$30 off During Our Annual Pro Sale. View details »

Lecture 6: CSCI E-1 Spring 2013

Tommy MacWilliam
April 10, 2013
Education
1
290

Lecture 6: CSCI E-1 Spring 2013

Tommy MacWilliam

April 10, 2013
Tweet

More Decks by Tommy MacWilliam

See All by Tommy MacWilliam
Lecture 9: CSCI E-1 Spring 2013
tmacwill
0
160
Lecture 8: CSCI E-1 Spring 2013
tmacwill
0
170
Lecture 7: CSCI E-1 Spring 2013
tmacwill
0
250
Lecture 5: CSCI E-1 Spring 2013
tmacwill
1
250
Incorporating Version Control into Programming Courses
tmacwill
1
100
Lecture 4: CSCI E-1 Spring 2013
tmacwill
0
220
Lecture 3: CSCI E-1 Spring 2013
tmacwill
0
290
Lecture 2: CSCI E-1 Spring 2013
tmacwill
0
500
Lecture 1: CSCI E-1 Spring 2013
tmacwill
0
310

Other Decks in Education

See All in Education
1026
cbtlibrary
0
130
HT22 - DA106A - Ramverk
tibbelit
0
140
Animaatiot opetuksessa
matleenalaakso
0
2.1k
Comment construire un plan de communication?
martine
0
420
明日から使えるテスト技法勉強会_2_クラシフィケーションツリー法
gihoz_support
0
110
Slaves or Servants?
oripsolob
0
770
アロマンティックアセクシャルによる恋愛解説 #1
umeta
0
410
中学校理科における環境シティズンシップ教育の実践
sakunao
0
120
サムライカレービギナーズ@タイ 2023/夏 説明資料
samuraicurry
PRO
1
160
HT22 - DA106A - Responsiv webbutveckling
tibbelit
0
200
【2022夏レポート】ミライ・キャンバス@北海道上川町
ashitanoterakoya
0
160
Notionで学生生活を充実させる方法3選
shogotahara
0
260

Featured

See All Featured
The Language of Interfaces
destraynor
148
21k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
32
5.9k
Happy Clients
brianwarren
89
5.7k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
349
27k
Why Our Code Smells
bkeepers
PRO
326
55k
Designing for humans not robots
tammielis
244
24k
Web development in the modern age
philhawksworth
197
9.5k
The World Runs on Bad Software
bkeepers
PRO
59
5.6k
No one is an island. Learnings from fostering a developers community.
thoeni
11
1.4k
GraphQLの誤解/rethinking-graphql
sonatard
36
7.6k
Optimizing for Happiness
mojombo
364
64k
5 minutes of I Can Smell Your CMS
philhawksworth
197
18k

Transcript

  1. Computer Science E-1 Lecture 6: Security

  2. http://youtu.be/H542nLTTbu0

  3. http://bing.com

  4. http://vimeo.com/blog/post:564

  5. Security

  6. Authentication

  7. Cookies

  8. Sessions

  9. GET /home.php HTTP/1.1 Host: www.facebook.com Cookie: PHPSESSID=5153d29ed84c4

  10. GET /home.php HTTP/1.1 Host: www.facebook.com Cookie: PHPSESSID=5153d29ed84c4

  11. Session Hijacking

  12. None

  13. HTTPS

  14. Cryptography

  15. GET /home.php HTTP/1.1 Host: www.facebook.com Encrypt ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@#

  16. GET /home.php HTTP/1.1 Host: www.facebook.com Encrypt ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@# ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@#

    GET /home.php HTTP/1.1 Host: www.facebook.com Decrypt

  17. Wi-Fi Security

  18. WEP, WPA, WPA2

  19. CSRF

  20. https://bank.com/money/transfer? to=67890&amount=100

  21. None

  22. Ka-Boom.

  23. https://bank.com/money/transfer? to=67890&amount=100& token=8549ba93417cdef85

  24. <input type="hidden" name="csrfTokenHidden" value="12345" id="csrfTokenHidden">

  25. http://cse1.net/lecture6

  26. XSS

  27. <h1>Tommy</h1>

  28. None

  29. Ka-Boom.

  30. http://cse1.net/lecture6

  31. Databases

  32. Name DOB Color Preference Shocked Cat 3/17/2010 white indoor Grumpy

    Cat 4/4/2012 white indoor Keyboard Cat 1/1/1984 orange outdoor

  33. SQL

  34. SELECT name FROM cats

  35. SELECT * from cats WHERE preference = ‘indoor’

  36. INSERT INTO cats (name, dob, color, preference) VALUES ('Maru', '2008-06-01',

    'gray', 'indoor')

  37. UPDATE cats SET name = ‘shocked’ WHERE name = ‘Maru’

  38. DELETE FROM cats WHERE name = ‘Maru’

  39. CRUD

  40. Create Read Update Delete

  41. INSERT SELECT UPDATE DELETE

  42. SELECT * FROM profiles WHERE username = ‘zuck’

  43. I would like __ cheeseburgers cooked ____ and topped with

    ________.

  44. I would like 2 cheeseburgers cooked medium-well and topped with

    lettuce.

  45. I would like 2 cheeseburgers cooked and then thrown at

    the nearest customer’s head and topped with lettuce.

  46. Injection

  47. SELECT * FROM profiles WHERE username = ‘______’

  48. ‘ OR ‘1’ = ‘1

  49. SELECT * FROM profiles WHERE username = ‘’ OR ‘1’

    = ‘1’

  50. Ka-Boom.

  51. Authentication

  52. SELECT * FROM users WHERE username = ‘_____’ AND password

    = ‘_____’

  53. SELECT * FROM users WHERE username = ‘rj’ AND password

    = ‘’ OR ‘1’ = ‘1’

  54. Ka-Boom.

  55. ’; DELETE FROM profiles; --

  56. SELECT * FROM profiles WHERE username = ‘’; DELETE FROM

    profiles; --’
  57. None

  58. Sanitizing Input

  59. SELECT * FROM profiles WHERE username = '\' OR \'1\'

    = \'1'

  60. Permissions

  61. http://cse1.net/lecture6

  62. Encrypting Text

  63. Caesar Cipher

  64. ABCDEFGHIJKLMNOPQRSTUVWXYZ NOPQRSTUVWXYZABCDEFGHIJKLM

  65. ROT13

  66. banana

  67. onanan

  68. Brute-Force Attack

  69. ROT26

  70. Vigenère Cipher

  71. banana + 246246

  72. banana + 246246 detcrg

  73. banana + cegceg detcrg

  74. Plaintext: computer Key: benrj

  75. computer + benrjben

  76. computer + benrjben dszgduie

  77. Symmetric-Key Cryptography

  78. None

  79. Asymmetric-Key Cryptography

  80. Public/Private Keys

  81. None

  82. Trapdoor One-Way Function

  83. 2459 * 8863 = 21794117

  84. Factor 21794117

  85. RSA

  86. Diffie-Hellman

  87. Computer Science E-1 Lecture 6: Security