asynchronous architecture (Node.js & Vert.x)
Yu Kwangjong
Accelerating breakthrough business technologies in atlanta, tag featured spea...
Accelerating breakthrough business technologies in atlanta, tag featured spea...
Melanie Brandt
Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008
Jeremiah Grossman
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
ufpb
Oracle REST Data Services
Oracle REST Data Services
Chris Muir
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
CA API Management
Java Web Application Security - Denver JUG 2013
Java Web Application Security - Denver JUG 2013
Matt Raible
Defcon9 Presentation2001
Defcon9 Presentation2001
Miguel Ibarra
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"
Jeremiah Grossman
Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012
Jeremiah Grossman
Ed presents JSF 2.2 at a 2013 Gameduell Tech talk
Ed presents JSF 2.2 at a 2013 Gameduell Tech talk
Edward Burns
Ähnlich wie Web Architecture
(20)
Web architecture mechanism and threats
Web architecture mechanism and threats
Java API for WebSocket 1.0: Java EE 7 and GlassFish
Java API for WebSocket 1.0: Java EE 7 and GlassFish
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)
Conf2013 bchristensen thebig_t
Conf2013 bchristensen thebig_t
Unit 1 b
Unit 1 b
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
Institutionalizing Open Source - Puneet Sachdev - Nasscom Tech Series - June ...
Institutionalizing Open Source - Puneet Sachdev - Nasscom Tech Series - June ...
HTTP_Header_Security.pdf
HTTP_Header_Security.pdf
E-Business And Technology Essay
E-Business And Technology Essay
Asynchronous architecture (Node.js & Vert.x)
Asynchronous architecture (Node.js & Vert.x)
Accelerating breakthrough business technologies in atlanta, tag featured spea...
Accelerating breakthrough business technologies in atlanta, tag featured spea...
Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
Oracle REST Data Services
Oracle REST Data Services
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Java Web Application Security - Denver JUG 2013
Java Web Application Security - Denver JUG 2013
Defcon9 Presentation2001
Defcon9 Presentation2001
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"
Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012
Ed presents JSF 2.2 at a 2013 Gameduell Tech talk
Ed presents JSF 2.2 at a 2013 Gameduell Tech talk
Mehr von Sumedt Jitpukdebodin
How to create your own hack environment
How to create your own hack environment
Sumedt Jitpukdebodin
Phishing
Phishing
Sumedt Jitpukdebodin
Which side are you
Which side are you
Sumedt Jitpukdebodin
Endpoint is not enough
Endpoint is not enough
Sumedt Jitpukdebodin
Antivirus is hopeless
Antivirus is hopeless
Sumedt Jitpukdebodin
Purple team is awesome
Purple team is awesome
Sumedt Jitpukdebodin
R u hacked
R u hacked
Sumedt Jitpukdebodin
Fundamental of malware analysis
Fundamental of malware analysis
Sumedt Jitpukdebodin
Security awareness training
Security awareness training
Sumedt Jitpukdebodin
Hacking with paper
Hacking with paper
Sumedt Jitpukdebodin
DDoS handlering
DDoS handlering
Sumedt Jitpukdebodin
Incident response before:after breach
Incident response before:after breach
Sumedt Jitpukdebodin
What should I do when my website got hack?
What should I do when my website got hack?
Sumedt Jitpukdebodin
Mehr von Sumedt Jitpukdebodin
(13)
How to create your own hack environment
How to create your own hack environment
Phishing
Phishing
Which side are you
Which side are you
Endpoint is not enough
Endpoint is not enough
Antivirus is hopeless
Antivirus is hopeless
Purple team is awesome
Purple team is awesome
R u hacked
R u hacked
Fundamental of malware analysis
Fundamental of malware analysis
Security awareness training
Security awareness training
Hacking with paper
Hacking with paper
DDoS handlering
DDoS handlering
Incident response before:after breach
Incident response before:after breach
What should I do when my website got hack?
What should I do when my website got hack?
Kürzlich hochgeladen
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
National Information Standards Organization (NISO)
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
AyushMahapatra5
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
chloefrazer622
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
Jayanti Pande
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
Thiyagu K
microwave assisted reaction. General introduction
microwave assisted reaction. General introduction
Maksud Ahmed
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
RAM LAL ANAND COLLEGE, DELHI UNIVERSITY.
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
SoniaTolstoy
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
agholdier
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
discovermytutordmt
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
Association for Project Management
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
misteraugie
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
Thiyagu K
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
dawncurless
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
Sapna Thakur
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
nomboosow
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
Thiyagu K
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Krashi Coaching
Kürzlich hochgeladen
(20)
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
microwave assisted reaction. General introduction
microwave assisted reaction. General introduction
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Web Architecture
1.
Web Architecture -
Mechanism and Threats © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice. Sumedt Jitpukdebodin Senior Security Researcher CompTIA Security+, LPIC-1 , NCLA, C|EHv6, eCPPT, eWPT, IWSS, CPTE
2.
~# whoami
Name: Sumedt Jitpukdebodin(สุเมธ จิตภักดีบดินทร์) My blog: http://www.r00tsec.com, http://twitter.com/materaj, https://www.facebook.com/hackandsecbook Jobs – I-SECURE Co., Ltd. – Research And Develop Engineer, Senior Web Application Security Specialist, Senior Security Researcher – Writer – English article@ http://packetstormsecurity.com/files/author/9011/ and please google my name. – Many Thai article, please google my Thai name. – หนังสือ “Hacking & Security Book "Network Security หนังสือฉบับก้าวสู่นักทดสอบและป้องกันการเจาะระบบ” Hobby: Penetration Testing, Hacking, Reading Info Security, Play Games, Traveling around the world, Write Article, Teaching and more... © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
3.
Agenda © Copyright
2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
4.
Agenda Web
Architecture Web Architecture Attack Security Controls & Mechanism © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
5.
Web Architecture ©
Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
6.
Basic Web Architecture
Two Tier Architecture – Web browser display content that return from Web Server – Web server provide resource for client © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
7.
HTML HTML(Hyper
Text Markup Language) – Document Layout Language – Viewed by using Web Browser. © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
8.
URI URI(Universal
Resource Identifier) © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
9.
URI(2) URL(Universal
Resource Locator) URN(Universal Resource Name) © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
10.
HTTP HTTP(Hyper
Text Transfer Protocol) HTTP is an application layer. HTTP has 2 way communication: HTTP Request and HTTP Response. © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
11.
HTTP(2) Request
Message – Request Line – Request Header – An empty line – An optional Message Body © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
12.
HTTP(3) © Copyright
2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
13.
Request Method –
HEAD – GET – POST – PUT – DELETE – TRACE – OPTIONS – CONNECT © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
14.
Safe Method –
HEAD – GET – OPTIONS – TRACE – POST – PUT – DELETE – CONNECT © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
15.
Status Code
Success: 2xx Redirection: 3xx Client-Side Error: 4xx Server-Side Error: 5xx © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
16.
HTTP Session State
HTTP is stateless Protocol Solutions – Cookies – Sessions – Hidden variable – URL encode parameter( /index.php?session_id=$session_code) © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
17.
Web Architecture Extension
Two tier architecture is not enough Common Gateway Interface(CGI) Standard protocol for interfacing with external application software with a web server CGI program are executable programs that run on the web server. © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
18.
Javascript Scripting
language designed for dynamic, interactive web application Run on client side. Preprocessing data on the client before submission to a server. Changing content type and styles © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
19.
Three tier web
architecture © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
20.
Make HTTP to
stateful(2) Cookie A text stored on a client’s computer by a web browser. Sent as an HTTP Header Can used for authenticating, session tracking © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
21.
Server and Client
Processing Server-Side Processing PHP ASP ASP.NET Perl J2EE Python, Django Ruby On Rail Client-Side Processing CSS HTML Javascript Adobe Flash Microsoft Silverlight © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
22.
AJAX Asynchronous
Javascript and XML(AJAX) Create by Jesse James Garrett, Febuary 18, 2005 Ajax Incorporates XHTML, CSS, Document Object Model(DOM), XML and XSLT, XMLHttpRequest, Javascript © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
23.
AJAX(2) © Copyright
2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
24.
AJAX(3) © Copyright
2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
25.
JSON Javascript
Object Notation(JSON) JSON is lightweight computer data interchange format. JSON is based on a subset of Javascript programming language. Using of XML format. © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
26.
JSON Request &&
Response © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
27.
JSON(2) © Copyright
2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
28.
XML eXtensible
Markup Language Using for information exchange. Two primary building blocks of XML are elements and attributes. Elements are tags and have values. Elements are structured as a tree. Alternatively, elements may have both attributes as well as data. Attributes help you to give more meaning and describe your element more efficiently and clearly. © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
29.
XML(2) Tag
Element Content © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
30.
XML(3) © Copyright
2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
31.
XML(4) © Copyright
2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
32.
XML vs JSON
© Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
33.
Web Services
Web service is a software system designed to support machine-to-machine intraction over a network. Web service are frequently just used to Internet Application Programming Interfaces(API). Web service use HTTP for transmitting messages(RPC,SOAP,REST) © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
34.
SOAP vs REST
SOAP(Simple Object Access Protocol) – Web service based on XML REST(Representational State Transfer) – Web service represent in format of application © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
35.
SOAP vs REST
© Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
36.
SOAP Example Reference::
http://www.soapui.org/The-World-Of-API-Testing/soap-vs-rest-challenges. html © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
37.
REST Example Reference::
http://www.soapui.org/The-World-Of-API-Testing/soap-vs-rest-challenges. html © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
38.
Web Architecture Attack
© Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
39.
Web Architecture Reference
:: Web Application Hacking/Security 101(https://docs.google.com/presentation/d/1fw7fO7kmVTcfXuupGTezSM76cdQH3IbYos5xu95L yMs/edit#slide=id.p) © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
40.
Web Architecture Attack
Reference :: Web Application Hacking/Security 101(https://docs.google.com/presentation/d/1fw7fO7kmVTcfXuupGTezSM76cdQH3IbYos5xu95L yMs/edit#slide=id.p) © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
41.
OWASP 2013
Injection Broken Authentication and Session Management Cross-Site Scripting(XSS) Insecure Direct Object Rerefence Security Misconfiguration Sensitive Data Exposure Missing Function Level Access Control Cross-Site Request Forgery(CSRF) Using Components with Known Vulnerability Unvalidated Redirects and Forwards © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
42.
Security Controls &
Mechanism © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
43.
Security Control
Application Layer Network Layer © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
44.
Application Layer
Input Validation Sessions Management Authentication Method Strong Policy(Such as password policy) Same-Origin Policy © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
45.
Network Layer
Firewall Intrusion Detection System/Intrusion Prevention System(IDS/IPS) Web Application Firewall(WAF) Centralize Log Server © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
46.
Network Layer Diagram
Reference :: http://www.umv.co.kr/main_eng/sm_enterprise.php © Copyright 2013 i-secure Co., Ltd. The information contained herein is subject to change without notice.
47.
Questions www.i-secure.co.th ©
Copyright 2013 ACIS i-secure Co., Ltd. The information contained herein is subject to change without notice.
Jetzt herunterladen