Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Lecture 6: CSCI E-1 Spring 2013
Search
Tommy MacWilliam
April 10, 2013
Education
1
500
Lecture 6: CSCI E-1 Spring 2013
Tommy MacWilliam
April 10, 2013
Tweet
Share
More Decks by Tommy MacWilliam
See All by Tommy MacWilliam
Lecture 9: CSCI E-1 Spring 2013
tmacwill
0
340
Lecture 8: CSCI E-1 Spring 2013
tmacwill
0
550
Lecture 7: CSCI E-1 Spring 2013
tmacwill
0
670
Lecture 5: CSCI E-1 Spring 2013
tmacwill
1
770
Incorporating Version Control into Programming Courses
tmacwill
1
120
Lecture 4: CSCI E-1 Spring 2013
tmacwill
0
450
Lecture 3: CSCI E-1 Spring 2013
tmacwill
0
540
Lecture 2: CSCI E-1 Spring 2013
tmacwill
0
890
Lecture 1: CSCI E-1 Spring 2013
tmacwill
0
330
Other Decks in Education
See All in Education
HTML5 and the Open Web Platform - Lecture 3 - Web Technologies (1019888BNR)
signer
PRO
2
3.1k
Semantic Web and Web 3.0 - Lecture 9 - Web Technologies (1019888BNR)
signer
PRO
2
3.1k
3Dプリンタでロボット作るよ#5_ロボット向け3Dプリンタ材料
shiba_8ro
0
140
生成AIとの付き合い方 / Generative AI and us
kaityo256
PRO
13
6.8k
GOVERNOR ADDRESS:2025年9月29日合同公式訪問例会:2720 Japan O.K. ロータリーEクラブ、2025年10月6日卓話:藤田 千克由 氏(国際ロータリー第2720地区 2025-2026年度 ガバナー・大分中央ロータリークラブ・大分トキハタクシー(株)顧問)
2720japanoke
0
740
1125
cbtlibrary
0
160
IKIGAI World Fes:program
tsutsumi
1
2.6k
20251023@天童市いこう会
koshiba_noriaki
0
120
沖ハック~のみぞうさんとハッキングチャレンジ☆~
nomizone
1
540
心理学を学び活用することで偉大なスクラムマスターを目指す − 大学とコミュニティを組み合わせた学びの循環 / Becoming a great Scrum Master by learning and using psychology
psj59129
1
610
RGBでも蛍光を!? / RayTracingCamp11
kugimasa
2
310
CSS3 and Responsive Web Design - Lecture 5 - Web Technologies (1019888BNR)
signer
PRO
1
3k
Featured
See All Featured
We Analyzed 250 Million AI Search Results: Here's What I Found
joshbly
0
390
Large-scale JavaScript Application Architecture
addyosmani
515
110k
sira's awesome portfolio website redesign presentation
elsirapls
0
100
Joys of Absence: A Defence of Solitary Play
codingconduct
1
260
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
signer
PRO
0
3.1k
Site-Speed That Sticks
csswizardry
13
1k
Agile Actions for Facilitating Distributed Teams - ADO2019
mkilby
0
100
Why Mistakes Are the Best Teachers: Turning Failure into a Pathway for Growth
auna
0
32
Faster Mobile Websites
deanohume
310
31k
Mobile First: as difficult as doing things right
swwweet
225
10k
The innovator’s Mindset - Leading Through an Era of Exponential Change - McGill University 2025
jdejongh
PRO
1
74
Java REST API Framework Comparison - PWX 2021
mraible
34
9.1k
Transcript
Computer Science E-1 Lecture 6: Security
http://youtu.be/H542nLTTbu0
http://bing.com
http://vimeo.com/blog/post:564
Security
Authentication
Cookies
Sessions
GET /home.php HTTP/1.1 Host: www.facebook.com Cookie: PHPSESSID=5153d29ed84c4
GET /home.php HTTP/1.1 Host: www.facebook.com Cookie: PHPSESSID=5153d29ed84c4
Session Hijacking
None
HTTPS
Cryptography
GET /home.php HTTP/1.1 Host: www.facebook.com Encrypt ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@#
GET /home.php HTTP/1.1 Host: www.facebook.com Encrypt ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@# ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@#
GET /home.php HTTP/1.1 Host: www.facebook.com Decrypt
Wi-Fi Security
WEP, WPA, WPA2
CSRF
https://bank.com/money/transfer? to=67890&amount=100
None
Ka-Boom.
https://bank.com/money/transfer? to=67890&amount=100& token=8549ba93417cdef85
<input type="hidden" name="csrfTokenHidden" value="12345" id="csrfTokenHidden">
http://cse1.net/lecture6
XSS
<h1>Tommy</h1>
None
Ka-Boom.
http://cse1.net/lecture6
Databases
Name DOB Color Preference Shocked Cat 3/17/2010 white indoor Grumpy
Cat 4/4/2012 white indoor Keyboard Cat 1/1/1984 orange outdoor
SQL
SELECT name FROM cats
SELECT * from cats WHERE preference = ‘indoor’
INSERT INTO cats (name, dob, color, preference) VALUES ('Maru', '2008-06-01',
'gray', 'indoor')
UPDATE cats SET name = ‘shocked’ WHERE name = ‘Maru’
DELETE FROM cats WHERE name = ‘Maru’
CRUD
Create Read Update Delete
INSERT SELECT UPDATE DELETE
SELECT * FROM profiles WHERE username = ‘zuck’
I would like __ cheeseburgers cooked ____ and topped with
________.
I would like 2 cheeseburgers cooked medium-well and topped with
lettuce.
I would like 2 cheeseburgers cooked and then thrown at
the nearest customer’s head and topped with lettuce.
Injection
SELECT * FROM profiles WHERE username = ‘______’
‘ OR ‘1’ = ‘1
SELECT * FROM profiles WHERE username = ‘’ OR ‘1’
= ‘1’
Ka-Boom.
Authentication
SELECT * FROM users WHERE username = ‘_____’ AND password
= ‘_____’
SELECT * FROM users WHERE username = ‘rj’ AND password
= ‘’ OR ‘1’ = ‘1’
Ka-Boom.
’; DELETE FROM profiles; --
SELECT * FROM profiles WHERE username = ‘’; DELETE FROM
profiles; --’
None
Sanitizing Input
SELECT * FROM profiles WHERE username = '\' OR \'1\'
= \'1'
Permissions
http://cse1.net/lecture6
Encrypting Text
Caesar Cipher
ABCDEFGHIJKLMNOPQRSTUVWXYZ NOPQRSTUVWXYZABCDEFGHIJKLM
ROT13
banana
onanan
Brute-Force Attack
ROT26
Vigenère Cipher
banana + 246246
banana + 246246 detcrg
banana + cegceg detcrg
Plaintext: computer Key: benrj
computer + benrjben
computer + benrjben dszgduie
Symmetric-Key Cryptography
None
Asymmetric-Key Cryptography
Public/Private Keys
None
Trapdoor One-Way Function
2459 * 8863 = 21794117
Factor 21794117
RSA
Diffie-Hellman
Computer Science E-1 Lecture 6: Security
tmacwill
signer
shiba_8ro
kaityo256
2720japanoke
cbtlibrary
tsutsumi
koshiba_noriaki
nomizone
psj59129
kugimasa
joshbly
addyosmani
elsirapls
codingconduct
csswizardry
mkilby
auna
deanohume
swwweet
jdejongh
mraible
