Save 37% off PRO during our Black Friday Sale! »

Lecture 6: CSCI E-1 Spring 2013

9e4d3e53f8525fdff00691a8b843e66b?s=47 Tommy MacWilliam
April 10, 2013
Education
1
220

Lecture 6: CSCI E-1 Spring 2013

9e4d3e53f8525fdff00691a8b843e66b?s=128

Tommy MacWilliam

April 10, 2013
Tweet

More Decks by Tommy MacWilliam

See All by Tommy MacWilliam
9e4d3e53f8525fdff00691a8b843e66b?s=48 tmacwill
0
99
9e4d3e53f8525fdff00691a8b843e66b?s=48 tmacwill
0
110
9e4d3e53f8525fdff00691a8b843e66b?s=48 tmacwill
0
180
9e4d3e53f8525fdff00691a8b843e66b?s=48 tmacwill
1
190
9e4d3e53f8525fdff00691a8b843e66b?s=48 tmacwill
1
99
9e4d3e53f8525fdff00691a8b843e66b?s=48 tmacwill
0
160
9e4d3e53f8525fdff00691a8b843e66b?s=48 tmacwill
0
220
9e4d3e53f8525fdff00691a8b843e66b?s=48 tmacwill
0
410
9e4d3e53f8525fdff00691a8b843e66b?s=48 tmacwill
0
300

Other Decks in Education

See All in Education
874ff503a00697a857e198a0ebb8f55f?s=48 ailaboocu
0
110
18cdb6f294c8cb10a46167e462c2a51f?s=48 matleenalaakso
0
1.3k
874ff503a00697a857e198a0ebb8f55f?s=48 ailaboocu
0
110
Dd7ca8b38754ee75aeabeccbf58b053c?s=48 magnore2021
0
100
8c6c4d64f6fd9e19226ef0b210433fd3?s=48 cbtlibrary
0
120
E49f52f943e3f1ee664e949ae95a235b?s=48 y_ogawa_mhg
0
620
95d5cfc0ce395d0bfedeeb92d34261ce?s=48 tam07pb915
0
380
E373e83ab6a472c6c0370e03053ce247?s=48 shokokuro
0
1.4k
A10e41b0a61d59f2258d7f6172c33479?s=48 kaityo256
0
580
C548b8f4f64fdf90c7d62b22d23e127e?s=48 institucional
0
110
A10e41b0a61d59f2258d7f6172c33479?s=48 kaityo256
0
130
5c09f662722aedce68b28ccdb048e7f9?s=48 humanome
0
800

Featured

See All Featured
A9179349dd2bdc67f377719f56d85656?s=48 garrettdimon
294
110k
C157b16234f1e75e8eac3698c1d4414a?s=48 ddemaree
272
32k
245cee81a9c424266e5e401d844ea881?s=48 lara
175
11k
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
195
9.1k
61857dafbd287b3027c4dcea9008ad3c?s=48 carmenhchung
43
2.2k
Bfd6b681ec6e8c9bef82ff0521c364f7?s=48 kastner
56
2.1k
B3d6434763caa0ef5dc4b792662c49f7?s=48 smashingmag
236
18k
5ce91fa49a613cbc3e20d5f96856473f?s=48 edds
57
9.6k
9cde37f47e4a800ea081ea42de8d749a?s=48 dougneiner
56
5.7k
95d9f37115fbb0d13135d0f77132f856?s=48 morganepeng
32
2.6k
9128d500301ae51524e887bb680f471d?s=48 caitiem20
314
18k
9952dfcd5d338f8a8e7175c8a8f65fb5?s=48 wjessup
342
16k

Transcript

  1. Computer Science E-1 Lecture 6: Security

  2. http://youtu.be/H542nLTTbu0

  3. http://bing.com

  4. http://vimeo.com/blog/post:564

  5. Security

  6. Authentication

  7. Cookies

  8. Sessions

  9. GET /home.php HTTP/1.1 Host: www.facebook.com Cookie: PHPSESSID=5153d29ed84c4

  10. GET /home.php HTTP/1.1 Host: www.facebook.com Cookie: PHPSESSID=5153d29ed84c4

  11. Session Hijacking

  12. None

  13. HTTPS

  14. Cryptography

  15. GET /home.php HTTP/1.1 Host: www.facebook.com Encrypt ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@#

  16. GET /home.php HTTP/1.1 Host: www.facebook.com Encrypt ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@# ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@#

    GET /home.php HTTP/1.1 Host: www.facebook.com Decrypt

  17. Wi-Fi Security

  18. WEP, WPA, WPA2

  19. CSRF

  20. https://bank.com/money/transfer? to=67890&amount=100

  21. None

  22. Ka-Boom.

  23. https://bank.com/money/transfer? to=67890&amount=100& token=8549ba93417cdef85

  24. <input type="hidden" name="csrfTokenHidden" value="12345" id="csrfTokenHidden">

  25. http://cse1.net/lecture6

  26. XSS

  27. <h1>Tommy</h1>

  28. None

  29. Ka-Boom.

  30. http://cse1.net/lecture6

  31. Databases

  32. Name DOB Color Preference Shocked Cat 3/17/2010 white indoor Grumpy

    Cat 4/4/2012 white indoor Keyboard Cat 1/1/1984 orange outdoor

  33. SQL

  34. SELECT name FROM cats

  35. SELECT * from cats WHERE preference = ‘indoor’

  36. INSERT INTO cats (name, dob, color, preference) VALUES ('Maru', '2008-06-01',

    'gray', 'indoor')

  37. UPDATE cats SET name = ‘shocked’ WHERE name = ‘Maru’

  38. DELETE FROM cats WHERE name = ‘Maru’

  39. CRUD

  40. Create Read Update Delete

  41. INSERT SELECT UPDATE DELETE

  42. SELECT * FROM profiles WHERE username = ‘zuck’

  43. I would like __ cheeseburgers cooked ____ and topped with

    ________.

  44. I would like 2 cheeseburgers cooked medium-well and topped with

    lettuce.

  45. I would like 2 cheeseburgers cooked and then thrown at

    the nearest customer’s head and topped with lettuce.

  46. Injection

  47. SELECT * FROM profiles WHERE username = ‘______’

  48. ‘ OR ‘1’ = ‘1

  49. SELECT * FROM profiles WHERE username = ‘’ OR ‘1’

    = ‘1’

  50. Ka-Boom.

  51. Authentication

  52. SELECT * FROM users WHERE username = ‘_____’ AND password

    = ‘_____’

  53. SELECT * FROM users WHERE username = ‘rj’ AND password

    = ‘’ OR ‘1’ = ‘1’

  54. Ka-Boom.

  55. ’; DELETE FROM profiles; --

  56. SELECT * FROM profiles WHERE username = ‘’; DELETE FROM

    profiles; --’
  57. None

  58. Sanitizing Input

  59. SELECT * FROM profiles WHERE username = '\' OR \'1\'

    = \'1'

  60. Permissions

  61. http://cse1.net/lecture6

  62. Encrypting Text

  63. Caesar Cipher

  64. ABCDEFGHIJKLMNOPQRSTUVWXYZ NOPQRSTUVWXYZABCDEFGHIJKLM

  65. ROT13

  66. banana

  67. onanan

  68. Brute-Force Attack

  69. ROT26

  70. Vigenère Cipher

  71. banana + 246246

  72. banana + 246246 detcrg

  73. banana + cegceg detcrg

  74. Plaintext: computer Key: benrj

  75. computer + benrjben

  76. computer + benrjben dszgduie

  77. Symmetric-Key Cryptography

  78. None

  79. Asymmetric-Key Cryptography

  80. Public/Private Keys

  81. None

  82. Trapdoor One-Way Function

  83. 2459 * 8863 = 21794117

  84. Factor 21794117

  85. RSA

  86. Diffie-Hellman

  87. Computer Science E-1 Lecture 6: Security