Web application security - the fast guide 1.1 | Page 5

2.4
Client side functionalities- CSS..................................................................................... 33
2.5
Client side functionalities – Java Script...................................................................... 34
2.6
Server side functionalities............................................................................................... 35
2.7
Server side functionalities- Web Servers.................................................................. 36
2.7.1
Netscape enterprise server:................................................................................ 36
2.7.2
Apache server:........................................................................................................... 36
2.7.3
Microsoft IIS:.............................................................................................................. 36
2.8
Server side functionalities- Scripting languages.................................................... 37
2.8.1
PHP:................................................................................................................................ 37
2.8.2
Perl:................................................................................................................................. 37
2.8.3
VBscript:....................................................................................................................... 38
2.9
Server side functionalities- frameworks................................................................... 38
2.9.1
Ruby on rails:............................................................................................................. 38
2.9.2
ASP. NET:....................................................................................................................... 39
2.9.3
Java:................................................................................................................................ 39
2.10
Server side functionalities- Database Access.......................................................... 39
2.11
Server side functionalities- Web Services................................................................ 40
2.12
QUIZ:........................................................................................................................................ 43
Chapter 3
Vulnerabilities and threat models................................................................... 46
3.1
Vulnerabilities, threats and attack............................................................................... 47
3.2
Threats risk modeling........................................................................................................ 48
3.2.1
Definition:.................................................................................................................... 48
3.2.2
Threat modeling process:.................................................................................... 48
3.3
Threats and vulnerabilities models-IIMF.................................................................. 50
3.4
Threats and vulnerabilities models- CIA................................................................... 50
3.4.1
Confidentiality:.......................................................................................................... 50
3.4.2
Integrity:....................................................................................................................... 51
3.4.3
Availability:................................................................................................................. 51
3.5
Threats and vulnerabilities models- STRIDE............................................................ 52
3.5.1
Spoofing:...................................................................................................................... 52
3.5.2
Tampering Data:....................................................................................................... 52
3.5.3
Repudiation:............................................................................................................... 52
3.5.4
Information disclosure:........................................................................................ 52
3.5.5
Denial of service:...................................................................................................... 53