Ethics CSE 545 – Software Security Spring 2018 Adam Doupé

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Black, White, Grey Hat Hackers Not all hackers are bad…which one’s which?
Ethics CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University
Prepared by: Nahed Al-Salah
1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.
The Hacker Mindset CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.
Hands-On Ethical Hacking and Network Defense
Professional Ethics and Responsibilities
The Business of Penetration Testing
Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.
SEC835 Database and Web application security Information Security Architecture.
Defining Computer Security cybertechnology security can be thought of in terms of various counter measures: (i) unauthorized access to systems (ii) alteration.
Module 3 – Security and Privacy SOCIAL MEDIA IN BUSINESS.
Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
Chapter 1 Ethical Hacking Overview. Objectives After reading this chapter and completing the exercises, you will be able to: Describe the role of an ethical.
Ethical Hacking and Network Defense NCTT Winter Workshop January 11, 2006.
Back to the Basics The Ethical Aspect of Reverse Engineering.
Viruses For… What is a virus? A virus, affects your computer and damages its software. It can affect your computer, and some viruses can damage your.
WHAT IS HACKING? Hacking is an act of controlling computer systems to get information about the system and how it works. Technically, a hacker is someone.
Ethics CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University
Web Security Introduction to Ethical Hacking, Ethics, and Legality.
Software Security CSE 545 – Software Security Spring 2016 Adam Doupé Arizona State University
Ethical Hacking and Network Defense. Contact Information Sam Bowne Sam Bowne Website: samsclass.info Website:
9.1 Audience Appreciation
Department of Computer Science Introduction to Information Security Chapter 7 Activity Security Assessment Semester 1.
In order to attract quality traffic to a particular website it is very important to know which strategies to adopt, if one is creative enough they will.
Open Source Principles & Practices
Bug Bounty Hunting for Companies & Researchers
Computer Security Fundamentals
CSCI 392: Seminar in Computing and Society
Seminar On Ethical Hacking Submitted To: Submitted By:
Scams & Schemes Common Sense Media.
Developing Software Security Industry Tools
HACKING VS PENTESTING NURUL HAFIZAH HAZWNI BINTI HASHIM (MCS151019)
Legal challenges related to software vulnerability disclosure
Security Testing Methods
Module 3 (Ground Rules and Rules of Engagement)
Information Security.
Ethics CSE 591 – Security and Vulnerability Analysis Spring 2017
How to build a good reputation online
Sharing Images.
Chapter 11 crime and security in the networked economy
Ethical hacking
Coding - The Ultimate Survival Skill
Things to Check When Hiring the Best Mortgage Broker
Myths About Web Application Security That You Need To Ignore.
What You Should Know About Medical Office Construction
HOW MUCH PRICE OF DEVELOPING A CROSS-PLATFORM MOBILE APP?
Topic 5: Communication and the Internet
Spyware. By: Katheryn L. Gaston.
Security Essentials for Small Businesses
Network Security Best Practices
How to analyze the Cost of Cross- platform Mobile App Development?
Follow safety rules so that YOU: Avoid getting HURT.
Ethical Hacking.
A Gift of Fire Third edition Sara Baase
CULLEN ACHESON Samuel Garcia Zachary Blum
Week 11: Professional Ethics and Responsibilities
Ethical Hacking ‘Ethical hacking’ is the branch of computer science that involves cybersecurity and preventing cyberattacks. Ethical hackers are not malicious.
Digital Literacy Brayden Woerler.
THE TRUTH ABOUT INTERVIEWS
Vulnerability Reporting Process
Issues in Implementing Technology in Schools
Code vulnerabilities Vulnerabilities are mistakes, errors or weaknesses in a piece of software’s source code that can be directly used by a hacker to perform.
ECCouncil v10 Certified Ethical Hacker Exam (CEH V10) Get certified in one attempt!
Networks, Legal and Ethical Behaviors BSU CS4MS - 4/9/19
Presentation transcript:

Ethics CSE 545 – Software Security Spring 2018 Adam Doupé Arizona State University http://adamdoupe.com

Avoiding Jail Pretty easy, don't do anything illegal! What does this mean in a hacking context? Never hack into a system that you do not own or have permission Do not attempt to find vulnerabilities in a system that you do not own or have permission

Practicing Without Going to Jail Download source code onto a server/system that you control (assuming it is open-source) Only try to find vulnerabilities in a system that has a bug bounty program Become an academic We can sometimes do vulnerability analysis, however we are very careful to consider the ethical considerations before performing any analysis

Bug Bounty Programs A number of web sites have started to offer Bug Bounty programs They will give you money or fame in exchange for reporting security vulnerabilities to them Make sure that they also give you permission, and make sure you understand what is in scope Google, Facebook, AT&T, Coinbase, Etsy, Github, Heroku, Microsoft, Paypal, https://bugcrowd.com/list-of-bug-bounty-programs

Facebook Incident Security researcher found vulnerability in Facebook to post on anyone's wall Breakdown in communication with Facebook's security team Researcher decided to post on Mark Zuckerberg's wall to get attention about the vulnerability Ultimately, Facebook said that the researcher did not follow the policy and therefore was ineligible for bounty

Disclosure In case you do find a vulnerability in software, what is your responsibility? Tell the world (full disclosure) Tell the company/group responsible for the software (responsible disclosure) Sell the information to the grey or black market (no disclosure) Personal decision I believe in responsible disclosure, first disclosing to the company then releasing the information publically

Would You Hire a Hacker? Open problem and subject of much discussion Pros: "I want somebody who can find problems before the bad guys do" Skillful, motivated, etc. Cons: "I don’t want to hire an arsonist as a Fire Marshal" Problem with teamwork, may damage company, etc. In general assessment of personality is important (morals, ethics, attitude) And hackers ARE hired all the time How would you fire a hacker?

Legal Hacking: Penetration Testing Vulnerability analysis followed by exploitation Assumptions and hypothesis derived from the analysis are verified on the field It is usually "black-box" Penetration testing is part of the (larger) security auditing/analysis process Pentest/fix as a cycle is NOT a good way to ensure the security of a system A comprehensive security analysis process takes into account many other aspects (e.g., source code analysis, policy analysis, social engineering) For example: The Open-Source Security Testing Methodology http://www.isecom.org/research/osstmm.html

Discussion: Is Penetration Testing Useful?

Summary Proceed ethically Only attempt to find vulnerabilities in web applications that you either Control Have permission Jail is a possibility Also against ASU policy

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.