Web application security - the fast guide 1.1 | Page 5

2.4

Client side functionalities - CSS ..................................................................................... 33

2.5

Client side functionalities – Java Script ...................................................................... 34

2.6

Server side functionalities ............................................................................................... 35

2.7

Server side functionalities - Web Servers .................................................................. 36

2.7.1

Netscape enterprise server :................................................................................ 36

2.7.2

Apache server :........................................................................................................... 36

2.7.3

Microsoft IIS :.............................................................................................................. 36

2.8

Server side functionalities - Scripting languages .................................................... 37

2.8.1

PHP : ................................................................................................................................ 37

2.8.2

Perl :................................................................................................................................. 37

2.8.3

VBscript :....................................................................................................................... 38

2.9

Server side functionalities - frameworks ................................................................... 38

2.9.1

Ruby on rails :............................................................................................................. 38

2.9.2

ASP . NET :....................................................................................................................... 39

2.9.3

Java : ................................................................................................................................ 39

2.10

Server side functionalities - Database Access .......................................................... 39

2.11

Server side functionalities - Web Services ................................................................ 40

2.12

QUIZ : ........................................................................................................................................ 43

Chapter 3

Vulnerabilities and threat models ................................................................... 46

3.1

Vulnerabilities , threats and attack ............................................................................... 47

3.2

Threats risk modeling ........................................................................................................ 48

3.2.1

Definition :.................................................................................................................... 48

3.2.2

Threat modeling process : .................................................................................... 48

3.3

Threats and vulnerabilities models -IIMF .................................................................. 50

3.4

Threats and vulnerabilities models - CIA ................................................................... 50

3.4.1

Confidentiality :.......................................................................................................... 50

3.4.2

Integrity :....................................................................................................................... 51

3.4.3

Availability :................................................................................................................. 51

3.5

Threats and vulnerabilities models - STRIDE ............................................................ 52

3.5.1

Spoofing : ...................................................................................................................... 52

3.5.2

Tampering Data :....................................................................................................... 52

3.5.3

Repudiation :............................................................................................................... 52

3.5.4

Information disclosure : ........................................................................................ 52

3.5.5

Denial of service :...................................................................................................... 53