Motivation

The CIA

Policy and Mechanism

Threats

Our System Model

Tools for Identity

Availability Attack

Web-specific security: the Same-origin policy

“a web browser permits scripts contained in a first web page to access data in a second web page, but only if both web pages have the same origin. An origin is defined as a combination of URI scheme, host name, and port number. This policy prevents a malicious script on one page from obtaining access to sensitive data on another web page through that page’s Document Object Model.”

CORS (Cross-Origin Resource Sharing)

CORS

Cross-site scripting (XSS) attacks

Site design: Error handling

Data storage: Passwords

NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO.