Launching a query with the search term Scott Hutton in the
UITS knowledge base will
retrieve at least these two documents:
The first document describes Scott as a 'clever, ambitious young man' who
in the early 1990's developed the first Gopher and Web UITS
Knowledge Base.
The second document brings us to his current interests and day to day
preoccupations.
Our guest lecturer for today is Lead Security Engineer & Acting Co-Security
Officer with the Information Technology Security Office at Indiana University.
He will come to our class and give a lecture on Internet and Web Security.
Here's a tentative outline of this presentation:
- Overview of privacy and security issues. What would one want
to protect?
- General network security (not specific to WWW). Vulnerabilities in
IP and Ethernet.
- Web-related security protocols. SSL, Basic & Digest
authentication, proxy authentication (not authentication to proxy
servers), etc.
- Overview of web server execution environments. CGI vs. embedded
interpreters, and their strengths/weaknesses. Brief mention of
client-side execution issues (Java, JavaScript, ShockWave).
- Secure server-side application design. Sanitizing user input,
executing child applications, handling errors.
- Authentication mechanisms. HTTP- vs. application-based
methods. (Only if there's time).