Lecture 10: Web security & Projects

Web Programming

J Mwaura

Lecture Outline

  1. Introduction to web security
  2. Projects
  3. Examples
  4. Resources

Attacks

key groups of attacks

  1. Attacks against server scripts
  2. Attacks against business
  3. Attacks against people
  4. Attacks against software clients

A good default state as a systems administrator is therefore Trust No One

Introduction to web security

Web security is a wide area, but we can look at security in a number of frameworks

  1. Machine attacks vs. manipulation of human elements (and between)
  2. Attacks against servers vs. attacks against clients (and attacks against servers to attack clients)
  3. Scripted attacks vs. bespoke attacks (and between)
  4. Attacks to stop business vs. attacks that should go undetected
  5. Attacks by one source vs. attacks by multiple sources

Machine attacks vs. manipulation of human elements (and between)

Attacks via access to passwords - by pretence or allow attackers direct physical access to a machine or network

Attacks against servers vs. attacks against clients

Direct attacks against software clients - download malicious software

Direct attacks against connected servers - attacks through networks without firewall

Scripted attacks vs. bespoke attacks (and between)

Scripted attacks work on scripts

bespoke hackers work at the machine-code level or lower to find exploits

Attacks to stop business vs. attacks that should go undetected

These attacks aims for maximum distruption

Attacks by one source vs. attacks by multiple sources

Simultaneous attacks from multiple sources from multiple compromised machines

Example - Events with D3 JS

Example - Events

Example - Election Geovisualization

Projects

  1. Create a mapping application that pulls data from a database
  2. Create a web application supporting spatial analysis
  3. Mapping social media data
  4. Cancer map application

Examples

Resources

End of Lecture 10

Web Programming

That's it!

Queries about this Lesson, please send them to: jmwaura@jkuat.ac.ke

*References*

  • Google Maps; Power Tools for Maximizing the API, 2014 Evangelos Petroutsos
  • D3 Tips and Tricks; Interactive Data Visualization in a Web Browser, 2013 Malcolm Maclean
  • Interactive Data Visualization for the Web, 2013 Scott Murray
  • Web Programming with HTML5, CSS, and JavaScript, 2019 John Dean
  • Leaflet Documentation Leaflet Team
  • Google Documentation for developers Google Team
Courtesy of
Web Programming