Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Lecture 6: CSCI E-1 Spring 2013

Avatar for Tommy MacWilliam Tommy MacWilliam
April 10, 2013
Education
1
480

Lecture 6: CSCI E-1 Spring 2013

Avatar for Tommy MacWilliam

Tommy MacWilliam

April 10, 2013
Tweet

More Decks by Tommy MacWilliam

See All by Tommy MacWilliam
Lecture 9: CSCI E-1 Spring 2013
Avatar for Tommy MacWilliam tmacwill
0
330
Lecture 8: CSCI E-1 Spring 2013
Avatar for Tommy MacWilliam tmacwill
0
500
Lecture 7: CSCI E-1 Spring 2013
Avatar for Tommy MacWilliam tmacwill
0
620
Lecture 5: CSCI E-1 Spring 2013
Avatar for Tommy MacWilliam tmacwill
1
650
Incorporating Version Control into Programming Courses
Avatar for Tommy MacWilliam tmacwill
1
120
Lecture 4: CSCI E-1 Spring 2013
Avatar for Tommy MacWilliam tmacwill
0
440
Lecture 3: CSCI E-1 Spring 2013
Avatar for Tommy MacWilliam tmacwill
0
530
Lecture 2: CSCI E-1 Spring 2013
Avatar for Tommy MacWilliam tmacwill
0
860
Lecture 1: CSCI E-1 Spring 2013
Avatar for Tommy MacWilliam tmacwill
0
320

Other Decks in Education

See All in Education
”育てる”から”育つ”仕組みへ!スクラムによる新入社員教育
Avatar for a-nakamura1015 arapon
0
140
20250611_なんでもCopilot1年続いたぞ~
Avatar for ponponmikan ponponmikankan
0
170
学びは趣味の延長線
Avatar for uutan1108 ohmori_yusuke
0
100
万博非公式マップとFOSS4G
Avatar for K.Sakanoshita barsaka2
0
1.1k
情報科学類で学べる専門科目38選
Avatar for Mutsuha Asada momeemt
0
580
Pydantic(AI)とJSONの詳細解説
Avatar for MIKIO KUBO mickey_kubo
0
190
H5P-työkalut
Avatar for Matleena Laakso matleenalaakso
4
40k
登壇未経験者のための登壇戦略~LTは設計が9割!!!~
Avatar for モブエンジニア(Masaki Okuda) masakiokuda
3
670
Sponsor the Conference | VizChitra 2025
Avatar for VizChitra vizchitra
0
620
Human-AI Interaction - Lecture 11 - Next Generation User Interfaces (4018166FNR)
Avatar for Beat Signer signer
PRO
0
530
Ch1_-_Partie_1.pdf
Avatar for Monsieur Bernhard bernhardsvt
0
220
令和政経義塾第2期説明会
Avatar for 一般財団法人 nxji
0
200

Featured

See All Featured
Docker and Python
Avatar for Tania Allard trallard
45
3.6k
Done Done
Avatar for chrislema chrislema
185
16k
Product Roadmaps are Hard
Avatar for C. Todd Lombardo iamctodd
PRO
54
11k
The Straight Up "How To Draw Better" Workshop
Avatar for Dennis Kardys denniskardys
236
140k
Optimizing for Happiness
Avatar for Tom Preston-Werner mojombo
379
70k
Fantastic passwords and where to find them - at NoRuKo
Avatar for Phil Nash philnash
52
3.4k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
Avatar for mongodb mongodb
48
9.7k
What’s in a name? Adding method to the madness
Avatar for Product Marketing Alliance productmarketing
PRO
23
3.7k
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
74
5k
jQuery: Nuts, Bolts and Bling
Avatar for Doug Neiner dougneiner
64
7.9k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
Avatar for Eileen M. Uchitelle eileencodes
139
34k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
70
11k

Transcript

  1. Computer Science E-1 Lecture 6: Security

  2. http://youtu.be/H542nLTTbu0

  3. http://bing.com

  4. http://vimeo.com/blog/post:564

  5. Security

  6. Authentication

  7. Cookies

  8. Sessions

  9. GET /home.php HTTP/1.1 Host: www.facebook.com Cookie: PHPSESSID=5153d29ed84c4

  10. GET /home.php HTTP/1.1 Host: www.facebook.com Cookie: PHPSESSID=5153d29ed84c4

  11. Session Hijacking

  12. None

  13. HTTPS

  14. Cryptography

  15. GET /home.php HTTP/1.1 Host: www.facebook.com Encrypt ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@#

  16. GET /home.php HTTP/1.1 Host: www.facebook.com Encrypt ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@# ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@#

    GET /home.php HTTP/1.1 Host: www.facebook.com Decrypt

  17. Wi-Fi Security

  18. WEP, WPA, WPA2

  19. CSRF

  20. https://bank.com/money/transfer? to=67890&amount=100

  21. None

  22. Ka-Boom.

  23. https://bank.com/money/transfer? to=67890&amount=100& token=8549ba93417cdef85

  24. <input type="hidden" name="csrfTokenHidden" value="12345" id="csrfTokenHidden">

  25. http://cse1.net/lecture6

  26. XSS

  27. <h1>Tommy</h1>

  28. None

  29. Ka-Boom.

  30. http://cse1.net/lecture6

  31. Databases

  32. Name DOB Color Preference Shocked Cat 3/17/2010 white indoor Grumpy

    Cat 4/4/2012 white indoor Keyboard Cat 1/1/1984 orange outdoor

  33. SQL

  34. SELECT name FROM cats

  35. SELECT * from cats WHERE preference = ‘indoor’

  36. INSERT INTO cats (name, dob, color, preference) VALUES ('Maru', '2008-06-01',

    'gray', 'indoor')

  37. UPDATE cats SET name = ‘shocked’ WHERE name = ‘Maru’

  38. DELETE FROM cats WHERE name = ‘Maru’

  39. CRUD

  40. Create Read Update Delete

  41. INSERT SELECT UPDATE DELETE

  42. SELECT * FROM profiles WHERE username = ‘zuck’

  43. I would like __ cheeseburgers cooked ____ and topped with

    ________.

  44. I would like 2 cheeseburgers cooked medium-well and topped with

    lettuce.

  45. I would like 2 cheeseburgers cooked and then thrown at

    the nearest customer’s head and topped with lettuce.

  46. Injection

  47. SELECT * FROM profiles WHERE username = ‘______’

  48. ‘ OR ‘1’ = ‘1

  49. SELECT * FROM profiles WHERE username = ‘’ OR ‘1’

    = ‘1’

  50. Ka-Boom.

  51. Authentication

  52. SELECT * FROM users WHERE username = ‘_____’ AND password

    = ‘_____’

  53. SELECT * FROM users WHERE username = ‘rj’ AND password

    = ‘’ OR ‘1’ = ‘1’

  54. Ka-Boom.

  55. ’; DELETE FROM profiles; --

  56. SELECT * FROM profiles WHERE username = ‘’; DELETE FROM

    profiles; --’
  57. None

  58. Sanitizing Input

  59. SELECT * FROM profiles WHERE username = '\' OR \'1\'

    = \'1'

  60. Permissions

  61. http://cse1.net/lecture6

  62. Encrypting Text

  63. Caesar Cipher

  64. ABCDEFGHIJKLMNOPQRSTUVWXYZ NOPQRSTUVWXYZABCDEFGHIJKLM

  65. ROT13

  66. banana

  67. onanan

  68. Brute-Force Attack

  69. ROT26

  70. Vigenère Cipher

  71. banana + 246246

  72. banana + 246246 detcrg

  73. banana + cegceg detcrg

  74. Plaintext: computer Key: benrj

  75. computer + benrjben

  76. computer + benrjben dszgduie

  77. Symmetric-Key Cryptography

  78. None

  79. Asymmetric-Key Cryptography

  80. Public/Private Keys

  81. None

  82. Trapdoor One-Way Function

  83. 2459 * 8863 = 21794117

  84. Factor 21794117

  85. RSA

  86. Diffie-Hellman

  87. Computer Science E-1 Lecture 6: Security