> Internet Applications in Javascript    > E-COM Security for Dot coms    > Web Database Shootout    > XML for Windows    > Enterprise Java Beans    > Bruce Eckel's Hands on Java Seminar CD    > Visual C# .NET (Book)

> Hot Shots Golf 3 Tournament Site    > Wild Tangent Prototype    > www.spc.ca    > eSETweb    > Project Links    > Essentially Yours Industries web site    > US Rebate Warehouse Mall    > Internal Systems    > Source

> kemelok@shaw.ca

"An undefined problem has an infinite number of solutions." - Robert A. Humphrey

"No man really becomes a fool until he stop asking questions" - Charles Steinmetz

"Computer Science is no more about computers than astronomy is about telescopes." - E.W.Dijkstra

"Great ability develops and reveals itself increasingly with every new assignment" - Baltasar Gracian

"Do not hire a man who does your work for money, but him who does it for love of it." - Henry Thoreau

"There's a fine line between genius and insanity. I have erased this line" - Oscar Levant

E-COM Security for Dot.coms

The goal of this seminar is to familiarize attendees with some of the security issues they might consider as they enter into an E-Commerce project. As the methods and models of securing E-Commerce transactions are diverse as the businesses that are entering this arena, this seminar will address the topics in a generic fashion. After the general discussion, an effort to "show" the attendee rather than "tell" them will follow. The presenters will address each of the four security areas (client, server, OS, and transportation level) with specific illustrations and/or demonstrations of attack methodologies and tools used in the compromised systems. Fundamental Elements of any E-Commerce Project E-Commerce Project Security Policies, procedures, and standards Perimeter and internal system protection Business continuity and disaster recovery Requirements for authentication and non-repudiation Audit and incident response capabilities Encryption Legal issues

E-COM Security for Dot.coms

Risk Analysis Where does the organization currently stand? What information assets are critical? Case Studies Transport level - review of TCP/IP concepts and terminology and a demonstration of TCP Session Hi-jacking (Active Attack) Client side - demonstration of Back Orifice 2000/NetBus, DeepThroat Server side - demonstration of Nmap, SAAT and a discussion of ASP, ActiveX, CGI exploits Operating system - review of OS hardening and a demonstration of L0phtCrack/ CRACK