Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Lecture 6: CSCI E-1 Spring 2013

9e4d3e53f8525fdff00691a8b843e66b?s=47 Tommy MacWilliam
April 10, 2013
Education
1
260

Lecture 6: CSCI E-1 Spring 2013

9e4d3e53f8525fdff00691a8b843e66b?s=128

Tommy MacWilliam

April 10, 2013
Tweet

More Decks by Tommy MacWilliam

See All by Tommy MacWilliam
Lecture 9: CSCI E-1 Spring 2013
9e4d3e53f8525fdff00691a8b843e66b?s=48 tmacwill
0
140
Lecture 8: CSCI E-1 Spring 2013
9e4d3e53f8525fdff00691a8b843e66b?s=48 tmacwill
0
140
Lecture 7: CSCI E-1 Spring 2013
9e4d3e53f8525fdff00691a8b843e66b?s=48 tmacwill
0
220
Lecture 5: CSCI E-1 Spring 2013
9e4d3e53f8525fdff00691a8b843e66b?s=48 tmacwill
1
230
Incorporating Version Control into Programming Courses
9e4d3e53f8525fdff00691a8b843e66b?s=48 tmacwill
1
100
Lecture 4: CSCI E-1 Spring 2013
9e4d3e53f8525fdff00691a8b843e66b?s=48 tmacwill
0
200
Lecture 3: CSCI E-1 Spring 2013
9e4d3e53f8525fdff00691a8b843e66b?s=48 tmacwill
0
260
Lecture 2: CSCI E-1 Spring 2013
9e4d3e53f8525fdff00691a8b843e66b?s=48 tmacwill
0
460
Lecture 1: CSCI E-1 Spring 2013
9e4d3e53f8525fdff00691a8b843e66b?s=48 tmacwill
0
300

Other Decks in Education

See All in Education
ポストSDGsのサステナビリティとウェルビーイング ― ESG投資および非財務情報法の開示/Sustainability_well-being
Fc104451852faeb0a42499180f53a1ff?s=48 tkimura12
0
190
Adobe CC Express
18cdb6f294c8cb10a46167e462c2a51f?s=48 matleenalaakso
0
5.9k
東海大学特別講義 2022 前半資料
Fecdd3417cd7375cc0bd0352d72db27e?s=48 1ftseabass
PRO
0
230
TRPGからふりかえりを学ぶ~アジャイル以外のふりかえり文化~
Bf7fe621f4fe1615c228ef8a79b87282?s=48 shirayanagiryuji
0
1.1k
Baparekraf Developer Day 2022 - Front-End (Rizqy Hidayat)
349a7f52975989094c75c055f9f6ba25?s=48 dicodingevent
0
510
Course Review - Lecture 12 - Next Generation User Interfaces (4018166FNR)
1135dc242dcff3b90ae46fc586ff4da8?s=48 signer
PRO
0
650
WindowsコンテナDojo 全体スケジュールのご案内
B876625b5b40b0621fec49b07bd90e25?s=48 utsukibm
0
370
学生と社会人をいかにコミュニティで結びつけるか?
という試み / COMUCAL7
8c6c1f0c4c41d0640ade76bd71e9e475?s=48 gishi_yama
0
110
2030年代の情報教育のあり方についての提言
01092e4ff22045044d6ce79ce60ecdbc?s=48 codeforeveryone
2
3.3k
Studio Ghibli + Campus Júnior
8134c45512581a454768dbfa84f732fe?s=48 joantubau
0
660
2021年度「コンピュータサイエンス教育」の カリキュラム開発に向けての実証研究
01092e4ff22045044d6ce79ce60ecdbc?s=48 codeforeveryone
1
690
20220511pmtipslt
569640c367efbb9719e31fbfc4b6b147?s=48 levii
0
310

Featured

See All Featured
4 Signs Your Business is Dying
E4f5d494ebdc9e7cce1aecf3ce3e8bc1?s=48 shpigford
169
20k
How New CSS Is Changing Everything About Graphic Design on the Web
D83926c323d4f9289f947b4b4e76b939?s=48 jensimmons
213
11k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
D8fc2580cfaca035f666d9e4ee79a7f7?s=48 mongodb
29
4.3k
Build your cross-platform service in a week with App Engine
5f83ef806155b403c3393160ce51f955?s=48 jlugia
219
17k
Fashionably flexible responsive web design (full day workshop)
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
396
62k
Automating Front-end Workflow
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
1351
200k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
88f4e84b94fe07cddbd9e6479d689192?s=48 soudai
39
13k
Scaling GitHub
78b475797a14c84799063c7cd073962f?s=48 holman
451
140k
Agile that works and the tools we love
462dad0dd24c568a32dcdb0ae895ae1b?s=48 rasmusluckow
319
19k
The Success of Rails: Ensuring Growth for the Next 100 Years
C44e1f7e22c3f23cff7bc130871047ef?s=48 eileencodes
10
3.3k
Code Review Best Practice
3d6ace9554821d552146413bcdf874f6?s=48 trishagee
43
8.9k
Why Our Code Smells
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
PRO
324
55k

Transcript

  1. Computer Science E-1 Lecture 6: Security

  2. http://youtu.be/H542nLTTbu0

  3. http://bing.com

  4. http://vimeo.com/blog/post:564

  5. Security

  6. Authentication

  7. Cookies

  8. Sessions

  9. GET /home.php HTTP/1.1 Host: www.facebook.com Cookie: PHPSESSID=5153d29ed84c4

  10. GET /home.php HTTP/1.1 Host: www.facebook.com Cookie: PHPSESSID=5153d29ed84c4

  11. Session Hijacking

  12. None

  13. HTTPS

  14. Cryptography

  15. GET /home.php HTTP/1.1 Host: www.facebook.com Encrypt ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@#

  16. GET /home.php HTTP/1.1 Host: www.facebook.com Encrypt ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@# ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@#

    GET /home.php HTTP/1.1 Host: www.facebook.com Decrypt

  17. Wi-Fi Security

  18. WEP, WPA, WPA2

  19. CSRF

  20. https://bank.com/money/transfer? to=67890&amount=100

  21. None

  22. Ka-Boom.

  23. https://bank.com/money/transfer? to=67890&amount=100& token=8549ba93417cdef85

  24. <input type="hidden" name="csrfTokenHidden" value="12345" id="csrfTokenHidden">

  25. http://cse1.net/lecture6

  26. XSS

  27. <h1>Tommy</h1>

  28. None

  29. Ka-Boom.

  30. http://cse1.net/lecture6

  31. Databases

  32. Name DOB Color Preference Shocked Cat 3/17/2010 white indoor Grumpy

    Cat 4/4/2012 white indoor Keyboard Cat 1/1/1984 orange outdoor

  33. SQL

  34. SELECT name FROM cats

  35. SELECT * from cats WHERE preference = ‘indoor’

  36. INSERT INTO cats (name, dob, color, preference) VALUES ('Maru', '2008-06-01',

    'gray', 'indoor')

  37. UPDATE cats SET name = ‘shocked’ WHERE name = ‘Maru’

  38. DELETE FROM cats WHERE name = ‘Maru’

  39. CRUD

  40. Create Read Update Delete

  41. INSERT SELECT UPDATE DELETE

  42. SELECT * FROM profiles WHERE username = ‘zuck’

  43. I would like __ cheeseburgers cooked ____ and topped with

    ________.

  44. I would like 2 cheeseburgers cooked medium-well and topped with

    lettuce.

  45. I would like 2 cheeseburgers cooked and then thrown at

    the nearest customer’s head and topped with lettuce.

  46. Injection

  47. SELECT * FROM profiles WHERE username = ‘______’

  48. ‘ OR ‘1’ = ‘1

  49. SELECT * FROM profiles WHERE username = ‘’ OR ‘1’

    = ‘1’

  50. Ka-Boom.

  51. Authentication

  52. SELECT * FROM users WHERE username = ‘_____’ AND password

    = ‘_____’

  53. SELECT * FROM users WHERE username = ‘rj’ AND password

    = ‘’ OR ‘1’ = ‘1’

  54. Ka-Boom.

  55. ’; DELETE FROM profiles; --

  56. SELECT * FROM profiles WHERE username = ‘’; DELETE FROM

    profiles; --’
  57. None

  58. Sanitizing Input

  59. SELECT * FROM profiles WHERE username = '\' OR \'1\'

    = \'1'

  60. Permissions

  61. http://cse1.net/lecture6

  62. Encrypting Text

  63. Caesar Cipher

  64. ABCDEFGHIJKLMNOPQRSTUVWXYZ NOPQRSTUVWXYZABCDEFGHIJKLM

  65. ROT13

  66. banana

  67. onanan

  68. Brute-Force Attack

  69. ROT26

  70. Vigenère Cipher

  71. banana + 246246

  72. banana + 246246 detcrg

  73. banana + cegceg detcrg

  74. Plaintext: computer Key: benrj

  75. computer + benrjben

  76. computer + benrjben dszgduie

  77. Symmetric-Key Cryptography

  78. None

  79. Asymmetric-Key Cryptography

  80. Public/Private Keys

  81. None

  82. Trapdoor One-Way Function

  83. 2459 * 8863 = 21794117

  84. Factor 21794117

  85. RSA

  86. Diffie-Hellman

  87. Computer Science E-1 Lecture 6: Security