Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Lecture 6: CSCI E-1 Spring 2013
Search
Tommy MacWilliam
April 10, 2013
Education
1
480
Lecture 6: CSCI E-1 Spring 2013
Tommy MacWilliam
April 10, 2013
Tweet
Share
More Decks by Tommy MacWilliam
See All by Tommy MacWilliam
Lecture 9: CSCI E-1 Spring 2013
tmacwill
0
330
Lecture 8: CSCI E-1 Spring 2013
tmacwill
0
500
Lecture 7: CSCI E-1 Spring 2013
tmacwill
0
610
Lecture 5: CSCI E-1 Spring 2013
tmacwill
1
650
Incorporating Version Control into Programming Courses
tmacwill
1
120
Lecture 4: CSCI E-1 Spring 2013
tmacwill
0
430
Lecture 3: CSCI E-1 Spring 2013
tmacwill
0
520
Lecture 2: CSCI E-1 Spring 2013
tmacwill
0
860
Lecture 1: CSCI E-1 Spring 2013
tmacwill
0
320
Other Decks in Education
See All in Education
人になにかを教えるときに考えていること(2025-05版 / VRC-LT #18)
sksat
4
1.1k
OpenSourceSummitJapanを運営してみた話
kujiraitakahiro
0
760
Gamified Interventions for Composting Behavior: A Case Study Using the Gamiflow Framework in a Workplace Setting
ezefranca
1
200
2025年度春学期 統計学 第13回 不確かな測定の不確かさを測る ー 不偏分散とt分布 (2025. 7. 3)
akiraasano
PRO
0
110
Info Session MSc Computer Science & MSc Applied Informatics
signer
PRO
0
200
2025年度春学期 統計学 第11回 分布の「型」を考える ー 確率分布モデルと正規分布 (2025. 6. 19)
akiraasano
PRO
0
150
Tutorial: Foundations of Blind Source Separation and Its Advances in Spatial Self-Supervised Learning
yoshipon
1
130
生成AI
takenawa
0
11k
AIの時代こそ、考える知的学習術
yum3
2
180
2025年度春学期 統計学 第14回 分布についての仮説を検証する ー 仮説検定(1) (2025. 7. 10)
akiraasano
PRO
0
120
American Airlines® USA Contact Numbers: The Ultimate 2025 Guide
lievliev
0
240
Sponsor the Conference | VizChitra 2025
vizchitra
0
590
Featured
See All Featured
Optimising Largest Contentful Paint
csswizardry
37
3.4k
Rebuilding a faster, lazier Slack
samanthasiow
83
9.1k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
126
53k
Building Adaptive Systems
keathley
43
2.7k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Producing Creativity
orderedlist
PRO
346
40k
VelocityConf: Rendering Performance Case Studies
addyosmani
332
24k
Designing for Performance
lara
610
69k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
10
1k
Why Our Code Smells
bkeepers
PRO
337
57k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
283
13k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
45
7.5k
Transcript
Computer Science E-1 Lecture 6: Security
http://youtu.be/H542nLTTbu0
http://bing.com
http://vimeo.com/blog/post:564
Security
Authentication
Cookies
Sessions
GET /home.php HTTP/1.1 Host: www.facebook.com Cookie: PHPSESSID=5153d29ed84c4
GET /home.php HTTP/1.1 Host: www.facebook.com Cookie: PHPSESSID=5153d29ed84c4
Session Hijacking
None
HTTPS
Cryptography
GET /home.php HTTP/1.1 Host: www.facebook.com Encrypt ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@#
GET /home.php HTTP/1.1 Host: www.facebook.com Encrypt ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@# ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@#
GET /home.php HTTP/1.1 Host: www.facebook.com Decrypt
Wi-Fi Security
WEP, WPA, WPA2
CSRF
https://bank.com/money/transfer? to=67890&amount=100
None
Ka-Boom.
https://bank.com/money/transfer? to=67890&amount=100& token=8549ba93417cdef85
<input type="hidden" name="csrfTokenHidden" value="12345" id="csrfTokenHidden">
http://cse1.net/lecture6
XSS
<h1>Tommy</h1>
None
Ka-Boom.
http://cse1.net/lecture6
Databases
Name DOB Color Preference Shocked Cat 3/17/2010 white indoor Grumpy
Cat 4/4/2012 white indoor Keyboard Cat 1/1/1984 orange outdoor
SQL
SELECT name FROM cats
SELECT * from cats WHERE preference = ‘indoor’
INSERT INTO cats (name, dob, color, preference) VALUES ('Maru', '2008-06-01',
'gray', 'indoor')
UPDATE cats SET name = ‘shocked’ WHERE name = ‘Maru’
DELETE FROM cats WHERE name = ‘Maru’
CRUD
Create Read Update Delete
INSERT SELECT UPDATE DELETE
SELECT * FROM profiles WHERE username = ‘zuck’
I would like __ cheeseburgers cooked ____ and topped with
________.
I would like 2 cheeseburgers cooked medium-well and topped with
lettuce.
I would like 2 cheeseburgers cooked and then thrown at
the nearest customer’s head and topped with lettuce.
Injection
SELECT * FROM profiles WHERE username = ‘______’
‘ OR ‘1’ = ‘1
SELECT * FROM profiles WHERE username = ‘’ OR ‘1’
= ‘1’
Ka-Boom.
Authentication
SELECT * FROM users WHERE username = ‘_____’ AND password
= ‘_____’
SELECT * FROM users WHERE username = ‘rj’ AND password
= ‘’ OR ‘1’ = ‘1’
Ka-Boom.
’; DELETE FROM profiles; --
SELECT * FROM profiles WHERE username = ‘’; DELETE FROM
profiles; --’
None
Sanitizing Input
SELECT * FROM profiles WHERE username = '\' OR \'1\'
= \'1'
Permissions
http://cse1.net/lecture6
Encrypting Text
Caesar Cipher
ABCDEFGHIJKLMNOPQRSTUVWXYZ NOPQRSTUVWXYZABCDEFGHIJKLM
ROT13
banana
onanan
Brute-Force Attack
ROT26
Vigenère Cipher
banana + 246246
banana + 246246 detcrg
banana + cegceg detcrg
Plaintext: computer Key: benrj
computer + benrjben
computer + benrjben dszgduie
Symmetric-Key Cryptography
None
Asymmetric-Key Cryptography
Public/Private Keys
None
Trapdoor One-Way Function
2459 * 8863 = 21794117
Factor 21794117
RSA
Diffie-Hellman
Computer Science E-1 Lecture 6: Security
tmacwill
sksat
kujiraitakahiro
ezefranca
akiraasano
signer
yoshipon
takenawa
yum3
lievliev
vizchitra
csswizardry
samanthasiow
aki_iinuma
keathley
chriscoyier
orderedlist
addyosmani
lara
tammyeverts
bkeepers
stephaniewalter
eileencodes
