$30 off During Our Annual Pro Sale. View Details »

Lecture 6: CSCI E-1 Spring 2013

Tommy MacWilliam
April 10, 2013
Education
1
340

Lecture 6: CSCI E-1 Spring 2013

Tommy MacWilliam

April 10, 2013
Tweet

More Decks by Tommy MacWilliam

See All by Tommy MacWilliam
Lecture 9: CSCI E-1 Spring 2013
tmacwill
0
200
Lecture 8: CSCI E-1 Spring 2013
tmacwill
0
220
Lecture 7: CSCI E-1 Spring 2013
tmacwill
0
320
Lecture 5: CSCI E-1 Spring 2013
tmacwill
1
310
Incorporating Version Control into Programming Courses
tmacwill
1
110
Lecture 4: CSCI E-1 Spring 2013
tmacwill
0
280
Lecture 3: CSCI E-1 Spring 2013
tmacwill
0
360
Lecture 2: CSCI E-1 Spring 2013
tmacwill
0
580
Lecture 1: CSCI E-1 Spring 2013
tmacwill
0
310

Other Decks in Education

See All in Education
無駄を削ぎ落した、執筆集中マシン『ポメラ』(pomera)の魅力
akane69
PRO
0
120
HCI Research Methods - Lecture 7 - Human-Computer Interaction (1023841ANR)
signer
PRO
0
230
Exercices d'une inconnue
mansuy
0
180
Consagração 23 #4 - Graus, efeitos e práticas da Verdadeira Devoção
cm_manaus
0
120
情報処理応用B第04回/InfoAdv04
kfujita
0
270
Ch1_-_Partie_3.pdf
bernhardsvt
0
130
レイのブログのご紹介 -Classroom Adventure
claadv
0
430
Padlet opetuksessa
matleenalaakso
3
7.4k
豊富な産学連携・地域連携と連動させた「考動力」人材育成プロジェクト主催・関西大学キャリアセンター共催 「第2弾 社会人に聞く! 多様な博士のキャリア」/ 2023-10-28_my-advice-to-phd-students
tam07pb915
0
470
Introduction - Lecture 1 - Human-Computer Interaction (1023841ANR)
signer
PRO
0
710
人間とAIの協働(駒場祭2023)
yukinobaba
PRO
4
590
2023年度秋学期 統計学 第1回 イントロダクション— 統計的なものの見方・考え方について (2023. 9. 26)
akiraasano
PRO
1
140

Featured

See All Featured
Product Roadmaps are Hard
iamctodd
43
9k
A Modern Web Designer's Workflow
chriscoyier
688
190k
Imperfection Machines: The Place of Print at Facebook
scottboms
257
12k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
657
120k
GraphQLの誤解/rethinking-graphql
sonatard
45
8.7k
[RailsConf 2023] Rails as a piece of cake
palkan
16
3.1k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
185
15k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
226
16k
Building Better People: How to give real-time feedback that sticks.
wjessup
349
18k
Statistics for Hackers
jakevdp
787
220k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
271
12k
Embracing the Ebb and Flow
colly
77
3.8k

Transcript

  1. Computer Science E-1
    Lecture 6: Security

    View Slide

  2. http://youtu.be/H542nLTTbu0

    View Slide

  3. http://bing.com

    View Slide

  4. http://vimeo.com/blog/post:564

    View Slide

  5. Security

    View Slide

  6. Authentication

    View Slide

  7. Cookies

    View Slide

  8. Sessions

    View Slide

  9. GET /home.php HTTP/1.1
    Host: www.facebook.com
    Cookie: PHPSESSID=5153d29ed84c4

    View Slide

  10. GET /home.php HTTP/1.1
    Host: www.facebook.com
    Cookie: PHPSESSID=5153d29ed84c4

    View Slide

  11. Session Hijacking

    View Slide

  12. View Slide

  13. HTTPS

    View Slide

  14. Cryptography

    View Slide

  15. GET /home.php HTTP/1.1
    Host: www.facebook.com Encrypt
    ehosn9745t987gnlkjab
    7@5uejfnjasdbfxb98@#

    View Slide

  16. GET /home.php HTTP/1.1
    Host: www.facebook.com Encrypt
    ehosn9745t987gnlkjab
    7@5uejfnjasdbfxb98@#
    ehosn9745t987gnlkjab
    7@5uejfnjasdbfxb98@#
    GET /home.php HTTP/1.1
    Host: www.facebook.com
    Decrypt

    View Slide

  17. Wi-Fi Security

    View Slide

  18. WEP, WPA, WPA2

    View Slide

  19. CSRF

    View Slide

  20. https://bank.com/money/transfer?
    to=67890&amount=100

    View Slide

  21. View Slide

  22. Ka-Boom.

    View Slide

  23. https://bank.com/money/transfer?
    to=67890&amount=100&
    token=8549ba93417cdef85

    View Slide

  24. name="csrfTokenHidden"
    value="12345" id="csrfTokenHidden">

    View Slide

  25. http://cse1.net/lecture6

    View Slide

  26. XSS

    View Slide

  27. Tommy

    View Slide

  28. View Slide

  29. Ka-Boom.

    View Slide

  30. http://cse1.net/lecture6

    View Slide

  31. Databases

    View Slide

  32. Name DOB Color Preference
    Shocked Cat 3/17/2010 white indoor
    Grumpy Cat 4/4/2012 white indoor
    Keyboard Cat 1/1/1984 orange outdoor

    View Slide

  33. SQL

    View Slide

  34. SELECT name FROM cats

    View Slide

  35. SELECT * from cats WHERE
    preference = ‘indoor’

    View Slide

  36. INSERT INTO cats
    (name, dob, color, preference)
    VALUES ('Maru', '2008-06-01', 'gray', 'indoor')

    View Slide

  37. UPDATE cats SET name =
    ‘shocked’ WHERE name = ‘Maru’

    View Slide

  38. DELETE FROM cats
    WHERE name = ‘Maru’

    View Slide

  39. CRUD

    View Slide

  40. Create
    Read
    Update
    Delete

    View Slide

  41. INSERT
    SELECT
    UPDATE
    DELETE

    View Slide

  42. SELECT * FROM profiles
    WHERE username = ‘zuck’

    View Slide

  43. I would like __ cheeseburgers
    cooked ____ and
    topped with ________.

    View Slide

  44. I would like 2 cheeseburgers
    cooked medium-well and
    topped with lettuce.

    View Slide

  45. I would like 2 cheeseburgers
    cooked and then thrown at the
    nearest customer’s head and
    topped with lettuce.

    View Slide

  46. Injection

    View Slide

  47. SELECT * FROM profiles
    WHERE username = ‘______’

    View Slide

  48. ‘ OR ‘1’ = ‘1

    View Slide

  49. SELECT * FROM profiles
    WHERE username = ‘’ OR ‘1’ = ‘1’

    View Slide

  50. Ka-Boom.

    View Slide

  51. Authentication

    View Slide

  52. SELECT * FROM users
    WHERE username = ‘_____’
    AND password = ‘_____’

    View Slide

  53. SELECT * FROM users
    WHERE username = ‘rj’
    AND password = ‘’ OR ‘1’ = ‘1’

    View Slide

  54. Ka-Boom.

    View Slide

  55. ’; DELETE FROM profiles; --

    View Slide

  56. SELECT * FROM profiles
    WHERE username = ‘’;
    DELETE FROM profiles; --’

    View Slide

  57. View Slide

  58. Sanitizing Input

    View Slide

  59. SELECT * FROM profiles WHERE
    username = '\' OR \'1\' = \'1'

    View Slide

  60. Permissions

    View Slide

  61. http://cse1.net/lecture6

    View Slide

  62. Encrypting Text

    View Slide

  63. Caesar Cipher

    View Slide

  64. ABCDEFGHIJKLMNOPQRSTUVWXYZ
    NOPQRSTUVWXYZABCDEFGHIJKLM

    View Slide

  65. ROT13

    View Slide

  66. banana

    View Slide

  67. onanan

    View Slide

  68. Brute-Force Attack

    View Slide

  69. ROT26

    View Slide

  70. Vigenère Cipher

    View Slide

  71. banana
    + 246246

    View Slide

  72. banana
    + 246246
    detcrg

    View Slide

  73. banana
    + cegceg
    detcrg

    View Slide

  74. Plaintext: computer
    Key: benrj

    View Slide

  75. computer
    + benrjben

    View Slide

  76. computer
    + benrjben
    dszgduie

    View Slide

  77. Symmetric-Key Cryptography

    View Slide

  78. View Slide

  79. Asymmetric-Key Cryptography

    View Slide

  80. Public/Private Keys

    View Slide

  81. View Slide

  82. Trapdoor One-Way Function

    View Slide

  83. 2459 * 8863 = 21794117

    View Slide

  84. Factor 21794117

    View Slide

  85. RSA

    View Slide

  86. Diffie-Hellman

    View Slide

  87. Computer Science E-1
    Lecture 6: Security

    View Slide