Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Lecture 6: CSCI E-1 Spring 2013
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Tommy MacWilliam
April 10, 2013
Education
510
1
Share
Lecture 6: CSCI E-1 Spring 2013
Tommy MacWilliam
April 10, 2013
More Decks by Tommy MacWilliam
See All by Tommy MacWilliam
Lecture 9: CSCI E-1 Spring 2013
tmacwill
0
360
Lecture 8: CSCI E-1 Spring 2013
tmacwill
0
580
Lecture 7: CSCI E-1 Spring 2013
tmacwill
0
710
Lecture 5: CSCI E-1 Spring 2013
tmacwill
1
800
Incorporating Version Control into Programming Courses
tmacwill
1
130
Lecture 4: CSCI E-1 Spring 2013
tmacwill
0
470
Lecture 3: CSCI E-1 Spring 2013
tmacwill
0
570
Lecture 2: CSCI E-1 Spring 2013
tmacwill
0
920
Lecture 1: CSCI E-1 Spring 2013
tmacwill
0
340
Other Decks in Education
See All in Education
From Days to Minutes: How We Taught an AI to Onboard 50+ Tenants on our AI Features
mfcabrera
0
150
Padlet opetuksessa
matleenalaakso
12
15k
Alumnote inc. Company Deck
yukinumata
1
18k
Data Presentation - Lecture 5 - Information Visualisation (4019538FNR)
signer
PRO
1
3.2k
Info Session MSc Computer Science & MSc Applied Informatics
signer
PRO
0
280
BITCOIN : Les fondamentaux !
rlifchitz
0
150
教育現場から見た Ruby on Rails
yasslab
PRO
0
150
Virtual and Augmented Reality - Lecture 8 - Next Generation User Interfaces (4018166FNR)
signer
PRO
0
2.2k
Populism, Post-Liberalism & Climate Change
vyadav
0
170
プロポーザルを書く技術とアンチパターン/proposal-writing-and-antipatterns
moriyuya
12
3.1k
生成AIを授業の相棒にするデータサイエンス入門(「デジタル✕探究」イノベーターズフォーラム テクニカルセッション講演資料)
datascientistsociety
PRO
0
250
[2026前期火5] 論理学(京都大学文学部 前期 第4回)「 ならば(→)の導入と証明ネット」
yatabe
0
380
Featured
See All Featured
Claude Code のすすめ
schroneko
67
220k
GitHub's CSS Performance
jonrohan
1033
470k
Game over? The fight for quality and originality in the time of robots
wayneb77
1
180
世界の人気アプリ100個を分析して見えたペイウォール設計の心得
akihiro_kokubo
PRO
70
39k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
231
23k
AI: The stuff that nobody shows you
jnunemaker
PRO
7
660
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
199
74k
The Art of Programming - Codeland 2020
erikaheidi
57
14k
Heart Work Chapter 1 - Part 1
lfama
PRO
7
36k
For a Future-Friendly Web
brad_frost
183
10k
Agile that works and the tools we love
rasmusluckow
331
21k
Building Adaptive Systems
keathley
44
3k
Transcript
Computer Science E-1 Lecture 6: Security
http://youtu.be/H542nLTTbu0
http://bing.com
http://vimeo.com/blog/post:564
Security
Authentication
Cookies
Sessions
GET /home.php HTTP/1.1 Host: www.facebook.com Cookie: PHPSESSID=5153d29ed84c4
GET /home.php HTTP/1.1 Host: www.facebook.com Cookie: PHPSESSID=5153d29ed84c4
Session Hijacking
None
HTTPS
Cryptography
GET /home.php HTTP/1.1 Host: www.facebook.com Encrypt ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@#
GET /home.php HTTP/1.1 Host: www.facebook.com Encrypt ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@# ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@#
GET /home.php HTTP/1.1 Host: www.facebook.com Decrypt
Wi-Fi Security
WEP, WPA, WPA2
CSRF
https://bank.com/money/transfer? to=67890&amount=100
None
Ka-Boom.
https://bank.com/money/transfer? to=67890&amount=100& token=8549ba93417cdef85
<input type="hidden" name="csrfTokenHidden" value="12345" id="csrfTokenHidden">
http://cse1.net/lecture6
XSS
<h1>Tommy</h1>
None
Ka-Boom.
http://cse1.net/lecture6
Databases
Name DOB Color Preference Shocked Cat 3/17/2010 white indoor Grumpy
Cat 4/4/2012 white indoor Keyboard Cat 1/1/1984 orange outdoor
SQL
SELECT name FROM cats
SELECT * from cats WHERE preference = ‘indoor’
INSERT INTO cats (name, dob, color, preference) VALUES ('Maru', '2008-06-01',
'gray', 'indoor')
UPDATE cats SET name = ‘shocked’ WHERE name = ‘Maru’
DELETE FROM cats WHERE name = ‘Maru’
CRUD
Create Read Update Delete
INSERT SELECT UPDATE DELETE
SELECT * FROM profiles WHERE username = ‘zuck’
I would like __ cheeseburgers cooked ____ and topped with
________.
I would like 2 cheeseburgers cooked medium-well and topped with
lettuce.
I would like 2 cheeseburgers cooked and then thrown at
the nearest customer’s head and topped with lettuce.
Injection
SELECT * FROM profiles WHERE username = ‘______’
‘ OR ‘1’ = ‘1
SELECT * FROM profiles WHERE username = ‘’ OR ‘1’
= ‘1’
Ka-Boom.
Authentication
SELECT * FROM users WHERE username = ‘_____’ AND password
= ‘_____’
SELECT * FROM users WHERE username = ‘rj’ AND password
= ‘’ OR ‘1’ = ‘1’
Ka-Boom.
’; DELETE FROM profiles; --
SELECT * FROM profiles WHERE username = ‘’; DELETE FROM
profiles; --’
None
Sanitizing Input
SELECT * FROM profiles WHERE username = '\' OR \'1\'
= \'1'
Permissions
http://cse1.net/lecture6
Encrypting Text
Caesar Cipher
ABCDEFGHIJKLMNOPQRSTUVWXYZ NOPQRSTUVWXYZABCDEFGHIJKLM
ROT13
banana
onanan
Brute-Force Attack
ROT26
Vigenère Cipher
banana + 246246
banana + 246246 detcrg
banana + cegceg detcrg
Plaintext: computer Key: benrj
computer + benrjben
computer + benrjben dszgduie
Symmetric-Key Cryptography
None
Asymmetric-Key Cryptography
Public/Private Keys
None
Trapdoor One-Way Function
2459 * 8863 = 21794117
Factor 21794117
RSA
Diffie-Hellman
Computer Science E-1 Lecture 6: Security
tmacwill
mfcabrera
matleenalaakso
yukinumata
signer
rlifchitz
yasslab
vyadav
moriyuya
datascientistsociety
yatabe
schroneko
jonrohan
wayneb77
akihiro_kokubo
danielanewman
jnunemaker
soudai
erikaheidi
lfama
brad_frost
rasmusluckow
keathley
