Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS144: Security. Smart Card OTP card Buffer Overflow Attack main() { if (login()) start_session(); return 0; } login() { char passwd[10]; gets(passwd);

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "CS144: Security. Smart Card OTP card Buffer Overflow Attack main() { if (login()) start_session(); return 0; } login() { char passwd[10]; gets(passwd);"— Presentation transcript:

1 CS144: Security

2

3 Smart Card

4 OTP card

5 Buffer Overflow Attack main() { if (login()) start_session(); return 0; } login() { char passwd[10]; gets(passwd); return (strcmp(passwd, "mypasswd") == 0); } start_session() {... }

6 Client State Manipulation …

7 SQL/Command Injection “SELECT name, price FROM product WHERE id =“ + user_input + “;” system(“cp file1.dat” + user_input);

8 SQL Prepared Statement PreparedStatement s = db.prepareStatement("SELECT * from Product WHERE id = ?"); s.setInt(1, Integer.parseInt(user_input)); ResultSet rs = s.executeQuery();

9 Cross Site Scripting (XSS) Welcome to $user_name$ ’s profile …

10 Cross Site Request Forgery (XSRF) The user visited http://victim.com beforehttp://victim.com The user is at http://evilsite.com nowhttp://evilsite.com <input type=“hidden” name=“newpassword” value=“hacked”> document.hack.submit()

Download ppt "CS144: Security. Smart Card OTP card Buffer Overflow Attack main() { if (login()) start_session(); return 0; } login() { char passwd[10]; gets(passwd);"

Similar presentations

Nick Feamster CS 6262 Spring 2009

Nick Feamster CS 6262 Spring 2009
Webgoat.

Webgoat.
Preventing Web Application Injections with Complementary Character Coding Raymond Mui Phyllis Frankl Polytechnic Institute of NYU Presented at ESORICS.

Preventing Web Application Injections with Complementary Character Coding Raymond Mui Phyllis Frankl Polytechnic Institute of NYU Presented at ESORICS.
Web Security Never, ever, trust user inputs Supankar.

Web Security Never, ever, trust user inputs Supankar.
Into the Mind of the Hacker: Hands-On Web Application Hacking Adam Doupé University of California, Santa Barbara 4/23/12.

Into the Mind of the Hacker: Hands-On Web Application Hacking Adam Doupé University of California, Santa Barbara 4/23/12.
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Misc. Announcements Backup your work! Document team members’ contributions (so that if there is any dispute …) More Bonus credits: Create screencasts for.

Misc. Announcements Backup your work! Document team members’ contributions (so that if there is any dispute …) More Bonus credits: Create screencasts for.
Chapter 4 Application Security Knowledge and Test Prep

Chapter 4 Application Security Knowledge and Test Prep
Exploits: XSS, SQLI, Buffer Overflow

Exploits: XSS, SQLI, Buffer Overflow
1 SQL injection: attacks and defenses Dan Boneh CS 142 Winter 2009.

1 SQL injection: attacks and defenses Dan Boneh CS 142 Winter 2009.
WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.

WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.
Web Application Attacks ECE 4112 Fall 2007 Group 9 Zafeer Khan & Simmon Yau.

Web Application Attacks ECE 4112 Fall 2007 Group 9 Zafeer Khan & Simmon Yau.
Cross-Site Scripting Vulnerabilities Adam Doupé 11/24/2014.

Cross-Site Scripting Vulnerabilities Adam Doupé 11/24/2014.
Twin Cities Java User Group Introduction to Writing Secure Web Applications March 9th, 2009 Jason Dean Minnesota Department of Health.

Twin Cities Java User Group Introduction to Writing Secure Web Applications March 9th, 2009 Jason Dean Minnesota Department of Health.
+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.

+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.
CSCI 6962: Server-side Design and Programming Secure Web Programming.

CSCI 6962: Server-side Design and Programming Secure Web Programming.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
Approaches to Application Security – DSM

Approaches to Application Security – DSM
Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.

Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.

Similar presentations

Ads by Google