Adobe Shockwave is a browser plug in similar to Adobe Flash but more robust

Adobe shockwave is a browser plug in similar to adobe

This preview shows page 63 - 65 out of 142 pages.

Adobe Shockwave is a browser plug-in similar to Adobe Flash but more robust. Shockwave provides a faster rendering engine and supports hardware-accelerated three-dimensional graphics, layered graphics, and network protocols. While Flash is widely used for Web animations and movies, Shockwave is commonly used for games. As with Flash, several versions of Shockwave contain security flaws that allow remote code execution, requiring users to apply patches to the plug-in. AJAX is a collection of technologies that allows Web developers to improve the response times between Web pages. JavaScript code communicates with the Web server and dynamically modifies the contents of the Web browser’s page without relying on the Web server to send a response with the XML markup for the entire page. Instead, only the required portion of the affected XML data is transmitted. AJAX allows Web content to behave more like traditional applications, while potentially reducing the load on the Web server. However, a number of security concerns exist with AJAX: ± AJAX creates a larger attack surface than traditional Web applications by increasing the number of points where a client interacts with the application. ± AJAX may reveal details of internal functions within the Web application. ± Some AJAX endpoints may not require authentication and instead rely on the current state of the application [SPID06]. Visual Basic Script (VBScript) is a programming language developed by Microsoft for creating scripts that can be embedded in Web pages for viewing with the Internet Explorer browser. However, other browsers do not necessarily support VBScript. Like JavaScript, VBScript is an interpreted language that can process client-side scripts. VBScript, which is a subset of the Microsoft Visual Basic programming language, works with Microsoft ActiveX controls. The language is similar to JavaScript and poses similar risks. ActiveX is a set of technologies from Microsoft that provide tools for linking desktop applications to the Web. ActiveX controls are reusable component program objects that can be attached to e-mail or downloaded from a Web site. ActiveX controls also come preinstalled on Windows platforms. Web pages invoke ActiveX controls using a scripting language or with an HTML OBJECT tag. ActiveX controls are compiled program objects, making them difficult to read and reverse engineer. 6-11
Image of page 63
G UIDELINES ON S ECURING P UBLIC W EB S ERVERS Unlike the Java sandbox model, which restricts the permissions of applets to a set of safe actions, ActiveX places no restrictions on what a control can do. Instead, ActiveX controls are digitally signed by their authors under a technology scheme called Authenticode. The digital signatures are verified using identity certificates issued by a trusted certificate authority to an ActiveX software publisher, who must pledge that no harmful code will be knowingly distributed under this scheme. The Authenticode process
Image of page 64
Image of page 65

You've reached the end of your free preview.

Want to read all 142 pages?

  • Summer '19
  • ........., Web page, World Wide Web, Web server

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes