SECURITY IN COMPUTING FIETH EDITION Chapter 10: The Web-User Side 授课教师:高海波 可南中医药大学 信息管理与信息系统教研室 From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
SECURITY IN COMPUTING, FIFTH EDITION Chapter 10: The Web—User Side From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 1 授课教师:高海波 河南中医药大学 信息管理与信息系统教研室
2 Chapter 10 Objectives Attacks against browsers Fake and malicious websites Attacks targeting sensitive data Injection attacks Spam Phishing attacks From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Chapter 10 Objectives • Attacks against browsers • Fake and malicious websites • Attacks targeting sensitive data • Injection attacks • Spam • Phishing attacks 2 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
3 Browser vulnerabilities 1000 900 897 800 727 700 600 500 400 300 208 207 200 100 0 200820092010201120122013 From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Browser Vulnerabilities 3 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
Browser Attack Types Man-in-the-browser Keystroke logger Page-in-the-middle Program download substitution User-in-the-middle From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Browser Attack Types •Man-in-the-browser •Keystroke logger •Page-in-the-middle •Program download substitution •User-in-the-middle 4 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
5 Man-in-the-Browser Browser Encrypted data User types transferred to encrypts bank 分 AN SilentBanker intercepts From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Man-in-the-Browser 5 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved