Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security. Security Flaws Errors that can be exploited by attackers Constantly exploited.

Published bySarah Perkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Security. Security Flaws Errors that can be exploited by attackers Constantly exploited."— Presentation transcript:

1 Security

2 Security Flaws Errors that can be exploited by attackers Constantly exploited

3 Database Breaches Sony PSN (2011) ~77 million users Target (2013) Reports of 40-110 million customers affected JP Morgan Chase (2014) ~76 million users Many others

4 SQL Allow anyone to get information about any user by UID $query = “SELECT name, email FROM user WHERE uid=‘” + $_POST[“UID”] + “’”; $query = “SELECT name, email FROM user WHERE uid=‘295081754966’”; … “Jesse Hartloff”, “hartloff@buffalo.edu”

5 SQL Attack Attacker wants all emails to send spam Needs to know every UID Can brute force UID’s – Easy to detect – Stop taking requests from same IP $query = “SELECT name, email FROM user WHERE uid=‘” + $_POST[“UID”] + “’”;

6 SQL Injection “Uh oh” Returns every users’ name and email address Spammers rejoice! $query = “SELECT name, email FROM user WHERE uid=‘” + $_POST[“UID”] + “’”; $query = “SELECT name, email FROM user WHERE uid=‘’ OR ‘12’=‘12’”;

7 SQL Injection $query = “SELECT name, email FROM user WHERE uid=‘” + $_POST[“UID”] + “’”; $query = “SELECT name, email FROM user WHERE uid=‘’; DROP TABLE users; SELECT * FROM passwords WHERE ‘12’=‘12’”

8 SQL Injection - Prevention Validate user inputs Use language functions to clean inputs Prevents most attacks Still one of the most common software attacks

9 SQL Injection

10 Buffer Overflow “In every sufficiently large C program” char values[80]; values = inputFromUser(); Intended functionality – User can input any data in the array User can input data larger than 80 char’s – Very bad! User can write anything in the memory after the end of the array – Control statement that runs malicious code

11 More C Code … memcpy(bp, pl, payload); … User supplies pl and payload – pl : User supplied data – payload: size of pl Copy payload bytes of data from pl to bp Send bp back to the user

12 More C Code memcpy(bp, pl, payload); User supplies – pl = “information”; – payload = 11; User receives 11 bytes of data containing “information”

13 More C Code memcpy(bp, pl, payload); User supplies – pl = “”; – payload = 2000; User receives 2000 bytes of server data – Whatever happened to be sitting in bp when its memory was allocated

14 Heartbleed memcpy(bp, pl, payload); This line of code was found in OpenSSL – Security protocol used extensively across the internet This line was in a function called heartbeat – Heartbleed bug

15

16 Secure Communication RSA – Public key encryption – Factoring is hard We hope SSH – Setting up git without HTTPS – Need to upload public key – Used to connect to CSE servers – Not built into Windows (PuTTY)

17 Secure Hashing One way function Easy to compute hash Computationally infeasible to inverse Small input space leads to lack of security – Weak passwords – Brute force search Dictionary attack Rainbow table Avalanche effect

18 Passwords and Hashing SHA256 hash of my password 1906bc7c801f03c41551b06e2fd406e8f4717 87c51357e8731ec61dd599f04c8 SHA256 hash of my password with 1 edit 6410ef0d3a6d3324fcba02131e5742215c993 01055398a75457a27ac89dffb5f Inputs must match exactly

19 Network Attacks Man-in-the-middle – Where does security start? – What if someone replaces your public key while you’re uploading – Intercept all communication and replace with their own Replay attack – Resend observed network traffic

20 Virus - Biology Needs a host to reproduce Contains DNA or RNA Protective coating of proteins

21 Virus - Computer Needs a host to reproduce Contains code (not genetic) Packaged as a program

22 Computer Viruses Once it finds a host – Reproduce and spread – Often has a mission Motivation – Senseless destruction? A good virus does not kill it’s host – Revenge? Sometimes – Challenge? Seems legit – Financial? BotNet

23 BotNet Scenario Legit company hires an ad agency – Pays per click – Pays for traffic Ad agency maliciously controls a BotNet Puts BotNet to work spreading spam and clicking links Ad agency cashes big checks Motivation to keep hosts alive and healthy

24 DoS – Denial of Service Attack Spam a site to shut it down Simplest version is easy to detect – Many requests from a single IP – Stop taking requests from that IP More dangerous with IP-SpoofingIP-Spoofing – Spoofing detection is possible With a BotNet – Distributed DoS (DDos)

25 Social Engineering The most vulnerable point in a well-designed security system? – Humans

26 Challenge HTML/PHP code injection

Download ppt "Security. Security Flaws Errors that can be exploited by attackers Constantly exploited."

Similar presentations

Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.

1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.

WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.

Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Threats and Attacks Principles of Information Security, 2nd Edition

Threats and Attacks Principles of Information Security, 2nd Edition
Virtual Private Networks Shamod Lacoul CS265 What is a Virtual Private Network (VPN)? A Virtual Private Network is an extension of a private network.

Virtual Private Networks Shamod Lacoul CS265 What is a Virtual Private Network (VPN)? A Virtual Private Network is an extension of a private network.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.
University of Calgary – CPSC 441.  The field of network security is about:  how bad guys can attack computer networks  how we can defend networks against.

University of Calgary – CPSC 441.  The field of network security is about:  how bad guys can attack computer networks  how we can defend networks against.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Similar presentations

Ads by Google