Software Security Lecture 11 Fang Yu Dept. of MIS, National Chengchi University Spring 2011.

Slides:

Advertisements

Similar presentations

By Bruce Ellis Western Governors University. Demonstrate the need for updating information systems Build security awareness Inform management of the risk.

Advertisements

Course Overview CSE8313 Object-Oriented Analysis and Design Spring 2015 Dr. LiGuo Huang Dept. of Computer Science and Engineering Southern Methodist University.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Software Security Lecture 4 Fang Yu Dept. of MIS, National Chengchi University Spring 2011.

Professor Bill Lin Office hours: TBD, 4310 Atkinson Hall Lectures:

Software Security Lecture 9 Fang Yu Dept. of MIS, National Chengchi University Spring 2011.

Software Security Lecture 12 Fang Yu Dept. of MIS, National Chengchi University Spring 2011.

Software Security Lecture 8 Fang Yu Dept. of MIS, National Chengchi University Spring 2011.

Software Security Lecture 10 Fang Yu Dept. of MIS, National Chengchi University Spring 2011.

Software Security Lecture 0 Fang Yu Dept. of MIS National Chengchi University Spring 2011.

Software Security Lecture 6 Fang Yu Dept. of MIS, National Chengchi University Spring 2011.

Software Security Lecture 5 Fang Yu Dept. of MIS, National Chengchi University Spring 2011.

ACTIVE X By Ethan Huang. OUTLINE What is ActiveX? Component of ActiveX Why ActiveX? ActiveX and Java Security Issue.

CSE 305 Introduction to Programming Languages

Advance Security term paper Proposal Wei Huang Spring 2005.

Seminar on Rural Sustainability - A North American Perspective Alex Mayer, Michigan Technological University.

ENEE 408C Lab Capstone Project: Digital System Design Spring 2006 Class Web Site:

ELEC 7250 – VLSI Testing (Spring 2005) Place and Time: Broun 235, Tuesday/Thursday, 11:00AM—12:15PM Catalog data: ELEC VLSI Testing (3) Lec. 3. Pr.,

CSE 322: Software Reliability Engineering Topics covered: Course outline and schedule Introduction, Motivation and Basic Concepts.

Web Server Security By Michael Huang. Web Server Security - Background Experts gets hacked (AOL, MSN, FBI, CIA, etc…) Loss of Trade Secrets, Company Embarrassment,

Introduction to Artificial Neural Network and Fuzzy Systems

Project Management Take a Tour of the Online Course.

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Module 14: Configuring Print Resources and Printing Pools.

ENG3190 Logic Synthesis General Information Handout Winter 2014, January 7 th.

ENG3640 Micro Computer Interfacing General Information Handout Fall 2012, September 7 th ENG3640 Fall

Goals Approach Evaluation Intro to Python The two on-line sources Getting started with LPTHW.

Engineering Secure Software. Vulnerability of the Day  Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid,

Qing-Cai Chen; Xiao-Hong Yang; Xiao-Long Wang Machine Learning and Cybernetics (ICMLC), 2011 International Conference on Year: 2011, Page(s): 1878 – 1883.

Web Logic Vulnerability By Eric Jizba and Yan Chen With slides from Fangqi Sun and Giancarlo Pellegrino.

ARMENIA LAW AND HEALTH COURSES. 1. “HEALTH LAW,” Ministry of Health and National Institute of Health Goal- to introduce students to the legal issues that.

Cross Site Scripting and its Issues By Odion Oisamoje.

CS Welcome to CS 5383, Topics in Software Assurance, Toward Zero-defect Programming Spring 2007.

HOME AUTOMATION: WEB BASED CONTROL Anthony Campbell Eric Poynter EKU, Dept. of Technology Computer Electronic Networking.

By Davide Balzarotti Marco Cova Viktoria V. FelmetsgerGiovanni Vigna Presented by: Mostafa Saad.

GIS 1 GIS Tutorial, Third Edition PPD 631 – GIS for PPD Welcome! Bonnie Shrewsbury and Barry Waite - Instructors.

EECS 354: Network Security Group Members: Patrick Wong Eric Chan Shira Schneidman Web Attacks Project: Detecting XSS and SQL Injection Vulnerabilities.

Web Security. Introduction Webserver hacking refers to attackers taking advantage of vulnerabilities inherent to the web server software itself These.

Course Information CSE 2031 Fall Instructor U. T. Nguyen /new-yen/ Office: CSEB Office hours:  Tuesday,

Course Information CSE 2031 Fall Instructor U.T. Nguyen Office: CSE Home page:

Enumeration March 2, 2010 MIS 4600 – MBA © Abdou Illia.

GFI LANguard Matt Norris Dave Hone Chris Gould. GFI LANguard: Description Through the performances of the three (3) cornerstones of vulnerability management:

General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.

INT213 Active Server Pages using Visual Basic Scripting.

Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation Josh Windsor & Dr. Josh Pauli.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Course Information EECS 2031 Fall Instructor Uyen Trang (U.T.) Nguyen Office: LAS Office hours: 

WEB 434 Week 2 Individual Web Accessibility Standards Paper Individual Web Accessibility Standards Paper Prepare a 2-3 page paper that identifies web standards.

ACC 281 W EEK 4 F INAL P APER P REPARATION Check this A+ tutorial guideline at preparation.

Outline Securing your system before the IDS and some tools to help you

Group 18: Chris Hood Brett Poche

Course Information EECS 2031 – Section A Fall 2017.

COMP9024: Data Structures and Algorithms

Did to Do Plus Security and communication

Taking Cornell Notes.

E 96 Introduction to Engineering Design Peter Reiher UCLA

Battalion: Automating Recon

Course Overview CSE8313 Object-Oriented Analysis and Design

ARMENIA LAW AND HEALTH COURSES.

Case Project Presentation and Review Lecture 13

Web Application Security

Epidemiological Applications in Health Services Research

Engineering Secure Software

GTECH 709 Course web site How to navigate the course BlackBoard site

HOME AUTOMATION: WEB BASED CONTROL

Course Information EECS 2031 Fall 2016.

Engineering Secure Software

Week1 software - Lecture outline & Assignments

Tissue regeneration observed in a porous acellular bovine pericardium used to repair a myocardial defect in the right ventricle of a rat model Yen Chang,

Semantic Web Towards a Web of Knowledge - Outline

Presentation transcript:

Software Security Lecture 11 Fang Yu Dept. of MIS, National Chengchi University Spring 2011

Announcement  Next week, we will have an invited speaker Michael from Atonmix for the special lecture on iOS development.  For your projects:  “WebGoat Handbook”: Anthony Cimo, Alexis Kirat, Kuan-Ming Chen and I-Yang Dong  “Power Password Craking”:Juilette Maxime Lessing, Hsing Huang and Chen-Yi Yang  “Nmap Port Scan”: Jorina van Malsen, Eric Huang and Ruei-Chen Dai  “Static Analysis via Stranger”: Adam Fremd, Vincent Liou and Ruei-Jiun Liang

Announcement  Project presentation/tool demonstration  Prepare an hour presentation to summarize your project  6/1 : WebGoat, PCL  6/8: Namp, Stranger  Final report (~10 pages) and system/code is due on 6/15

Outline  I will present my paper “Patching Vulnerabilities with Sanitization Synthesis”  I will also introduce to you our tool “Stranger”  We will also have three paper discussions  Toward Automated Detection of Logic Vulnerabilities in Web Applications (by Eric),  Static Detection of Security Vulnerabilities in Scripting Languages (by Alex), and  Static Detection of Cross-site Scripting Vulnerabilities (by Juliette Lessing)