Security & Privacy

Web Architecture and Information Management [./]
Spring 2010 — INFO 190-02 (CCN 42509)

Erik Wilde and Ryan Shaw, UC Berkeley School of Information
2010-04-21

Creative Commons License [http://creativecommons.org/licenses/by/3.0/]

This work is licensed under a CC
Attribution 3.0 Unported License
[http://creativecommons.org/licenses/by/3.0/]

Contents Erik Wilde and Ryan Shaw: Security & Privacy

Contents

Erik Wilde and Ryan Shaw: Security & Privacy

(2) Abstract

TCP and thus HTTP are clear-text protocols, which make no attempt to hide the data being transmitted. For secure data transfers, it thus is necessary to use additional technologies for providing secure data transfers. For the Web, the most interesting security feature are secure HTTP interactions, which are provided by HTTP over SSL (HTTPS), a protocol that layers an encryption layer (SSL or TLS) between TCP and HTTP. For any task involving personalization and/or trust, it is not only necessary to have a concept for providing privacy, but also to have concepts for identity and how to prove identity, which needs authentication.



Security on the Web

Outline (Security on the Web)

  1. Security on the Web [5]
  2. Privacy on the Web [4]

(4) Trust and Security on the Web



(5) Session Hijacking



(6) Malware



(7) Network Security Risks



(8) Social Engineering and Phishing



Privacy on the Web

Outline (Privacy on the Web)

  1. Security on the Web [5]
  2. Privacy on the Web [4]

(10) Behavioral tracking



(11) Flash Cookies



(12) New Potential Privacy Threats



(13) Privacy Policy Quiz



2010-04-21 Web Architecture and Information Management [./]
Spring 2010 — INFO 190-02 (CCN 42509)