UNIT - 3 Notes
UNIT - 3 Notes
1
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
Access Control
1. Access control is a method of limiting access to a system,
physical or virtual resources.
2
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
3
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
4
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
5
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
Features of UNIX:
6
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
1. It is an open source.
7
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
Windows
1. It is a close source.
5. It is user friendly
Browser Isolation
1. Browser isolation is a cyber security model for web
browsing that can be used to physically separate an
internet user's browsing activity from their local machine,
network and infrastructure.
8
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
9
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
10
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
11
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
Threat Modelling
12
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
Rendering
1. Rendering or image synthesis is the automatic process
of generating a photorealistic or non-photorealistic
image from a 2D or 3D model by means of computer
programs. Also, the result of displaying such a model is
called a render.
13
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
14
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
9. The plugin combines that data with some meta data and
sends the HTTP response back to the browser.
10. The browser receives the response, and parses the HTML
in the response, A DOM tree is built out of the broken
HTML.
11. New requests are made to the server for each new
resource that is found in the HTML source (typically
images, style sheets, and JavaScript files).
15
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
with the device. Every app and every website has a user
interface.
Cookies:
1. These are small text files that the web browser stores on
the computer.
Frame busting:
18
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
19
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
6. Security misconfiguration:
20
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
8. Reflected XSS:
21
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
22
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
23
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
24
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
25
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
2. On Server Side:
26
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
Cross-Site Scripting
1. Cross-site scripting (XSS) is vulnerability in a web
application that allows a third party to execute a script in the
user's browser on behalf of the web application.
1.REFLECTED XSS :
2. STORED XSS :
28
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
1. Escaping:
2.Validating input:
29
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
3. Sanitizing:
30
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
XSS vulnerabilities
Following are XSS vulnerabilities:
b. The victim then retrieves the malicious script from the server
when it requests the stored information. Stored XSS is also
referred to as
Persistent or Type-I XSS.
31
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3
32