Ch 4 - The Web - user side¶
Major browsers: Google Chrome, Mozilla Firefox, Microsoft Internet Explorer, Opera and Safari.
Browser attacks¶
- Man-in-the-browser
- Keystroke logger
- Page-in-the-middle
- User-in-the-middel
Countermeasures again authentication vulnerabilities¶
- Shared secret
- OTP
- out-of-band-communications
Web security terms¶
- Download substitution
- Website defacement
- Fake website
- Fake code
- Integrity checksum
- Signed code
- web bug
- clickjacking
- PGP
- S/MIME
- CAPTCHA
- Drive-by download
- cross-site injection
- SQL injection
- spam
Integrity checksums and signed code are used as controls to protect websites against change.