SlideShare a Scribd company logo
1 of 27
Web Server Technologies Part III: Security & Future Musings  Joe Lima Director of Product Development  Port80 Software, Inc. [email_address]
Tutorial Content Web Server Technologies |  Part III: Security & Future Musings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Core Security Concepts Web Server Technologies |  Part III: Security & Future Musings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
A Brief Taxonomy of Attack Types Web Server Technologies |  Part III: Security & Future Musings Virus  –  Program that appends itself to existing program and attempts self-propagation Worm  –  Standalone self-propagating program that carries out malicious action of some type Trojan Horse  –  Program that executes malicious code under cover of some benign functionality Denial of Service (DoS)  –  Deliberate use of a program’s or machine’s resources sufficient to deny others its legitimate use ,[object Object],[object Object]
Attack Strategies Web Server Technologies |  Part III: Security & Future Musings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Attack Reconnaissance Web Server Technologies |  Part III: Security & Future Musings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Security in Depth Strategy Web Server Technologies |  Part III: Security & Future Musings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Principle of Least Access Web Server Technologies |  Part III: Security & Future Musings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Need for Threat Assessment Web Server Technologies |  Part III: Security & Future Musings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Network Security Web Server Technologies |  Part III: Security & Future Musings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Host Security Web Server Technologies |  Part III: Security & Future Musings ,[object Object],[object Object],[object Object],[object Object],[object Object]
An IIS Security Checklist Web Server Technologies |  Part III: Security & Future Musings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Brett Hill’s Recommended ACLs Web Server Technologies |  Part III: Security & Future Musings
An IIS Security Checklist, cont. Web Server Technologies |  Part III: Security & Future Musings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
An IIS Security Checklist, cont. Web Server Technologies |  Part III: Security & Future Musings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Application Security Web Server Technologies |  Part III: Security & Future Musings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Transaction Security Web Server Technologies |  Part III: Security & Future Musings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Transaction Security, cont. Web Server Technologies |  Part III: Security & Future Musings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Transaction Security, cont. Web Server Technologies |  Part III: Security & Future Musings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Transaction Security, cont. Web Server Technologies |  Part III: Security & Future Musings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Transaction Security, cont. Web Server Technologies |  Part III: Security & Future Musings ,[object Object],[object Object],[object Object],[object Object],[object Object]
Transaction Security, cont. Web Server Technologies |  Part III: Security & Future Musings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Transaction Security Pictured Web Server Technologies |  Part III: Security & Future Musings This is clear text Bf$tladk&kl)eil.,mvl#d;ai This is clear text This is clear text Bf$tladk&kl)eil.,mvl#d;ai This is clear text Recipient’s  Public Key Recipient’s  Private Key Private  Session Key Private  Session Key Secure  Transmission Recipient Sender Symmetric Asymmetric
Looking Ahead (or, Joe of in Left Field) Web Server Technologies |  Part III: Security & Future Musings ,[object Object],[object Object],[object Object],[object Object]
Looking Ahead (or, Joe of in Left Field) Web Server Technologies |  Part III: Security & Future Musings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Looking Ahead (or, Joe of in Left Field) Web Server Technologies |  Part III: Security & Future Musings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
About Port80 Software Web Server Technologies |  Part III: Security & Future Musings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

More Related Content

What's hot

Benefits of web application firewalls
Benefits of web application firewallsBenefits of web application firewalls
Benefits of web application firewalls
EnclaveSecurity
 
Spe cs getting_started_guide
Spe cs getting_started_guideSpe cs getting_started_guide
Spe cs getting_started_guide
Saurabh Singh
 

What's hot (20)

Benefits of web application firewalls
Benefits of web application firewallsBenefits of web application firewalls
Benefits of web application firewalls
 
Ch02 System Threats and Risks
Ch02 System Threats and RisksCh02 System Threats and Risks
Ch02 System Threats and Risks
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application Firewall
 
Bitrix Software Security
Bitrix Software SecurityBitrix Software Security
Bitrix Software Security
 
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New VulnerabilitiesProtect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
 
Ch16
Ch16Ch16
Ch16
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 
Cloud Security - Kloudlearn
Cloud Security - KloudlearnCloud Security - Kloudlearn
Cloud Security - Kloudlearn
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security Issues
 
Spe cs getting_started_guide
Spe cs getting_started_guideSpe cs getting_started_guide
Spe cs getting_started_guide
 
7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the Threat7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the Threat
 
Solution Brief
Solution BriefSolution Brief
Solution Brief
 
Security and information assurance
Security and information assuranceSecurity and information assurance
Security and information assurance
 
RAZORPOINT SECURITY GLOSSARY
RAZORPOINT SECURITY GLOSSARYRAZORPOINT SECURITY GLOSSARY
RAZORPOINT SECURITY GLOSSARY
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updated
 
Web application security part 02
Web application security part 02Web application security part 02
Web application security part 02
 
Network security
Network securityNetwork security
Network security
 
Ch03 Network and Computer Attacks
Ch03 Network and Computer AttacksCh03 Network and Computer Attacks
Ch03 Network and Computer Attacks
 
Chapter 11 Authentication and Account Management
Chapter 11 Authentication and Account ManagementChapter 11 Authentication and Account Management
Chapter 11 Authentication and Account Management
 
Wireless Communiction Security
Wireless Communiction SecurityWireless Communiction Security
Wireless Communiction Security
 

Viewers also liked

Story boards
Story boardsStory boards
Story boards
taki1993
 
University Church Appeal
University Church AppealUniversity Church Appeal
University Church Appeal
devoff
 
設計英文
設計英文設計英文
設計英文
f5401999
 
Music Video Analysis
Music Video AnalysisMusic Video Analysis
Music Video Analysis
taki1993
 
資訊素養
資訊素養資訊素養
資訊素養
f5401999
 
Scene Setup
Scene SetupScene Setup
Scene Setup
taki1993
 
Scene Setup
Scene SetupScene Setup
Scene Setup
taki1993
 
Mi casa y mi calle
Mi casa y mi calleMi casa y mi calle
Mi casa y mi calle
hesperetusa
 
Advert analysis
Advert analysisAdvert analysis
Advert analysis
taki1993
 
Music Video Analysis
Music Video AnalysisMusic Video Analysis
Music Video Analysis
taki1993
 

Viewers also liked (20)

Story boards
Story boardsStory boards
Story boards
 
Video Production Using Open Source Tools
Video Production Using Open Source ToolsVideo Production Using Open Source Tools
Video Production Using Open Source Tools
 
University Church Appeal
University Church AppealUniversity Church Appeal
University Church Appeal
 
BLOW by Funky Gong - New Album Release
BLOW by Funky Gong - New Album Release BLOW by Funky Gong - New Album Release
BLOW by Funky Gong - New Album Release
 
設計英文
設計英文設計英文
設計英文
 
Merch Attack! Book 2008
Merch Attack! Book 2008Merch Attack! Book 2008
Merch Attack! Book 2008
 
Music Video Analysis
Music Video AnalysisMusic Video Analysis
Music Video Analysis
 
fnoobradiolaunch presents bryzant radio
fnoobradiolaunch presents bryzant radiofnoobradiolaunch presents bryzant radio
fnoobradiolaunch presents bryzant radio
 
Madskippers Artists Info 2007
Madskippers Artists Info 2007Madskippers Artists Info 2007
Madskippers Artists Info 2007
 
OpX Capital Partners
OpX Capital PartnersOpX Capital Partners
OpX Capital Partners
 
Presentation1
Presentation1Presentation1
Presentation1
 
資訊素養
資訊素養資訊素養
資訊素養
 
Cristobal colon
Cristobal colonCristobal colon
Cristobal colon
 
Scene Setup
Scene SetupScene Setup
Scene Setup
 
Scene Setup
Scene SetupScene Setup
Scene Setup
 
Mi casa y mi calle
Mi casa y mi calleMi casa y mi calle
Mi casa y mi calle
 
Advert analysis
Advert analysisAdvert analysis
Advert analysis
 
meme
memememe
meme
 
Music Video Analysis
Music Video AnalysisMusic Video Analysis
Music Video Analysis
 
Press Sheet madskippers release
Press Sheet madskippers releasePress Sheet madskippers release
Press Sheet madskippers release
 

Similar to Web Server Technologies Part III: Security & Future Musings

Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
Abdul Wahid
 
Running head Cryptography1Cryptography16.docx
Running head Cryptography1Cryptography16.docxRunning head Cryptography1Cryptography16.docx
Running head Cryptography1Cryptography16.docx
healdkathaleen
 
3 secure design principles
3   secure design principles3   secure design principles
3 secure design principles
drewz lin
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-Practices
Octogence
 
Security Operations
Security OperationsSecurity Operations
Security Operations
ankitmehta21
 

Similar to Web Server Technologies Part III: Security & Future Musings (20)

Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Security in the cloud protecting your cloud apps
Security in the cloud   protecting your cloud appsSecurity in the cloud   protecting your cloud apps
Security in the cloud protecting your cloud apps
 
Running head Cryptography1Cryptography16.docx
Running head Cryptography1Cryptography16.docxRunning head Cryptography1Cryptography16.docx
Running head Cryptography1Cryptography16.docx
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
 
Cloud Computing & Security
Cloud Computing & SecurityCloud Computing & Security
Cloud Computing & Security
 
R U aBLE? BLE Application Hacking
R U aBLE? BLE Application HackingR U aBLE? BLE Application Hacking
R U aBLE? BLE Application Hacking
 
3 secure design principles
3   secure design principles3   secure design principles
3 secure design principles
 
Oracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesOracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best Practices
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-Practices
 
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud Design a Secure Azure IaaS - Lesson Learnt from Government Cloud
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud
 
A talk on OWASP Top 10 by Mukunda Tamly
A talk on  OWASP Top 10 by Mukunda TamlyA talk on  OWASP Top 10 by Mukunda Tamly
A talk on OWASP Top 10 by Mukunda Tamly
 
Security In PHP Applications
Security In PHP ApplicationsSecurity In PHP Applications
Security In PHP Applications
 
CyberIgnite.pdf
CyberIgnite.pdfCyberIgnite.pdf
CyberIgnite.pdf
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...
 
Security Operations
Security OperationsSecurity Operations
Security Operations
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best Pratices
 
network security / information security
network security / information securitynetwork security / information security
network security / information security
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics
 
Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web Systems
 

Recently uploaded

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Recently uploaded (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

Web Server Technologies Part III: Security & Future Musings

  • 1. Web Server Technologies Part III: Security & Future Musings Joe Lima Director of Product Development Port80 Software, Inc. [email_address]
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13. Brett Hill’s Recommended ACLs Web Server Technologies | Part III: Security & Future Musings
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23. Transaction Security Pictured Web Server Technologies | Part III: Security & Future Musings This is clear text Bf$tladk&kl)eil.,mvl#d;ai This is clear text This is clear text Bf$tladk&kl)eil.,mvl#d;ai This is clear text Recipient’s Public Key Recipient’s Private Key Private Session Key Private Session Key Secure Transmission Recipient Sender Symmetric Asymmetric
  • 24.
  • 25.
  • 26.
  • 27.