Web Security

Dr. H.R. Chennamma

Asst. Professor, Dept. of MCA
SJCE, Mysore - 6

13/03/2015 1
Challenges for Web Security
• Casual and untrained (in security matters)
users are common clients for web-based
services.
• The short history of the Web is filled with
examples of new and upgraded systems, that
are vulnerable to a variety of security attacks.
• Reputations can be damaged and money can
be lost if the Web servers are subverted.
Web Security Threats
Two types of security threats:
• Passive attacks
• Active attacks

Another way to classify Web security threats is in

terms of the location of the threat:
• Web Server
• Web Browser
• Network traffic between browser and server
Location of Security Facilities in TCP/IP
Transport- Layer Security
In fact, it uses the security for the application layer,
which uses the services of TCP as a connection-
oriented protocol
UDP and E-mail applications cannot benefit from the
transport layer security.

Two protocols are used to provide security:

– Secure Sockets Layer (SSL) Protocol
– Transport Layer Security (TLS) protocol
SSL Architecture
SSL is designed to make use of TCP to provide a
reliable end-to-end secure service.

SSL is not a single protocol but rather two layers

of protocols.
 SSL Record Protocol
It provides two services for SSL Connections:

• Confidentiality
• Message Integrity
SSL Record Protocol