13. Not All Is as It Seems

Chapter Spotlight

• Forgeries as integrity failures: fake email, web pages, code

• How users are tricked into believing forgeries: web bugs, clickjacking, drive-by downloads, injection, and scripting

• Vulnerabilities in protocols, code, humans

• Confirming authenticity with digital signatures

• Protecting integrity with controlled access

Attacks: Forgeries 525

Threat: Integrity Failure 530

Attack Details 530

Vulnerability: Protocol Weaknesses 542

Vulnerability: Code Flaws 543

Vulnerability: Humans 543

Countermeasure: Digital Signature 545

Countermeasure: Secure Protocols 566

Countermeasure: Access Control 566

Countermeasure: User Education 568

Possible Countermeasure: Analysis 569

Non-Countermeasure: Software ...

Get Analyzing Computer Security: A Threat / Vulnerability / Countermeasure Approach now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial