Web security Part-2 #38

-

 



SSL

Secure socket layer (SSL), an encrypt based internet security protocol, it was founded for the ensuring of the integrity and privacy of the connection of the internet by the Netscape company at 1995, nowadays it names TLS.

How it works

It like the new TLS based on the concept of the handshake TLS.

 

Cors

Cross origin resources sharing (CORS) is a mechanism that uses HTTP headers to specify which outer origin have access to the local assets and how can access it that is mean we can make a white list for the allowed cross origins that has access to our assets the server must have a way to handle the outer requests and this what we will discuss now.

How it Works

When the site makes a get request to get resources from the out server, the browser adds a header that contains the origin like the example origin:

http://www.developersdj.com

the server receives the pre-flight request and searches in its whites list for access control allow origins about the giving origin and sends to the browser option call, then the browser will determine if the actual request is safe to send or not example access control allow origin http://www.developersdj.com or this header access control allow origin * will allow any request to take the resource.

If the server specific the methods it will compare the request method with its example access control allow methods: PUT, DELETE

 

CSP

Content security policy is more security layer that helps in detect and mitigate different sort of militias attacks like (cross site scripting(XSS), data injection attacks, Clickjacking, Etc.)

Cross site scripting (XSS)

It a vulnerability that allows the hacker to inject a militias code in the base website and it is for making the client executes it to take sensitive data like cookies, session’s info and site specification information, that happens because web app does not use enough validation or encoding, the user’s browser cannot detect the malicious script is untrustworthy.

Data injection attacks

Is a malicious code injected in the network which fetched all the information from the database to the attacker and the number one type of it is the SQL injection?

Click jacking

Or “UI redress attack” is when an attacker tricks a user into clicking on a button or link on another page that uses multiple transparent or opaque layer when he intended to click on the top level

 How it Work

It uses directives concepts that’s every directive has to specify where resources can load from, preventing browsers from loading data from any other locations

Comments

Post a Comment

Thanks you
for comment and your suggestion

Popular posts from this blog

Hacker Directory #49

-
Image
  Do you feel dumb when you don't know the meaning of a certain term?  Well, then this will certainly help you out!  If you are ever unsure about anything, simply swipe left and find that specific word, then read the definition.  ABBREVIATIONS DDoS = Distributed Denial of Service DrDoS = Distributed Reflected Denial of Service Attack, uses a list of reflection servers or other methods such as DNS to spoof an attack to look like it's coming from multiple ips.  Amplification of power in the attack COULD occur.  FTP = File Transfer Protocol. Used for transferring files over an FTP server. FUD = Fable Hex = In computer science, hexadecimal base - refers to the number 16. These are the numbers that use the digits in the series: 0123456789ABCDEF. In the C programming language (as well as Java, JavaScript, C and other places), hexagonal numbers are subscribed by a bull. Thus, one can say that the number 0x80 is not equal to 80 decimals but equal to 128...
Read more

Programmer Know about following concept #21

-
Image
1. Caching 2. Time Complexity 3. Networking basics 4. Cloud Computing 5. Data structures and Algorithms 6. Database and SQL 7. Text editors 8. UNIX 9. Programming languages 10. Scripting languages   Explain  : 1. Caching A cache is stores data, that is hardware or software component so that future requests for that data can be served faster. Without cache no modern web system can runs. 2. Time Complexity Time complexity is the computational complexity that   describes the amount of time it takes to run on algorithm. 3. Networking basics You have to understand the basics of how the network in order to be a good programmer. Through switches, routers and wireless access points, devices connected to your network can communicate with one another and with other networks, like internet. Routers, wireless access points and Switches perform very different functions in a network. 4. Cloud Computing It's the on-demand availability of computer system resources, especially data s...
Read more

You are Founder of Software company #20

-
Image
Visual Design: The Goal of visual design is to shape and improve the user experience through considering the effects of illustration typography, space, etc. it is important to note that the visual side needs to comply with the UX design. Having a product that looks good cannot justify poor usability. Tips : Try developing a sense of good design by reading something (example: relevant digests) for 30 min every week to train your perception. you don’t need to have any actual design skill.   Resources: designernews.co Sodebar.io   UX Design: User experience describe all the interaction between customer and a product – From visual on a landing page to support request. Bad user experience designed make people hate your product. Tips : If you are not an expert. Follow establish design patterns and try copy great products design when possible. Those teams spent a lot of resources on experiments to improve their UX design, so it ...
Read more