ݺߣshows by User: test2v / http://www.slideshare.net/images/logo.gif ݺߣshows by User: test2v / Mon, 11 Jun 2012 11:26:43 GMT ݺߣShare feed for ݺߣshows by User: test2v DOM-based XSS /slideshow/dombased-xss/13281097 domxssdandel160412sw-120611112646-phpapp01
This is our M.Sc. project thesis, attested on the 11.06.2012]]>
This is our M.Sc. project thesis, attested on the 11.06.2012]]> Mon, 11 Jun 2012 11:26:43 GMT /slideshow/dombased-xss/13281097 test2v@slideshare.net(test2v) DOM-based XSS test2v This is our M.Sc. project thesis, attested on the 11.06.2012 <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/domxssdandel160412sw-120611112646-phpapp01-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> This is our M.Sc. project thesis, attested on the 11.06.2012
DOM-based XSS from Krassen Deltchev
]]> 4467 8 https://cdn.slidesharecdn.com/ss_thumbnails/domxssdandel160412sw-120611112646-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds document Black http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 Automated Validation of Internet Security Protocols and Applications (AVISPA) , slides /slideshow/automated-validation-of-internet-security-protocols-and-applications-avispa/12809483 deltchevavispappt-120505060627-phpapp02
These are the slides to my first B.Sc. term paper- AVISPA, 2006. These slides are presented to the Department of Electrical Engineering and Information Sciences of the Ruhr-University of Bochum Chair of Network and Data Security of the Ruhr-University of Bochum, Horst-Görtz Institute, Prof. Jörg Schwenk ]]>
These are the slides to my first B.Sc. term paper- AVISPA, 2006. These slides are presented to the Department of Electrical Engineering and Information Sciences of the Ruhr-University of Bochum Chair of Network and Data Security of the Ruhr-University of Bochum, Horst-Görtz Institute, Prof. Jörg Schwenk ]]> Sat, 05 May 2012 06:06:24 GMT /slideshow/automated-validation-of-internet-security-protocols-and-applications-avispa/12809483 test2v@slideshare.net(test2v) Automated Validation of Internet Security Protocols and Applications (AVISPA) , slides test2v These are the slides to my first B.Sc. term paper- AVISPA, 2006. These slides are presented to the Department of Electrical Engineering and Information Sciences of the Ruhr-University of Bochum Chair of Network and Data Security of the Ruhr-University of Bochum, Horst-Görtz Institute, Prof. Jörg Schwenk <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/deltchevavispappt-120505060627-phpapp02-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> These are the slides to my first B.Sc. term paper- AVISPA, 2006. These slides are presented to the Department of Electrical Engineering and Information Sciences of the Ruhr-University of Bochum Chair of Network and Data Security of the Ruhr-University of Bochum, Horst-Görtz Institute, Prof. Jörg Schwenk
Automated Validation of Internet Security Protocols and Applications (AVISPA) , slides from Krassen Deltchev
]]> 1402 7 https://cdn.slidesharecdn.com/ss_thumbnails/deltchevavispappt-120505060627-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds presentation White http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 Automated Validation of Internet Security Protocols and Applications (AVISPA) /slideshow/deltchev-avispa/12809381 deltchevavispa-120505055026-phpapp02
This is my first B.Sc. term paper, 2006. Back in the days my English was bad, which is obvious, while reading the paper, but i still love it, cuz this was my academic starting point on the topic of IT-Security. Enjoy! This B.Sc. term paper is presented to the Department of Electrical Engineering and Information Sciences of the Ruhr-University of Bochum Chair of Network and Data Security of the Ruhr-University of Bochum, Horst-Görtz Institute, Prof. Jörg Schwenk Abstract: The AVISPA Model Checker is a tool for automated validation and verification of security protocols. It provides a push-button web-based software- and hardware-independent interface and installation binaries for UNIX-based Operating Systems. It belongs to the group of the state-of-the-art Model Checkers and uses a modular and descriptive formal language for specifying industrial-scale security protocols. The different back-ends of the AVISPA tool implement new optimized analysing techniques for automated protocol verification. Therefore the researcher/scientist can prove even bigger in their specification protocols in a short time and in a user-friendly way. New cryptographic attacks are explored using the AVISPA tool and the Model-Checker covers widest range of the modern authentication internet protocols, regarding their security validation.]]>
This is my first B.Sc. term paper, 2006. Back in the days my English was bad, which is obvious, while reading the paper, but i still love it, cuz this was my academic starting point on the topic of IT-Security. Enjoy! This B.Sc. term paper is presented to the Department of Electrical Engineering and Information Sciences of the Ruhr-University of Bochum Chair of Network and Data Security of the Ruhr-University of Bochum, Horst-Görtz Institute, Prof. Jörg Schwenk Abstract: The AVISPA Model Checker is a tool for automated validation and verification of security protocols. It provides a push-button web-based software- and hardware-independent interface and installation binaries for UNIX-based Operating Systems. It belongs to the group of the state-of-the-art Model Checkers and uses a modular and descriptive formal language for specifying industrial-scale security protocols. The different back-ends of the AVISPA tool implement new optimized analysing techniques for automated protocol verification. Therefore the researcher/scientist can prove even bigger in their specification protocols in a short time and in a user-friendly way. New cryptographic attacks are explored using the AVISPA tool and the Model-Checker covers widest range of the modern authentication internet protocols, regarding their security validation.]]> Sat, 05 May 2012 05:50:25 GMT /slideshow/deltchev-avispa/12809381 test2v@slideshare.net(test2v) Automated Validation of Internet Security Protocols and Applications (AVISPA) test2v This is my first B.Sc. term paper, 2006. Back in the days my English was bad, which is obvious, while reading the paper, but i still love it, cuz this was my academic starting point on the topic of IT-Security. Enjoy! This B.Sc. term paper is presented to the Department of Electrical Engineering and Information Sciences of the Ruhr-University of Bochum Chair of Network and Data Security of the Ruhr-University of Bochum, Horst-Görtz Institute, Prof. Jörg Schwenk Abstract: The AVISPA Model Checker is a tool for automated validation and verification of security protocols. It provides a push-button web-based software- and hardware-independent interface and installation binaries for UNIX-based Operating Systems. It belongs to the group of the state-of-the-art Model Checkers and uses a modular and descriptive formal language for specifying industrial-scale security protocols. The different back-ends of the AVISPA tool implement new optimized analysing techniques for automated protocol verification. Therefore the researcher/scientist can prove even bigger in their specification protocols in a short time and in a user-friendly way. New cryptographic attacks are explored using the AVISPA tool and the Model-Checker covers widest range of the modern authentication internet protocols, regarding their security validation. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/deltchevavispa-120505055026-phpapp02-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> This is my first B.Sc. term paper, 2006. Back in the days my English was bad, which is obvious, while reading the paper, but i still love it, cuz this was my academic starting point on the topic of IT-Security. Enjoy! This B.Sc. term paper is presented to the Department of Electrical Engineering and Information Sciences of the Ruhr-University of Bochum Chair of Network and Data Security of the Ruhr-University of Bochum, Horst-Görtz Institute, Prof. Jörg Schwenk Abstract: The AVISPA Model Checker is a tool for automated validation and verification of security protocols. It provides a push-button web-based software- and hardware-independent interface and installation binaries for UNIX-based Operating Systems. It belongs to the group of the state-of-the-art Model Checkers and uses a modular and descriptive formal language for specifying industrial-scale security protocols. The different back-ends of the AVISPA tool implement new optimized analysing techniques for automated protocol verification. Therefore the researcher/scientist can prove even bigger in their specification protocols in a short time and in a user-friendly way. New cryptographic attacks are explored using the AVISPA tool and the Model-Checker covers widest range of the modern authentication internet protocols, regarding their security validation.
Automated Validation of Internet Security Protocols and Applications (AVISPA) from Krassen Deltchev
]]> 2312 10 https://cdn.slidesharecdn.com/ss_thumbnails/deltchevavispa-120505055026-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds document White http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 Performance of Group Key Agreement Protocols( Theory) /slideshow/egkapwmn-kdeltchev-23082010/12809333 egkapwmnk-deltchev23082010-120505054406-phpapp01
Here is another M.Sc. term apper of mine, covering the topic of Group Key Agreement Protocols on Wireless Mesh Networks. This M.Sc. term paper is presented to the Department of Electrical Engineering and Information Sciences of the Ruhr-University of Bochum Chair of Network and Data Security of the Ruhr-University of Bochum, Horst-Görtz Institute, Prof. Jörg Schwenk Abstract: Nowadays networking is more than implementing static wired network infrastructure. The utilisation of wireless agile network constructs, represents a well established build-up on the “old world” and in some cases the only feasible solution. Therefore the aspects, concerning the dynamics, stability, security and performance issues of such “new world” networks are still of great interest of the researchers. An important approach to represent an appropriate security level of dynamic wireless networks is utilised via Group Key Agreement Protocols. In most cases, the reader can find information, regarding these protocols, in literature, concerning Mobile Ad-Hoc Networks. Though, there are not enough publications on the topic of Group Key Agreement Protocols[GKAPs] for Wireless Mesh Networks[WMN], moreover on the performance issues of their utilisation. We shall consider this as a exciting challenge for research on the topic of Distributed Key Agreement Protocols. The current term paper should represent a discussion over the security aspects of WMN, the performance of Group Key Agreement Protocols for Wireless Mesh Networks, represent methods, concerning these performance aspects and illustrate the GKAPs by means of their classification.]]>
Here is another M.Sc. term apper of mine, covering the topic of Group Key Agreement Protocols on Wireless Mesh Networks. This M.Sc. term paper is presented to the Department of Electrical Engineering and Information Sciences of the Ruhr-University of Bochum Chair of Network and Data Security of the Ruhr-University of Bochum, Horst-Görtz Institute, Prof. Jörg Schwenk Abstract: Nowadays networking is more than implementing static wired network infrastructure. The utilisation of wireless agile network constructs, represents a well established build-up on the “old world” and in some cases the only feasible solution. Therefore the aspects, concerning the dynamics, stability, security and performance issues of such “new world” networks are still of great interest of the researchers. An important approach to represent an appropriate security level of dynamic wireless networks is utilised via Group Key Agreement Protocols. In most cases, the reader can find information, regarding these protocols, in literature, concerning Mobile Ad-Hoc Networks. Though, there are not enough publications on the topic of Group Key Agreement Protocols[GKAPs] for Wireless Mesh Networks[WMN], moreover on the performance issues of their utilisation. We shall consider this as a exciting challenge for research on the topic of Distributed Key Agreement Protocols. The current term paper should represent a discussion over the security aspects of WMN, the performance of Group Key Agreement Protocols for Wireless Mesh Networks, represent methods, concerning these performance aspects and illustrate the GKAPs by means of their classification.]]> Sat, 05 May 2012 05:44:04 GMT /slideshow/egkapwmn-kdeltchev-23082010/12809333 test2v@slideshare.net(test2v) Performance of Group Key Agreement Protocols( Theory) test2v Here is another M.Sc. term apper of mine, covering the topic of Group Key Agreement Protocols on Wireless Mesh Networks. This M.Sc. term paper is presented to the Department of Electrical Engineering and Information Sciences of the Ruhr-University of Bochum Chair of Network and Data Security of the Ruhr-University of Bochum, Horst-Görtz Institute, Prof. Jörg Schwenk Abstract: Nowadays networking is more than implementing static wired network infrastructure. The utilisation of wireless agile network constructs, represents a well established build-up on the “old world” and in some cases the only feasible solution. Therefore the aspects, concerning the dynamics, stability, security and performance issues of such “new world” networks are still of great interest of the researchers. An important approach to represent an appropriate security level of dynamic wireless networks is utilised via Group Key Agreement Protocols. In most cases, the reader can find information, regarding these protocols, in literature, concerning Mobile Ad-Hoc Networks. Though, there are not enough publications on the topic of Group Key Agreement Protocols[GKAPs] for Wireless Mesh Networks[WMN], moreover on the performance issues of their utilisation. We shall consider this as a exciting challenge for research on the topic of Distributed Key Agreement Protocols. The current term paper should represent a discussion over the security aspects of WMN, the performance of Group Key Agreement Protocols for Wireless Mesh Networks, represent methods, concerning these performance aspects and illustrate the GKAPs by means of their classification. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/egkapwmnk-deltchev23082010-120505054406-phpapp01-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> Here is another M.Sc. term apper of mine, covering the topic of Group Key Agreement Protocols on Wireless Mesh Networks. This M.Sc. term paper is presented to the Department of Electrical Engineering and Information Sciences of the Ruhr-University of Bochum Chair of Network and Data Security of the Ruhr-University of Bochum, Horst-Görtz Institute, Prof. Jörg Schwenk Abstract: Nowadays networking is more than implementing static wired network infrastructure. The utilisation of wireless agile network constructs, represents a well established build-up on the “old world” and in some cases the only feasible solution. Therefore the aspects, concerning the dynamics, stability, security and performance issues of such “new world” networks are still of great interest of the researchers. An important approach to represent an appropriate security level of dynamic wireless networks is utilised via Group Key Agreement Protocols. In most cases, the reader can find information, regarding these protocols, in literature, concerning Mobile Ad-Hoc Networks. Though, there are not enough publications on the topic of Group Key Agreement Protocols[GKAPs] for Wireless Mesh Networks[WMN], moreover on the performance issues of their utilisation. We shall consider this as a exciting challenge for research on the topic of Distributed Key Agreement Protocols. The current term paper should represent a discussion over the security aspects of WMN, the performance of Group Key Agreement Protocols for Wireless Mesh Networks, represent methods, concerning these performance aspects and illustrate the GKAPs by means of their classification.
Performance of Group Key Agreement Protocols( Theory) from Krassen Deltchev
]]> 1143 9 https://cdn.slidesharecdn.com/ss_thumbnails/egkapwmnk-deltchev23082010-120505054406-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds document White http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 XAdES Specification based on the Apache XMLSec Project /slideshow/xades-projectthesis/12809318 xadesprojectthesis-120505054038-phpapp01
This B.Sc. project thesis is presented to the Department of Electrical Engineering and Information Sciences of the Ruhr-University of Bochum Chair of Network and Data Security of the Ruhr-University of Bochum, Horst-Görtz Institute, Prof. Jörg Schwenk Abstract: XML Advanced Electronic Signature (XAdES) provides basic authentication and integrity protection, and satisfies the legal requirements for advanced electronic signatures.There are several implementations of XAdES, but most of them are not OpenSource, or are partialy proprietary software. Great project concerned with Digital Electronic Signatures is the OpenSource Apache XML Security Project. For the developer and common user there is an implementation for the XMLDSIG specification, but still no one for XAdES. The free source code implemetations of XAdES threat this project as a separate one and there is no interface, which can explicit assemble them into the Apache XML Sec. That’s why, the scope of our project is to create a library, that implements XAdES into the OpenSource Apache XML Security- to extend its functionality and level of security, so using the Apache XML Sec, gives the opportunity to handle Advanced Electronic Signatures, which is a standard of security nowadays. The library is developed in Java, because shouldn’t be any kind of OS platform - dependencies, using it as a plug-in to the Security Project of Apache. More detailed, to validate the signing and verifying of signatures, and also test our code, we use the text- based test suite of JUnit. ]]>
This B.Sc. project thesis is presented to the Department of Electrical Engineering and Information Sciences of the Ruhr-University of Bochum Chair of Network and Data Security of the Ruhr-University of Bochum, Horst-Görtz Institute, Prof. Jörg Schwenk Abstract: XML Advanced Electronic Signature (XAdES) provides basic authentication and integrity protection, and satisfies the legal requirements for advanced electronic signatures.There are several implementations of XAdES, but most of them are not OpenSource, or are partialy proprietary software. Great project concerned with Digital Electronic Signatures is the OpenSource Apache XML Security Project. For the developer and common user there is an implementation for the XMLDSIG specification, but still no one for XAdES. The free source code implemetations of XAdES threat this project as a separate one and there is no interface, which can explicit assemble them into the Apache XML Sec. That’s why, the scope of our project is to create a library, that implements XAdES into the OpenSource Apache XML Security- to extend its functionality and level of security, so using the Apache XML Sec, gives the opportunity to handle Advanced Electronic Signatures, which is a standard of security nowadays. The library is developed in Java, because shouldn’t be any kind of OS platform - dependencies, using it as a plug-in to the Security Project of Apache. More detailed, to validate the signing and verifying of signatures, and also test our code, we use the text- based test suite of JUnit. ]]> Sat, 05 May 2012 05:40:36 GMT /slideshow/xades-projectthesis/12809318 test2v@slideshare.net(test2v) XAdES Specification based on the Apache XMLSec Project test2v This B.Sc. project thesis is presented to the Department of Electrical Engineering and Information Sciences of the Ruhr-University of Bochum Chair of Network and Data Security of the Ruhr-University of Bochum, Horst-Görtz Institute, Prof. Jörg Schwenk Abstract: XML Advanced Electronic Signature (XAdES) provides basic authentication and integrity protection, and satisfies the legal requirements for advanced electronic signatures.There are several implementations of XAdES, but most of them are not OpenSource, or are partialy proprietary software. Great project concerned with Digital Electronic Signatures is the OpenSource Apache XML Security Project. For the developer and common user there is an implementation for the XMLDSIG specification, but still no one for XAdES. The free source code implemetations of XAdES threat this project as a separate one and there is no interface, which can explicit assemble them into the Apache XML Sec. That’s why, the scope of our project is to create a library, that implements XAdES into the OpenSource Apache XML Security- to extend its functionality and level of security, so using the Apache XML Sec, gives the opportunity to handle Advanced Electronic Signatures, which is a standard of security nowadays. The library is developed in Java, because shouldn’t be any kind of OS platform - dependencies, using it as a plug-in to the Security Project of Apache. More detailed, to validate the signing and verifying of signatures, and also test our code, we use the text- based test suite of JUnit. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/xadesprojectthesis-120505054038-phpapp01-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> This B.Sc. project thesis is presented to the Department of Electrical Engineering and Information Sciences of the Ruhr-University of Bochum Chair of Network and Data Security of the Ruhr-University of Bochum, Horst-Görtz Institute, Prof. Jörg Schwenk Abstract: XML Advanced Electronic Signature (XAdES) provides basic authentication and integrity protection, and satisfies the legal requirements for advanced electronic signatures.There are several implementations of XAdES, but most of them are not OpenSource, or are partialy proprietary software. Great project concerned with Digital Electronic Signatures is the OpenSource Apache XML Security Project. For the developer and common user there is an implementation for the XMLDSIG specification, but still no one for XAdES. The free source code implemetations of XAdES threat this project as a separate one and there is no interface, which can explicit assemble them into the Apache XML Sec. That’s why, the scope of our project is to create a library, that implements XAdES into the OpenSource Apache XML Security- to extend its functionality and level of security, so using the Apache XML Sec, gives the opportunity to handle Advanced Electronic Signatures, which is a standard of security nowadays. The library is developed in Java, because shouldn’t be any kind of OS platform - dependencies, using it as a plug-in to the Security Project of Apache. More detailed, to validate the signing and verifying of signatures, and also test our code, we use the text- based test suite of JUnit.
XAdES Specification based on the Apache XMLSec Project from Krassen Deltchev
]]> 5165 8 https://cdn.slidesharecdn.com/ss_thumbnails/xadesprojectthesis-120505054038-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds document White http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 Sqlia classification v1, till 2010 /slideshow/sqlia-classification-v1-till-2010/12809234 sqliaclassificationv1-120505052817-phpapp02
This classification matters the evolution of SQL injection attacks up to 2010. Here is no refernce to new attacks on WebSQl etc. It ist meant as attachment to my B.Sc. thesis from 2010. The thesis is presented to the Department of Electrical Engineering and Information Sciences of the Ruhr-University of Bochum Chair of Network and Data Security of the Ruhr-University of Bochum, Horst-Görtz Institute, Prof. Jörg Schwenk ]]>
This classification matters the evolution of SQL injection attacks up to 2010. Here is no refernce to new attacks on WebSQl etc. It ist meant as attachment to my B.Sc. thesis from 2010. The thesis is presented to the Department of Electrical Engineering and Information Sciences of the Ruhr-University of Bochum Chair of Network and Data Security of the Ruhr-University of Bochum, Horst-Görtz Institute, Prof. Jörg Schwenk ]]> Sat, 05 May 2012 05:28:15 GMT /slideshow/sqlia-classification-v1-till-2010/12809234 test2v@slideshare.net(test2v) Sqlia classification v1, till 2010 test2v This classification matters the evolution of SQL injection attacks up to 2010. Here is no refernce to new attacks on WebSQl etc. It ist meant as attachment to my B.Sc. thesis from 2010. The thesis is presented to the Department of Electrical Engineering and Information Sciences of the Ruhr-University of Bochum Chair of Network and Data Security of the Ruhr-University of Bochum, Horst-Görtz Institute, Prof. Jörg Schwenk <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/sqliaclassificationv1-120505052817-phpapp02-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> This classification matters the evolution of SQL injection attacks up to 2010. Here is no refernce to new attacks on WebSQl etc. It ist meant as attachment to my B.Sc. thesis from 2010. The thesis is presented to the Department of Electrical Engineering and Information Sciences of the Ruhr-University of Bochum Chair of Network and Data Security of the Ruhr-University of Bochum, Horst-Görtz Institute, Prof. Jörg Schwenk
Sqlia classification v1, till 2010 from Krassen Deltchev
]]> 606 4 https://cdn.slidesharecdn.com/ss_thumbnails/sqliaclassificationv1-120505052817-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds document White http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 New Web 2.0 Attacks, B.Sc. Thesis /slideshow/new-web-20-attacks/12809208 kdeltchevweb20attacksrev20100722v1-120505051824-phpapp01
Here is my B.Sc. thesis back in 2010. I should not consider this reading as up-to-date, but it's worth as basic start-up on the topic of Web Application Security. Please, note the two tables are meant as attachments to this paper. Your critics are welcome. Enjoy! The thesis is presented to the Department of Electrical Engineering and Information Sciences of the Ruhr-University of Bochum Chair of Network and Data Security of the Ruhr-University of Bochum, Horst-Görtz Institute, Prof. Jörg Schwenk Here's the abstract: The presented thesis in this paper is another discussion on the problem or problem- complex: What is Web 2.0? How it works? Is it vulnerable to its security scope? How can one utilize and share Web 2.0, knowing in this interactive collaboration, how to protect himself? In this bachelor work the reader will find history information, discussion on the evolu- tion of the Web standards and most common Web 2.0 attacking classes. Two examples of important Web 2.0 attacking vectors shall be discussed in depth, in such manner as an ana- lysis and examples on the attacking techniques, deliberation on the trends in attack preven- tion methods, discussion on the tools according to these. This paper should give a good classification on the proposed examples of Web 2.0 at- tacks, make a conclusion on behalf of the Life Cycle and security standards for the modern Web 2.0 implementations, and perhaps offer some interesting proposals. ]]>
Here is my B.Sc. thesis back in 2010. I should not consider this reading as up-to-date, but it's worth as basic start-up on the topic of Web Application Security. Please, note the two tables are meant as attachments to this paper. Your critics are welcome. Enjoy! The thesis is presented to the Department of Electrical Engineering and Information Sciences of the Ruhr-University of Bochum Chair of Network and Data Security of the Ruhr-University of Bochum, Horst-Görtz Institute, Prof. Jörg Schwenk Here's the abstract: The presented thesis in this paper is another discussion on the problem or problem- complex: What is Web 2.0? How it works? Is it vulnerable to its security scope? How can one utilize and share Web 2.0, knowing in this interactive collaboration, how to protect himself? In this bachelor work the reader will find history information, discussion on the evolu- tion of the Web standards and most common Web 2.0 attacking classes. Two examples of important Web 2.0 attacking vectors shall be discussed in depth, in such manner as an ana- lysis and examples on the attacking techniques, deliberation on the trends in attack preven- tion methods, discussion on the tools according to these. This paper should give a good classification on the proposed examples of Web 2.0 at- tacks, make a conclusion on behalf of the Life Cycle and security standards for the modern Web 2.0 implementations, and perhaps offer some interesting proposals. ]]> Sat, 05 May 2012 05:18:22 GMT /slideshow/new-web-20-attacks/12809208 test2v@slideshare.net(test2v) New Web 2.0 Attacks, B.Sc. Thesis test2v Here is my B.Sc. thesis back in 2010. I should not consider this reading as up-to-date, but it's worth as basic start-up on the topic of Web Application Security. Please, note the two tables are meant as attachments to this paper. Your critics are welcome. Enjoy! The thesis is presented to the Department of Electrical Engineering and Information Sciences of the Ruhr-University of Bochum Chair of Network and Data Security of the Ruhr-University of Bochum, Horst-Görtz Institute, Prof. Jörg Schwenk Here's the abstract: The presented thesis in this paper is another discussion on the problem or problem- complex: What is Web 2.0? How it works? Is it vulnerable to its security scope? How can one utilize and share Web 2.0, knowing in this interactive collaboration, how to protect himself? In this bachelor work the reader will find history information, discussion on the evolu- tion of the Web standards and most common Web 2.0 attacking classes. Two examples of important Web 2.0 attacking vectors shall be discussed in depth, in such manner as an ana- lysis and examples on the attacking techniques, deliberation on the trends in attack preven- tion methods, discussion on the tools according to these. This paper should give a good classification on the proposed examples of Web 2.0 at- tacks, make a conclusion on behalf of the Life Cycle and security standards for the modern Web 2.0 implementations, and perhaps offer some interesting proposals. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/kdeltchevweb20attacksrev20100722v1-120505051824-phpapp01-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> Here is my B.Sc. thesis back in 2010. I should not consider this reading as up-to-date, but it&#39;s worth as basic start-up on the topic of Web Application Security. Please, note the two tables are meant as attachments to this paper. Your critics are welcome. Enjoy! The thesis is presented to the Department of Electrical Engineering and Information Sciences of the Ruhr-University of Bochum Chair of Network and Data Security of the Ruhr-University of Bochum, Horst-Görtz Institute, Prof. Jörg Schwenk Here&#39;s the abstract: The presented thesis in this paper is another discussion on the problem or problem- complex: What is Web 2.0? How it works? Is it vulnerable to its security scope? How can one utilize and share Web 2.0, knowing in this interactive collaboration, how to protect himself? In this bachelor work the reader will find history information, discussion on the evolu- tion of the Web standards and most common Web 2.0 attacking classes. Two examples of important Web 2.0 attacking vectors shall be discussed in depth, in such manner as an ana- lysis and examples on the attacking techniques, deliberation on the trends in attack preven- tion methods, discussion on the tools according to these. This paper should give a good classification on the proposed examples of Web 2.0 at- tacks, make a conclusion on behalf of the Life Cycle and security standards for the modern Web 2.0 implementations, and perhaps offer some interesting proposals.
New Web 2.0 Attacks, B.Sc. Thesis from Krassen Deltchev
]]> 5138 9 https://cdn.slidesharecdn.com/ss_thumbnails/kdeltchevweb20attacksrev20100722v1-120505051824-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds document White http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 Web Application Forensics: Taxonomy and Trends /slideshow/web-application-forensics-taxonomy-and-trends/12614998 wafokd050911-120420052156-phpapp02
The topic, covering Web Application Forensics is challenging. There are not enough references, discussing this subject, especially in the Scientific communities. Often is the the term 'Web Application Forensics' misunderstood and mixed with IDS/ IPS defensive security approaches. Another issue is to discern the Web Application Forensics, short Webapp Forensics, from Network Forensics and Web Services Forensics, and in general to allocate it in the Digital/ Computer Forensics classification. Nowadays, Web Platforms are vastly growing, not to mention the so called Web 2.0 hype. Furthermore, Business Web Applications blast the common security knowledge and premise rapid inventory of the current security best practices and approaches. The questions, concerning the automation of the security defensive and investigation methods, are becoming undeniable important. In this paper we should try to dispute the questions, concerning taxonomic approaches regarding the Webapp Forensics; discuss trends, referenced to this topic and debate the matter of automation tools for Webapp forensics. ]]>
The topic, covering Web Application Forensics is challenging. There are not enough references, discussing this subject, especially in the Scientific communities. Often is the the term 'Web Application Forensics' misunderstood and mixed with IDS/ IPS defensive security approaches. Another issue is to discern the Web Application Forensics, short Webapp Forensics, from Network Forensics and Web Services Forensics, and in general to allocate it in the Digital/ Computer Forensics classification. Nowadays, Web Platforms are vastly growing, not to mention the so called Web 2.0 hype. Furthermore, Business Web Applications blast the common security knowledge and premise rapid inventory of the current security best practices and approaches. The questions, concerning the automation of the security defensive and investigation methods, are becoming undeniable important. In this paper we should try to dispute the questions, concerning taxonomic approaches regarding the Webapp Forensics; discuss trends, referenced to this topic and debate the matter of automation tools for Webapp forensics. ]]> Fri, 20 Apr 2012 05:21:53 GMT /slideshow/web-application-forensics-taxonomy-and-trends/12614998 test2v@slideshare.net(test2v) Web Application Forensics: Taxonomy and Trends test2v The topic, covering Web Application Forensics is challenging. There are not enough references, discussing this subject, especially in the Scientific communities. Often is the the term 'Web Application Forensics' misunderstood and mixed with IDS/ IPS defensive security approaches. Another issue is to discern the Web Application Forensics, short Webapp Forensics, from Network Forensics and Web Services Forensics, and in general to allocate it in the Digital/ Computer Forensics classification. Nowadays, Web Platforms are vastly growing, not to mention the so called Web 2.0 hype. Furthermore, Business Web Applications blast the common security knowledge and premise rapid inventory of the current security best practices and approaches. The questions, concerning the automation of the security defensive and investigation methods, are becoming undeniable important. In this paper we should try to dispute the questions, concerning taxonomic approaches regarding the Webapp Forensics; discuss trends, referenced to this topic and debate the matter of automation tools for Webapp forensics. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/wafokd050911-120420052156-phpapp02-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> The topic, covering Web Application Forensics is challenging. There are not enough references, discussing this subject, especially in the Scientific communities. Often is the the term &#39;Web Application Forensics&#39; misunderstood and mixed with IDS/ IPS defensive security approaches. Another issue is to discern the Web Application Forensics, short Webapp Forensics, from Network Forensics and Web Services Forensics, and in general to allocate it in the Digital/ Computer Forensics classification. Nowadays, Web Platforms are vastly growing, not to mention the so called Web 2.0 hype. Furthermore, Business Web Applications blast the common security knowledge and premise rapid inventory of the current security best practices and approaches. The questions, concerning the automation of the security defensive and investigation methods, are becoming undeniable important. In this paper we should try to dispute the questions, concerning taxonomic approaches regarding the Webapp Forensics; discuss trends, referenced to this topic and debate the matter of automation tools for Webapp forensics.
Web Application Forensics: Taxonomy and Trends from Krassen Deltchev
]]> 12453 13 https://cdn.slidesharecdn.com/ss_thumbnails/wafokd050911-120420052156-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds document Black http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 DOM-based XSS https://de.slideshare.net/slideshow/domxss-prezi-dandel020412/12337453 domxssprezidandel020412-120410080313-phpapp02
Presentation to the M.Sc. project thesis: DOM-based XSS to the Chair of Network and Data Security, RUB, HGI Prof. Jörg Schwenk The paper will be soon available- after the attestation. ]]>
Presentation to the M.Sc. project thesis: DOM-based XSS to the Chair of Network and Data Security, RUB, HGI Prof. Jörg Schwenk The paper will be soon available- after the attestation. ]]> Tue, 10 Apr 2012 08:03:09 GMT https://de.slideshare.net/slideshow/domxss-prezi-dandel020412/12337453 test2v@slideshare.net(test2v) DOM-based XSS test2v Presentation to the M.Sc. project thesis: DOM-based XSS to the Chair of Network and Data Security, RUB, HGI Prof. Jörg Schwenk The paper will be soon available- after the attestation. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/domxssprezidandel020412-120410080313-phpapp02-thumbnail.jpg?width=120&amp;height=120&amp;fit=bounds" /><br> Presentation to the M.Sc. project thesis: DOM-based XSS to the Chair of Network and Data Security, RUB, HGI Prof. Jörg Schwenk The paper will be soon available- after the attestation.
from Krassen Deltchev
]]> 1409 6 https://cdn.slidesharecdn.com/ss_thumbnails/domxssprezidandel020412-120410080313-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post http://activitystrea.ms/schema/1.0/posted 0 https://cdn.slidesharecdn.com/profile-photo-test2v-48x48.jpg?cb=1691210815 Cybersecurity, WebAppSec, WebApp forensics, SQLIA, CSRF, XSS, DOMXSS, WMN, LPIC I www.kdeltchev.de https://cdn.slidesharecdn.com/ss_thumbnails/domxssdandel160412sw-120611112646-phpapp01-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/dombased-xss/13281097 DOM-based XSS https://cdn.slidesharecdn.com/ss_thumbnails/deltchevavispappt-120505060627-phpapp02-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/automated-validation-of-internet-security-protocols-and-applications-avispa/12809483 Automated Validation o... https://cdn.slidesharecdn.com/ss_thumbnails/deltchevavispa-120505055026-phpapp02-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/deltchev-avispa/12809381 Automated Validation o...