Web-Based Attacks: Offense Wild Wild West Bob, Jeff, and Junia.

Slides:



Advertisements
Similar presentations
Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Advertisements

BlueRedGreenPurpleOrange.
Vulnerability, Attack, Defense Split Tunneling Cross-Site Request Forgery And You Mary Henthorn OIT Senior Technology Analyst February 8, 2007.
Maximise Your Online Presence SEO & Social Media Strategies For Local Business Owners.
Software programs that enable you to view world wide web documents. Internet Explorer and Firefox are examples. Browser.
Jason Rich CIS  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.
Introduction Web Development II 5 th February. Introduction to Web Development Search engines Discussion boards, bulletin boards, other online collaboration.
UNIFORM RESOURCE LOCATOR (URL)
SEO PACKAGES. Types of Plans Starter Plan Business Plan Enterprises Plan.
Online Advertising By Paige Aspinall. What is Online Advertising?  Online advertising is a mean of promoting products and services using the internet.
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
Search Engine Optimization By Tom Fallenstein. Introduction Why you want high rankings Why you want high rankings Keywords Keywords Tools to help choose.
S.E.O. What we need to do for every site we build.
Quiz Review.
Norman SecureSurf Protect your users when surfing the Internet.
Threats to I.T Internet security By Cameron Mundy.
Internet Standard Grade Computing. Internet a wide area network spanning the globe. consists of many smaller networks linked together. Service a way of.
Protecting Yourself Online (Information Assurance)
Prevent Cross-Site Scripting (XSS) attack
WEB SECURITY WEEK 3 Computer Security Group University of Texas at Dallas.
Introduction to SEO August 2011 NowSourcing, Inc..
What’s Your Digital Marketing Strategy?. What is Digital Marketing? Computers Tablets Phones Social networks Traditional (Radio, TV) Ease of use.
OFF Page SEO Tips & Tricks Step By Step By IT Team of SlideLearn.com.
 A viruses is a program that can harm or track your computer. E.g. browser hijacker.  When a viruses accesses the computer it can accesses the HDD and.
 Two types of malware propagating through social networks, Cross Site Scripting (XSS) and Koobface worm.  How these two types of malware are propagated.
The Internet (World Wide Web) HTML The language use to format documents on the web ISP (Internet Service Provider ) A company that provides customer connections.
Objective Understand concepts used to web-based digital media. Course Weight : 5%
Chapter 18 Technology in the Workplace Section 18.2 Internet Basics.
Web Attacks— Offense… The Whole Story Yuri & The Cheeseheads Mark Glubisz, Jason Kemble, Yuri Serdyuk, Kandyce Giordano.
CCT355H5 F Presentation: Phishing November Jennifer Li.
Agenda Last class: Software Lab Today: More Computer Software –Web Browsers –Searching the Internet.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
SEO & Analytics The Grey and the Hard Numbers. Introduction  Build a better mouse trap and the world will beat a path to your door  Mouse Trap -> Website.
Internet 1) John R. Levine, Margaret Levine Young, The Internet for Dummies. Wiley Publishing, 12 th Edition, 2010.
Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected.
Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.
Blogging Webinar LEARN THE BENEFITS OF BLOGGING & HOW TO GET STARTED!
The World Wide Web. What is the worldwide web? The content of the worldwide web is held on individual pages which are gathered together to form websites.
Lesson 6, Unit 3 Using the Internet for Research Based on the Plan Ahead educational materials made available by Gap Inc. at and.
Vocabulary 3 Internet Vocabulary. internet A system that connects billions of computers around the world.
INTRODUCTION & QUESTIONS.
CSRF Attacks Daniel Chen 11/18/15. What is CSRF?  Cross Site Request Forgery (Sea-Surf)  AKA XSRF/ One Click / Sidejacking / Session Riding  Exploits.
Class Discussions Using Facebook Presentation By: Katie Rosko.
SEO and SEA Search engine optimization and Search engine advertising Wesley Lacroix IBK.
Cybersecurity Test Review Introduction to Digital Technology.
 Internet –INTERnational NETwork is the network of computer networks.  It is a Wide Area Network(WLAN).You can have unlimited access to internet. 
Vocabulary 2 Internet Vocabulary. online On the internet.
Maximizing Resort Image Better Your Winning Percentage Social Media, SEO and Booking Engines Give the House the Advantage Fermin Cruz Dial An Exchange.
 77.4% of the perpetrators are male.  50% live in one of the following states: California, New York, Florida, Texas, and Washington.  55.4% complainants.
● The most common website platform ● User friendly-easy to edit ● Constantly improving-updates, plugins, themes Why WordPress?
SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.
Who wants to be a Millionaire? Focus: The Internet.
Social Media Security: Understanding how to keep yourself safe.
ISYM 540 Current Topics in Information System Management
Software Applications for end-users
Internet LINGO.
Cross-Site Request Forgeries: Exploitation and Prevention
Best SEO Tips to Make Your Website Stand Out. SEARCH ENGINE OPTIMIZATION It is essential that you implement Search Engine Optimization strategies to make.
Risk of the Internet At Home
Riding Someone Else’s Wave with CSRF
Cross-Site Request Forgery (CSRF) Attack Lab
Web Security Advanced Network Security Peter Reiher August, 2014
Computer Security.
Agenda What is SEO ? How Do Search Engines Work? Measuring SEO success ? On Page SEO – Basic Practices? Technical SEO - Source Code. Off Page SEO – Social.
Objective Explain concepts used to create websites.
Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems
Internet Vocabulary Beth Felton McKelvey.
Cross Site Request Forgery (CSRF)
SEO Stats
Presentation transcript:

Web-Based Attacks: Offense Wild Wild West Bob, Jeff, and Junia

Agenda Weaknesses of the paper Attacks not mentioned Future Trends

Weaknesses of the paper

Web-based Attacks: White Paper or Infomercial…? Shameless plugs peppered throughout No mention of non-Symantec solutions, like desktop virtualization Well yes, but every body does it. How else would they get funded…

Vulnerability of web-based applications A topic for nerds, written by nerds… Technical aptitude is needed to even understand the challenge/threat This is likely one of the problems with getting people to pay attention to security

Compare with articles about ‘The Cloud’ Articles about ‘The Cloud’ get noticed by execs because it speaks to them You can find them in In-flight magazines Their message: A credit card, a few mouse clicks, and voila! Provisioned IT resources

Attacks not mentioned

New ways of getting you to a malicious site Blogs Social Networking url shortners Twitter and Facebook viruses exist

Google, How We Get To Most Sites: We trust Google! Search Engine Optimization(SEO) poisoning aims to boost malicious websites to the top of the list.

An Example of SEO Poisoning 1) Find a legitimate website (

An Example of SEO Poisoning 2) Compromise the website. Easy! 3) Submit a special url to a search engine “

??? ??? ??? ??? An Example of SEO Poisoning 4) When the search engine indexes this url a script is called. Change the page to add a bunch of hidden, relevant links. Get the keywords for these links from another search engine ??? “discover card” Discover Financial Services Discover Credit Cards Discover Card Facts Apply for a credit card

An Example of SEO Poisoning 5) Highly ranked “Discover Card Application” delivers malicious payload to people from Google. 6) Site looks normal to everyone else.

Attacking a website using Cross Site Forgery Cross-Site Reference Forgery XSRF CSRF Sea Surfing Session Riding Hostile Linking One-Click attacks A confused deputy attack on a website, where the website already trusts a user.

An Example of Cross Site Forgery Bob Frazer logs into Bankbank.com Bob then logs into FerrariOwnersClub.com Mal posts a bad link as his signature picture, which Bob loads. Bob, who is still logged into Bankbank, executes the request.

Attacking You Through Your Phone Not web based yet, but attackers are interested. Trojan- SMS.AndroidOS.FakePl ayer.a Sends texts without user’s knowledge to premium rate numbers. Android Spyware Tip Calculator

Attacking You Through Your Phone Symbian OS Skulls Worm:iOS/Ikee Proof of concept spreads through WiFi or 3G, sends financial information to server.

Future Trends

Future Trends - Users Increasingly young base users More online Edu-taiment/games More familiar and comfortable with the web world Less knowledgeable in security risk

Future Trends - Attacks Increase internet users Move IPv4 to IPv6 More attacks on the Web Servers More sophisticated hackers

Future Trends - Companies Focus more on Web Security Getting better in locking down the web

Future Trends - Cloud Computing Increase in IT budgets More Web-Applications hosted in the Cloud Lower cost comes higher security risk More complex Security

Future Trends - Browsers will be more responsible Google Chrome FireFox

Future Trends – Spams More legits

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.