Lecture 6: CSCI E-1 Spring 2013

9e4d3e53f8525fdff00691a8b843e66b?s=47 Tommy MacWilliam
April 10, 2013
Education
1
190

Lecture 6: CSCI E-1 Spring 2013

9e4d3e53f8525fdff00691a8b843e66b?s=128

Tommy MacWilliam

April 10, 2013
Tweet

Want more?

9e4d3e53f8525fdff00691a8b843e66b?s=48 tmacwill
0
57
9e4d3e53f8525fdff00691a8b843e66b?s=48 tmacwill
0
56
9e4d3e53f8525fdff00691a8b843e66b?s=48 tmacwill
0
120
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
10
540
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
2
280
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
0
180
61857dafbd287b3027c4dcea9008ad3c?s=48 carmenhchung
6
350
06f8b41980eb4c577fa40c41d5030c19?s=48 keathley
6
220
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
3
310
C35e01544a0dd94a2cf1619ee8a42ebb?s=48 clairelew
4
580
6bb82b13cda86d3b821fa44100335ddf?s=48 thoeni
1
170
B3ace07412a5178ea778e7eec161fc0a?s=48 jcasabona
4
250

Transcript

  1. 1.

    Computer Science E-1 Lecture 6: Security

  2. 2.

    http://youtu.be/H542nLTTbu0

  3. 3.

    http://bing.com

  4. 4.

    http://vimeo.com/blog/post:564

  5. 5.

    Security

  6. 6.

    Authentication

  7. 7.

    Cookies

  8. 8.

    Sessions

  9. 9.

    GET /home.php HTTP/1.1 Host: www.facebook.com Cookie: PHPSESSID=5153d29ed84c4

  10. 10.

    GET /home.php HTTP/1.1 Host: www.facebook.com Cookie: PHPSESSID=5153d29ed84c4

  11. 11.

    Session Hijacking

  12. 12.
    None
  13. 13.

    HTTPS

  14. 14.

    Cryptography

  15. 15.

    GET /home.php HTTP/1.1 Host: www.facebook.com Encrypt ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@#

  16. 16.

    GET /home.php HTTP/1.1 Host: www.facebook.com Encrypt ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@# ehosn9745t987gnlkjab 7@5uejfnjasdbfxb98@#

    GET /home.php HTTP/1.1 Host: www.facebook.com Decrypt
  17. 17.

    Wi-Fi Security

  18. 18.

    WEP, WPA, WPA2

  19. 19.

    CSRF

  20. 20.

    https://bank.com/money/transfer? to=67890&amount=100

  21. 21.
    None
  22. 22.

    Ka-Boom.

  23. 23.

    https://bank.com/money/transfer? to=67890&amount=100& token=8549ba93417cdef85

  24. 24.

    <input type="hidden" name="csrfTokenHidden" value="12345" id="csrfTokenHidden">

  25. 25.

    http://cse1.net/lecture6

  26. 26.

    XSS

  27. 27.

    <h1>Tommy</h1>

  28. 28.
    None
  29. 29.

    Ka-Boom.

  30. 30.

    http://cse1.net/lecture6

  31. 31.

    Databases

  32. 32.

    Name DOB Color Preference Shocked Cat 3/17/2010 white indoor Grumpy

    Cat 4/4/2012 white indoor Keyboard Cat 1/1/1984 orange outdoor
  33. 33.

    SQL

  34. 34.

    SELECT name FROM cats

  35. 35.

    SELECT * from cats WHERE preference = ‘indoor’

  36. 36.

    INSERT INTO cats (name, dob, color, preference) VALUES ('Maru', '2008-06-01',

    'gray', 'indoor')
  37. 37.

    UPDATE cats SET name = ‘shocked’ WHERE name = ‘Maru’

  38. 38.

    DELETE FROM cats WHERE name = ‘Maru’

  39. 39.

    CRUD

  40. 40.

    Create Read Update Delete

  41. 41.

    INSERT SELECT UPDATE DELETE

  42. 42.

    SELECT * FROM profiles WHERE username = ‘zuck’

  43. 43.

    I would like __ cheeseburgers cooked ____ and topped with

    ________.
  44. 44.

    I would like 2 cheeseburgers cooked medium-well and topped with

    lettuce.
  45. 45.

    I would like 2 cheeseburgers cooked and then thrown at

    the nearest customer’s head and topped with lettuce.
  46. 46.

    Injection

  47. 47.

    SELECT * FROM profiles WHERE username = ‘______’

  48. 48.

    ‘ OR ‘1’ = ‘1

  49. 49.

    SELECT * FROM profiles WHERE username = ‘’ OR ‘1’

    = ‘1’
  50. 50.

    Ka-Boom.

  51. 51.

    Authentication

  52. 52.

    SELECT * FROM users WHERE username = ‘_____’ AND password

    = ‘_____’
  53. 53.

    SELECT * FROM users WHERE username = ‘rj’ AND password

    = ‘’ OR ‘1’ = ‘1’
  54. 54.

    Ka-Boom.

  55. 55.

    ’; DELETE FROM profiles; --

  56. 56.

    SELECT * FROM profiles WHERE username = ‘’; DELETE FROM

    profiles; --’
  57. 57.
    None
  58. 58.

    Sanitizing Input

  59. 59.

    SELECT * FROM profiles WHERE username = '\' OR \'1\'

    = \'1'
  60. 60.

    Permissions

  61. 61.

    http://cse1.net/lecture6

  62. 62.

    Encrypting Text

  63. 63.

    Caesar Cipher

  64. 64.

    ABCDEFGHIJKLMNOPQRSTUVWXYZ NOPQRSTUVWXYZABCDEFGHIJKLM

  65. 65.

    ROT13

  66. 66.

    banana

  67. 67.

    onanan

  68. 68.

    Brute-Force Attack

  69. 69.

    ROT26

  70. 70.

    Vigenère Cipher

  71. 71.

    banana + 246246

  72. 72.

    banana + 246246 detcrg

  73. 73.

    banana + cegceg detcrg

  74. 74.

    Plaintext: computer Key: benrj

  75. 75.

    computer + benrjben

  76. 76.

    computer + benrjben dszgduie

  77. 77.

    Symmetric-Key Cryptography

  78. 78.
    None
  79. 79.

    Asymmetric-Key Cryptography

  80. 80.

    Public/Private Keys

  81. 81.
    None
  82. 82.

    Trapdoor One-Way Function

  83. 83.

    2459 * 8863 = 21794117

  84. 84.

    Factor 21794117

  85. 85.

    RSA

  86. 86.

    Diffie-Hellman

  87. 87.

    Computer Science E-1 Lecture 6: Security