QR Phishing Detection Aslihan Duman STM Savunma Teknolojileri Mühendislik ve Ticaret A.S. Role: S/T provider DS-01-2016: Assurance and.

Slides:

Advertisements

Similar presentations

Chapter 17: WEB COMPONENTS

Advertisements

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

Michelle J. Gosselin, Jennifer Schommer Guanzhong Wang.

Lesson 4: Web Browsing.

This paper states that one of the major problem to the adoption of cloud computing is that of security.  Existing cloud computing problem or concerns.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Interface Programming 1 Week 15. Interface Programming 1 CALENDAR.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

By Swapnesh Chaubal Rohit Bhat. BEAST : Browser Exploit Against SSL/TLS Julianno Rizzo and Thai Duong demonstrated this attack.

CSCI 6962: Server-side Design and Programming

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Intranet, Extranet, Firewall. Intranet and Extranet.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

USCGrid A (Very Quick) Introduction To PubCookie

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

Security Awareness: Applying Practical Security in Your World Chapter 4: Chapter 4: Internet Security.

Security Mark A. Magumba. Definitions Security implies the minimization of threats and vulnerabilities A security threat is a harmful event or object.

Browser Security Evaluation IE6 vs. IE7 vs. Firefox 3.0 Gowri Kanugovi.

Client Side Vulnerabilities Aka, The Perils of HTTP Lesson 14.

Geneva, Switzerland, September 2014 Identity Based Attestation and Open Exchange Protocol (IBOPS) Scott Streit Chief Scientist.

Types of Electronic Infection

CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.

Grid Chemistry System Architecture Overview Akylbek Zhumabayev.

SEC835 Runtime authentication Secure session management Secure use of cryptomaterials.

Module 5: Configuring Internet Explorer and Supporting Applications.

Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.

A Quick Insight Paper about phishing attacks based on usability study Users required to classify websites as fraudulent/legitimate using security tools.

Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training WatchGuard XCS What’s New in version 10.1.

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

Headings are defined with the to tags. defines the largest heading. defines the smallest heading. Note: Browsers automatically add an empty line before.

Creating Web Page Forms COE 201- Computer Proficiency.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

Copyright © The OWASP Foundation This work is available under the Creative Commons SA 2.5 license The OWASP Foundation OWASP Denver February 2012.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Web Security.

COEN 350: Network Security E-Commerce Issues. Table of Content HTTP Authentication Cookies.

Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()

Developing Big Data and Data Fusion Methods for Maritime Security Applications Aslihan Duman STM Savunma Teknolojileri Mühendislik ve.

© 2006, iPolicy Networks, Inc. All rights reserved. Security Technology Correlation Proneet Biswas Sr. Security Architect iPolicy Networks

ITMT Windows 7 Configuration Chapter 7 – Working with Applications.

Stuff to memorise… "A method tells an object to perform an action. A property allows us to read or change the settings of the object."

Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.

SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

Successfully Implementing The Information System Systems Analysis and Design Kendall and Kendall Fifth Edition.

Data Analytics and Fusion for Early Warning and Prevention Against Radicalization in the EU Aslihan Duman STM Savunma Teknolojileri Mühendislik.

Web Applications Security Cryptography 1

Online Social Network: Threats &

Manuel Brugnoli, Elisa Heymann UAB

Web Application Vulnerabilities, Detection Mechanisms, and Defenses

Section 6.3 Server-side Scripting

Security: Exploits & Countermeasures

Lesson 4: Web Browsing.

Introducing Umbraco Latch

Ways to Secure CMS Websites. The most widely used Content Management Systems are Wordpress, Joomla and Drupal as per statistics. The highest CMS platforms.

Digital Certificate Based Security Payment for QR Code Applications

Web Systems Development (CSC-215)

Lesson 4: Web Browsing.

AGMLAB Information Technologies

Security: Exploits & Countermeasures

Electronic Payment Security Technologies

Presentation transcript:

QR Phishing Detection Aslihan Duman STM Savunma Teknolojileri Mühendislik ve Ticaret A.S. Role: S/T provider DS : Assurance and Certification for Trustworthy and Secure ICT systems, services and components SMIG January

Expertise/technology content Recently, the usage of Quick Response (QR) codes is increasing. While QR codes make easier data access, it brings vulnerabilities on safety. The concern is that there is not an authentication mechanism which ensures that QR code and the content is matching. Since QR codes is not human readable, users can not know the actual content of the QR codes, they can be directed to harmful web sites or contents (phishing pages). Most of the QR code scanners are using the default browser of the system and these scanners connect to the URL, predefined in the QR code, automatically. Therefore, these type of attacks (QR phishing) can by pass most of the security precautions of the system. Precautions for QR phishing : We are working on two main solutions for QR phishing attacks. Development of an application which will run middle on the browser and the scanner, this application will connect to the server, access the data and open the content in a sandbox to ensure any attack can not by pass the security precautions. Redefinition of QR code’s security specifications. SMIG January

İn the following expertise/technology/ field: Elliptic Curve Encryption Algorithm SMIG January Looking for partners