Web Security 17L238
Web Security 17L238
ASSIGNMENT PRESENTATION
WEB SECURITY
By
Rakesh Balaji V
17L238
INSTAGRAM PAGES
TWITTER: ELECTRONIC FUND TRANSFER:
WEB SECURITY
THREATS:
Relative Location of Security Facilities in
the TCP/IP Protocol Stack:
In this chapter we look
into SSL/TSL and SET only.
1024
1024
HEADER:
Content type (8 bits)
Major version (8 bits)
Minor version (8 bits)
Compressed length (16 bits)
SSL Change Cipher Spec Protocol
• One of 3 SSL specific protocols which use the SSL Record protocol
• A single message with 1 byte data.
• Causes pending state to become current
• Hence updating the cipher suite in use
• To indicate that the communication is shifted from unencrypted to
encrypted.
SSL Alert Protocol
LEVEL:
• Warning (value = 1)
• Fatal (value = 2)
If fatal, immediately terminates the connection. Other connections may
continue. But further connection won’t establish.
ALERT:
Contains code that indicates specific alert.
Unexpected message Handshake failure
Bad record mac Illegal parameter
Decompression failure
SSL Handshake Protocol
Allows server & client to:
• Authenticate each other
• To negotiate encryption & MAC algorithms
• To negotiate cryptographic keys to be used
10 different messages
(refer book page 538
table 17.2)