Current Web Components - The Internet is built around common web components and protocols to enable interoperability.
- Security concerns include server security, security during data transport, and end-user machine security.
Protocols - The commonest encryption protocol implementations are SSL and TLS.
- Web pages are delivered via HTTP and HTTPS.
- Directory services are delivered by DAP and LDAP, with LDAP being the commonest implementation.
- File transfers are typically accomplished using File Transfer Protocol (FTP).
- Web Services utilize technologies including SOAP, XML Schemas, and UDDI to allow remote procedure execution across the Web.
Code-Based Vulnerabilities - The commonest code-based vulnerability is a buffer overflow.
- Java and JavaScript have specific security implications and must be properly configured to run securely.
- Cookies, properly employed, are not a security issue and can enhance a user’s web experience.
- Plug-ins and applets, necessary for a content-rich web experience, have security concerns that can be mitigated through proper system setup and code signing.
|