An extension to the HTTP protocol to
support sending data securely over the web.
• Difference from SSL:
– SSL is designed to establish a secure connection
between two hosts.
– s-HTTP is designed to send individual messages
securely.
Some Features:
– Provides a variety of security mechanisms to HTTP
clients and servers.
– Does not require client-side public certificates (or
public keys), as it supports symmetric key-only
operation modes.
– Provides full flexibility of cryptographic algorithms.
• s-HTTP and HTTPS are not the same.
• HTTPS is an alternative to s-HTTP.
– HTTP runs on top of SSL or TSL.
What is a Penetration Test?
A process of actively evaluating the
information security measures in an
organization.
• Most common procedure:
– The security measures are actively analyzed for
design weaknesses, technical flaws and
vulnerabilities.
– Results are delivered in a comprehensive report.
Ethical Hacking ….
Definition of ethical hacking
– A situation where a computer and network expert
attacks a security system on behalf of its owners,
seeking vulnerabilities that a malicious hacker
could exploit.
– To test a security system, ethical hacking uses
the same methods as their less principled
counterparts (hackers), but report problems
instead of taking advantage of them.
• Also called penetration testing.
Why is it Required?
There are several reasons why organizations
choose to perform a penetration test.
– To identify the threats facing the information
assets of the organization.
– Reduce the IT security costs by identifying and
resolving vulnerabilities and weaknesses.
– Provide the organization with information
assurance.
– Gain and maintain certification to an industry
regulation (BS7789, HIPAA, etc.).
No comments:
Post a Comment