Lesson 13: Threats to web and cloudRequired Readings Chapter 13, Web and Cloud ThreatsAssignment Article/paper review
Unformatted Attachment Preview
Security Architecture and Design
Reading: Chapter 13
The web is software like other software
There are specific attack classes like Cross Site
In much the same way that stack smashing is a
feature of C or other weakly typed languages
Threat modeling not needed to help find these
Finding these in TM is a distraction from the
unique threats to your software
Web Site Threats
Attack surface/Trust boundaries
Not showing outbound links
Is Google analytics safe? (We hope soits on
Model helps you consider
each part &
Textbook web site
Mostly the job of a small number of browser
Your job when writing a plugin
Manage security & privacy
Literature reviews & careful checking of
browser API guidance
At the cloud provider How do they compare to
other IT outsourcing?
New trust boundary (update your diagram)
Co-tennants as threats
Regulation: what needs to be compliant?
Audit & logging: whats logged where and how?
Can your controls migrate?
Cloud Threats (2)
In US, subpoena rules change if you give your data
to others (3rd party doctrine)
May affect privacy expectations
Can you get the hard drives, etc for analysis?
Creation and management of virtual machines
To threat model web sites, focus on
dependencies and unique functionality
Cloud: focus on trust boundaries
Purchase answer to see full
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more