Application Security

Web application security aims to deal with and fulfill the four conditions of security, additionally
said as principles of security:
 Confidentiality
 Integrity
 Availability
 Authentication
 Nonrepudiation

Info Security
 Are Application Users additionally info Users?
 Is Security implemented within the Application or within the Database?

Email Security

 S/MIME – Secure/Multipurpose Internet Mail Extensions

 MOSS – Minimum Operating Security Standards
 PEM – Privacy Enhanced Mail
 PGP – Pretty Good (Smart) Privacy

Internet Security
 SSL – Secure Socket Layer – Encryption based Internet security protocol
 TLS – Transport Layer Security - facilitate privacy and data security for communications
over the Internet
 S-HTTP – Secure HTTP - allows the secure exchange of files on the World Wide Web.

Knowledge Security Issues

 Backup Issues
 Repository Storage
 Archival Storage

Disposal of Data
 Information Removal and Disposal strategies for disk
 Information Removal and Disposal strategies for Optical Media

Information Removal/Disposal Tecniques

 Clearing
 Purging – (Unrecoverable)
 Verification of Knowledge Removal

Security Technology

 Mandatory Access Control (MAC) – Owner defines security policy

 Nondiscretionary controls
◦ Role based Access Control (RBAC)
◦ Task based Access Control (TBAC)
◦ Discretionary Access Control (DAC)

Firewall
Firewalls may be classified into three different ways:
1. by their processing type
2. by their evolutional generation
3. by the way they are implemented (structure).

Firewalls by processing type:

Packet-filtering firewalls:
 Static – Administrator sets the rules
 Dynamic – Firewall sets some rules itself
 Stateful – denies packets sent to any port unless a connection to that port has already been
negotiated

Application gateway firewalls

 OSI model

Circuit Gateway
 lives on the transport layer that is related to warranted delivery of packets

Hibrid Firewall
 Mix of all types of firewalls