Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Lecture 6: CSCI E-1 Spring 2013
Search
Tommy MacWilliam
April 10, 2013
Education
1
490
Lecture 6: CSCI E-1 Spring 2013
Tommy MacWilliam
April 10, 2013
Tweet
Share
More Decks by Tommy MacWilliam
See All by Tommy MacWilliam
Lecture 9: CSCI E-1 Spring 2013
tmacwill
0
330
Lecture 8: CSCI E-1 Spring 2013
tmacwill
0
510
Lecture 7: CSCI E-1 Spring 2013
tmacwill
0
630
Lecture 5: CSCI E-1 Spring 2013
tmacwill
1
670
Incorporating Version Control into Programming Courses
tmacwill
1
120
Lecture 4: CSCI E-1 Spring 2013
tmacwill
0
440
Lecture 3: CSCI E-1 Spring 2013
tmacwill
0
530
Lecture 2: CSCI E-1 Spring 2013
tmacwill
0
870
Lecture 1: CSCI E-1 Spring 2013
tmacwill
0
320
Other Decks in Education
See All in Education
DIP_1_Introduction
hachama
0
180
生成AIとの付き合い方 / Generative AI and us
kaityo256
PRO
6
1.2k
今までのやり方でやってみよう!?~今までのやり方でやってみよう!?~
kanamitsu
0
180
Présentation_2nde_2025.pdf
bernhardsvt
0
230
Online Privacy
takahitosakamoto
1
120
【品女100周年企画】Pitch Deck
shinagawajoshigakuin_100th
0
7.1k
Introduction - Lecture 1 - Web Technologies (1019888BNR)
signer
PRO
0
5.6k
バケットポリシーの記述を誤りマネコンからS3バケットを操作できなくなりそうになった話
amarelo_n24
1
100
生成AI活用セミナー/GAI-workshop
gnutar
0
120
Avoin jakaminen ja Creative Commons -lisenssit
matleenalaakso
0
2k
ÉTICA, INCLUSIÓN, EDUCACIÓN INTEGRAL Y NEURODERECHOS EN EL CONTEXTO DEL NEUROMANAGEMENT
jvpcubias
0
110
高校におけるプログラミング教育を考える
naokikato
PRO
0
160
Featured
See All Featured
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.1k
jQuery: Nuts, Bolts and Bling
dougneiner
64
7.9k
Bash Introduction
62gerente
615
210k
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
127
53k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
2.6k
Git: the NoSQL Database
bkeepers
PRO
431
66k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
9
570
Building Better People: How to give real-time feedback that sticks.
wjessup
368
20k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
46
7.6k
Six Lessons from altMBA
skipperchong
28
4k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
657
61k
Transcript
Computer Science E-1 Lecture 6: Security
http://youtu.be/H542nLTTbu0
http://bing.com
http://vimeo.com/blog/post:564
Security
Authentication
Cookies
Sessions
GET /home.php HTTP/1.1 Host: www.facebook.com Cookie: PHPSESSID=5153d29ed84c4
GET /home.php HTTP/1.1 Host: www.facebook.com Cookie: PHPSESSID=5153d29ed84c4
Session Hijacking
None
HTTPS
Cryptography
GET /home.php HTTP/1.1 Host: www.facebook.com Encrypt ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@#
GET /home.php HTTP/1.1 Host: www.facebook.com Encrypt ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@# ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@#
GET /home.php HTTP/1.1 Host: www.facebook.com Decrypt
Wi-Fi Security
WEP, WPA, WPA2
CSRF
https://bank.com/money/transfer? to=67890&amount=100
None
Ka-Boom.
https://bank.com/money/transfer? to=67890&amount=100& token=8549ba93417cdef85
<input type="hidden" name="csrfTokenHidden" value="12345" id="csrfTokenHidden">
http://cse1.net/lecture6
XSS
<h1>Tommy</h1>
None
Ka-Boom.
http://cse1.net/lecture6
Databases
Name DOB Color Preference Shocked Cat 3/17/2010 white indoor Grumpy
Cat 4/4/2012 white indoor Keyboard Cat 1/1/1984 orange outdoor
SQL
SELECT name FROM cats
SELECT * from cats WHERE preference = ‘indoor’
INSERT INTO cats (name, dob, color, preference) VALUES ('Maru', '2008-06-01',
'gray', 'indoor')
UPDATE cats SET name = ‘shocked’ WHERE name = ‘Maru’
DELETE FROM cats WHERE name = ‘Maru’
CRUD
Create Read Update Delete
INSERT SELECT UPDATE DELETE
SELECT * FROM profiles WHERE username = ‘zuck’
I would like __ cheeseburgers cooked ____ and topped with
________.
I would like 2 cheeseburgers cooked medium-well and topped with
lettuce.
I would like 2 cheeseburgers cooked and then thrown at
the nearest customer’s head and topped with lettuce.
Injection
SELECT * FROM profiles WHERE username = ‘______’
‘ OR ‘1’ = ‘1
SELECT * FROM profiles WHERE username = ‘’ OR ‘1’
= ‘1’
Ka-Boom.
Authentication
SELECT * FROM users WHERE username = ‘_____’ AND password
= ‘_____’
SELECT * FROM users WHERE username = ‘rj’ AND password
= ‘’ OR ‘1’ = ‘1’
Ka-Boom.
’; DELETE FROM profiles; --
SELECT * FROM profiles WHERE username = ‘’; DELETE FROM
profiles; --’
None
Sanitizing Input
SELECT * FROM profiles WHERE username = '\' OR \'1\'
= \'1'
Permissions
http://cse1.net/lecture6
Encrypting Text
Caesar Cipher
ABCDEFGHIJKLMNOPQRSTUVWXYZ NOPQRSTUVWXYZABCDEFGHIJKLM
ROT13
banana
onanan
Brute-Force Attack
ROT26
Vigenère Cipher
banana + 246246
banana + 246246 detcrg
banana + cegceg detcrg
Plaintext: computer Key: benrj
computer + benrjben
computer + benrjben dszgduie
Symmetric-Key Cryptography
None
Asymmetric-Key Cryptography
Public/Private Keys
None
Trapdoor One-Way Function
2459 * 8863 = 21794117
Factor 21794117
RSA
Diffie-Hellman
Computer Science E-1 Lecture 6: Security