Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Lecture 6: CSCI E-1 Spring 2013
Search
Tommy MacWilliam
April 10, 2013
Education
1
440
Lecture 6: CSCI E-1 Spring 2013
Tommy MacWilliam
April 10, 2013
Tweet
Share
More Decks by Tommy MacWilliam
See All by Tommy MacWilliam
Lecture 9: CSCI E-1 Spring 2013
tmacwill
0
290
Lecture 8: CSCI E-1 Spring 2013
tmacwill
0
390
Lecture 7: CSCI E-1 Spring 2013
tmacwill
0
490
Lecture 5: CSCI E-1 Spring 2013
tmacwill
1
520
Incorporating Version Control into Programming Courses
tmacwill
1
110
Lecture 4: CSCI E-1 Spring 2013
tmacwill
0
380
Lecture 3: CSCI E-1 Spring 2013
tmacwill
0
460
Lecture 2: CSCI E-1 Spring 2013
tmacwill
0
750
Lecture 1: CSCI E-1 Spring 2013
tmacwill
0
320
Other Decks in Education
See All in Education
HCL Domino 14.0 AutoUpdate を試してみた
harunakano
0
1.3k
ルクソールとツタンカーメン
masakamayama
1
160
HCI and Interaction Design - Lecture 2 - Human-Computer Interaction (1023841ANR)
signer
PRO
0
780
小学生にスクラムを試してみた件~中学受検までの100週間の舞台裏~
ukky86
0
320
H5P-työkalut
matleenalaakso
4
35k
White Snake: Qing's Mission
movingcastal
0
250
Padlet opetuksessa
matleenalaakso
4
12k
自己紹介 / who-am-i
yasulab
2
4.1k
Image Processing 1 : 1.Introduction
hachama
0
180
Canva
matleenalaakso
0
380
Introduction - Lecture 1 - Web Technologies (1019888BNR)
signer
PRO
0
4.8k
勉強する必要ある?
mineo_matsuya
2
1.1k
Featured
See All Featured
GraphQLとの向き合い方2022年版
quramy
43
13k
Art, The Web, and Tiny UX
lynnandtonic
296
20k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
328
21k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
355
29k
What's new in Ruby 2.0
geeforr
342
31k
For a Future-Friendly Web
brad_frost
174
9.4k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
The Power of CSS Pseudo Elements
geoffreycrofte
72
5.3k
Designing for humans not robots
tammielis
249
25k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
92
16k
Measuring & Analyzing Core Web Vitals
bluesmoon
0
29
Making Projects Easy
brettharned
115
5.9k
Transcript
Computer Science E-1 Lecture 6: Security
http://youtu.be/H542nLTTbu0
http://bing.com
http://vimeo.com/blog/post:564
Security
Authentication
Cookies
Sessions
GET /home.php HTTP/1.1 Host: www.facebook.com Cookie: PHPSESSID=5153d29ed84c4
GET /home.php HTTP/1.1 Host: www.facebook.com Cookie: PHPSESSID=5153d29ed84c4
Session Hijacking
None
HTTPS
Cryptography
GET /home.php HTTP/1.1 Host: www.facebook.com Encrypt ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@#
GET /home.php HTTP/1.1 Host: www.facebook.com Encrypt ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@# ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@#
GET /home.php HTTP/1.1 Host: www.facebook.com Decrypt
Wi-Fi Security
WEP, WPA, WPA2
CSRF
https://bank.com/money/transfer? to=67890&amount=100
None
Ka-Boom.
https://bank.com/money/transfer? to=67890&amount=100& token=8549ba93417cdef85
<input type="hidden" name="csrfTokenHidden" value="12345" id="csrfTokenHidden">
http://cse1.net/lecture6
XSS
<h1>Tommy</h1>
None
Ka-Boom.
http://cse1.net/lecture6
Databases
Name DOB Color Preference Shocked Cat 3/17/2010 white indoor Grumpy
Cat 4/4/2012 white indoor Keyboard Cat 1/1/1984 orange outdoor
SQL
SELECT name FROM cats
SELECT * from cats WHERE preference = ‘indoor’
INSERT INTO cats (name, dob, color, preference) VALUES ('Maru', '2008-06-01',
'gray', 'indoor')
UPDATE cats SET name = ‘shocked’ WHERE name = ‘Maru’
DELETE FROM cats WHERE name = ‘Maru’
CRUD
Create Read Update Delete
INSERT SELECT UPDATE DELETE
SELECT * FROM profiles WHERE username = ‘zuck’
I would like __ cheeseburgers cooked ____ and topped with
________.
I would like 2 cheeseburgers cooked medium-well and topped with
lettuce.
I would like 2 cheeseburgers cooked and then thrown at
the nearest customer’s head and topped with lettuce.
Injection
SELECT * FROM profiles WHERE username = ‘______’
‘ OR ‘1’ = ‘1
SELECT * FROM profiles WHERE username = ‘’ OR ‘1’
= ‘1’
Ka-Boom.
Authentication
SELECT * FROM users WHERE username = ‘_____’ AND password
= ‘_____’
SELECT * FROM users WHERE username = ‘rj’ AND password
= ‘’ OR ‘1’ = ‘1’
Ka-Boom.
’; DELETE FROM profiles; --
SELECT * FROM profiles WHERE username = ‘’; DELETE FROM
profiles; --’
None
Sanitizing Input
SELECT * FROM profiles WHERE username = '\' OR \'1\'
= \'1'
Permissions
http://cse1.net/lecture6
Encrypting Text
Caesar Cipher
ABCDEFGHIJKLMNOPQRSTUVWXYZ NOPQRSTUVWXYZABCDEFGHIJKLM
ROT13
banana
onanan
Brute-Force Attack
ROT26
Vigenère Cipher
banana + 246246
banana + 246246 detcrg
banana + cegceg detcrg
Plaintext: computer Key: benrj
computer + benrjben
computer + benrjben dszgduie
Symmetric-Key Cryptography
None
Asymmetric-Key Cryptography
Public/Private Keys
None
Trapdoor One-Way Function
2459 * 8863 = 21794117
Factor 21794117
RSA
Diffie-Hellman
Computer Science E-1 Lecture 6: Security