Place Holder Products Code
Bash MySQL
Notes Return of the Fed Login
Admin Control Panel Email Control Panel Product Control Panel Debug Info Beacon Create Snippet Tag Control Panel


*Most of these are works in progress

Computer & Network Security Notes Web Security: Basic Model: Browser <-HTTP-> Server Complicated (modern) Model includes the addition of firewalls, Proxies (caching/non-caching), tunnels, Gateways, diverse client/server side languages Vulnerability Analysis: - Protocol: Authing - Infrastructure: Response Splitting - Server-side: session/cookie handling, XSS, SQLInjection - Client-side: Browsers, general client-side security HTTP Request: - Header, METHOD + Resource + Protocol Version - Body (optional), considered a byte stream - Fields separated by CRLF - Methods: - GET: request a resource by URL - HEAD: request only metadata - POST: request processing of included data at URL - OPTIONS: Request information about communication options * URL = Server Options - PUT: Store included data at URL Resources: - Absolute URI: - Absolute PATH: /index.html Host Field (in HTTP1.1) specifies which server at IP. HTTP Response: - Header w/ protocol, status code, diagnostic text - Body is byte stream - Header Fields: - General: Date, pragma, Cache-Control - Request: Accept, Host, Authorization, From, User-Agent - Response: Location, Server - Entity: Allow, Content-Encoding, Content-Length, C-Type, etc. URI Syntax: <scheme>://<authority><path>?<query> Basic HTTP Auth: - Challenge/Response: - Challenge and shcema (type) return w/ 401 (unauthorized) - Auth request a Realm (a set of resources) - Client supplies auth header w/ creds - 401 includes www-Authenticate: realm="my_realm" - HTTP1.1 Auth: - Server also sends nonce as challenge - Client sends digest of nonce, user, pass HTTP method, and requested URL HTTP is stateless! How then do we maintain state? - URL embedded information - Hidden Fields (in the html for instance) - Cookies: - Server stores on client - Set with "Set-Cookie" header - Further cookie use done in "Cookies" header - Only accessible by site that set the cookie - Cookie components: - name=val: required key/val pair - secure: cookie can only be sent over secure connections - http-only: cookie not accessible by client-side scripts - Sessions: - Time limited user-server interactions - NOT an HTTP-level concept (implemented at web-app level) - This can be supplemented, implemented with cookies, in URLs, and via hidden forms SERVER-SIDE: CGI (Common-Gateway Interface): - Used to invoke programs on server - Output returned to client - Input from URL/URL body (GET/POST) - Input is piped to CGIs stdin - Parameters passed as Environment variables - Parameters include: QUERY_STRING, SERVER_PROTOCOL, etc. ASP (Active-Server Page) - MSs CGI: - Contains text, html, script (VB or JS), Server-Side includes Servlet: Java program executed on server, similar to CGI Java-Server Page: HTML mixed w/ java PHP ("PHP Hypertext Processor"): - Executed on server when page is requested WebApp Frameworks (Ruby on Rails, Pylon, etc.): - Rapid Web app dev/deployment - Often based on MVC CLIENT-SIDE: Java Applet: - Downloaded onto client, run in Browser context - Resource access limited by Java Security Manager ActiveX Controls: - Binary - Downloaded/Executed in Browser context - Windows Browsers only Native Client (NaCl): - Maybe C/C++ - Runs in sandbox (one inner, one outer) - Inner sandbox: - Require: Reliable disassembly, valid jumps, use of segmentation - Code Validator (<600 C statements) - Validator guarantees that given instruction S, can only call in S. - NPAPI (Netscape standard) (Interprocess communication, or IPC) - RPC (IPC) - Provided with "safe" subset of POSIX calls - Internet access through JS Client-Side Scripting: - Javascript, JScript, VBScript - Window: - DOM (Document Object Model): Allows script to alter content - BOM (Browser Object Model): Allows script to modify Browser properties Javascript is Sanboxed, so: - No file access - No network resource access - No window under 100x100px (?: ref/detail) - No browser history (directly: link-color harvesting for instance could be used to gather history data) Javascript policies: - Same Origin: JS can only access resources with the same origin ( - Origin: URI Scheme (protocol), hostname, port# AJAX: Asynchronous Javascript and XML - Modify page based on result of request w/o user interaction - JS DOM manipulation & XML-HTTP request object XML-HTTP Request: Allow JS to retrieve XML data