Software Security Lecture 6 Fang Yu Dept. of MIS, National Chengchi University Spring 2011.

Slides:

Advertisements

Similar presentations

SO YOU WANT TO BE A HACKER? Maybe not yet, but you will at the end of the hour!

Advertisements

The Threat Landscape Jan Threat Report 2.

Honeypots Presented by Javier Garcia April 21, 2010.

Software Security Lecture 4 Fang Yu Dept. of MIS, National Chengchi University Spring 2011.

Software Security Lecture 11 Fang Yu Dept. of MIS, National Chengchi University Spring 2011.

Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.

Automating Bespoke Attack Ruei-Jiun Chapter 13. Outline Uses of bespoke automation ◦ Enumerating identifiers ◦ Harvesting data ◦ Web application fuzzing.

Software Security Lecture 9 Fang Yu Dept. of MIS, National Chengchi University Spring 2011.

Into the Mind of the Hacker: Hands-On Web Application Hacking Adam Doupé University of California, Santa Barbara 4/23/12.

Software Security Lecture 12 Fang Yu Dept. of MIS, National Chengchi University Spring 2011.

Software Security Lecture 8 Fang Yu Dept. of MIS, National Chengchi University Spring 2011.

Software Security Lecture 10 Fang Yu Dept. of MIS, National Chengchi University Spring 2011.

Software Security Lecture 0 Fang Yu Dept. of MIS National Chengchi University Spring 2011.

Software Security Lecture 5 Fang Yu Dept. of MIS, National Chengchi University Spring 2011.

Mod Security (Is it worth it?) By Rich Helton. Abstract (see my paper for sources)  Based on statistics, Apache is the most used web server being used.

CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: Office.

Factors to be taken into account when designing ICT Security Policies

1 Session-13 CSIT 121 Spring 2006 Test-1 is on March 9 th ; Demo-5 due date extended to March 7 Test-1 is on March 9 th ; Demo-5 due date extended to.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Jan. 25, 2001CSci Clark University1 CSci 250 Software Design & Development Lecture #4 Thursday, Jan. 25, 2001.

Prophiler: A fast filter for the large-scale detection of malicious web pages Reporter : 鄭志欣 Advisor: Hsing-Kuo Pao Date : 2011/03/31 1.

Ligthning Velocity FREE

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Secure Software Development Mini Zeng University of Alabama in Huntsville 1.

STAY SAFE ONLINE. STAY SAFE ONLINE! PLEASE MAKE SURE YOU LOGIN AT THE CORRECT BANK URL / ADDRESS 1.NEVER LOGIN VIA LINKS 2.NEVER REVEAL YOUR PIN.

Library function automation and security System Customize existing Fully-featured Free and Open- Source Library Add RF Identification to the System to.

Computer Security Fundamentals Chuck Easttom Chapter 1 Introduction to to Computer Security.

Cross-Site Scripting Vulnerabilities Adam Doupé 11/24/2014.

Introduction to Software Testing Chapter 9.3 Challenges in Testing Software Test Criteria and the Future of Testing Paul Ammann & Jeff Offutt

Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.

Introduction to Network Security J. H. Wang Feb. 24, 2011.

Computer & Network Security

Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Network Security by Behzad Akbari Spring 2012 In the Name of the Most High.

CSCD 434 Network Security Spring 2014 Lecture 1 Course Overview.

Engineering Secure Software. Vulnerability of the Day  Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid,

BIT 115: Introduction To Programming Instructor: Jon Peck

CSCE 548 Building Secure Software. CSCE Farkas2 Reading This lecture: – McGraw: Chapter 1 – Recommended: CyberInsecurity: The Cost of Monopoly,

By Adam Barth, Joel Weinberger and Dawn Song.  Current JavaScript Security Model  Cross-Origin JavaScript Capability Leaks  Capability Leak Detection.

Introduction to Information Security J. H. Wang Sep. 18, 2012.

Module: Software Engineering of Web Applications Chapter 3: user-input-validation testing of web applications 1.

Computer Security By Duncan Hall.

Remove [Browser Hijackers] For more information regarding [Browser Hijackers] Please Visit:

Windows Vista Configuration MCTS : Internet Explorer 7.0.

Chapter 13 Network Security Auditing Antivirus Firewalls Authentication Authorization Encryption.

BUS 644 Week 2 Assignment Design of Work Systems Design of Work Systems. Read the “Making Hotplates” case. Answer questions 1-4 in a two to four (2-4)

BUS 660 Week 6 Assignment Research Paper To purchase this material link 660/BUS-660-Week-6-Assignment-Research- Paper.

CJA 314 Week 4 Learning Team Criminology in the Future Paper and Presentation (Preparation) To purchase this material link

CMGT 411 Week 3 Individual Attack Prevention Article Evaluation Using various Internet sources, find an article or website on attack prevention. Prepare.

CMGT 411 Week 4 DQ 2 As hackers keeps thinking of new ways to attack systems, what are some of the tools and techniques that experts believe will keep.

IT 244 Week 2 DQ 2 To purchase this material link 244-Week-2-DQ-2 For more courses visit our website

IT 244 Week 6 DQ 1 To purchase this material link Week-6-DQ-1 For more courses visit our website

IT 244 Week 6 DQ 3 To purchase this material link 244-Week-6-DQ-3 For more courses visit our website

IT 244 Week 8 DQ 2 To purchase this material link 244-Week-8-DQ-2 For more courses visit our website

IT 244 Week 8 DQ 3 To purchase this material link 244-Week-8-DQ-3 For more courses visit our website

IT 244 Week 8 DQ 5 To purchase this material link 244-Week-8-DQ-5 For more courses visit our website

LDR 300 Week 1 Individual Leadership and Management Paper To purchase this material link Week-1-Individual-Leadership-and-Management-

Internet Quarantine: Requirements for Containing Self-Propagating Code

CIS 333 Course Experience Tradition/ snaptutorial.com

CMGT 441 Competitive Success-- snaptutorial.com

CMGT 441 Education for Service-- snaptutorial.com

MGT 521 Week 4 Apply: Leadership Examination MGT 521 Entire Course Link *************************************

CMGT 441 Teaching Effectively-- snaptutorial.com

CMGT 441 Inspiring Innovation-- snaptutorial.com

CSCD 434 Network Security Spring 2012 Lecture 1 Course Overview.

Li Yang, Carson Woods (University of Tennessee at Chattanooga

Engineering Secure Software

CSCD 434 Network Security Spring 2019 Lecture 1 Course Overview.

Week1 software - Lecture outline & Assignments

CMGT 556 OUTLET best future education / cmgt556outlet.com.

Presentation transcript:

Software Security Lecture 6 Fang Yu Dept. of MIS, National Chengchi University Spring 2011

Outline  Today we will have Eric presenting how to attack application logic flaws (Ch10) and Rue-June presenting how to automating bespoke (custom made) attacks (Ch13)  We will also have Tony lead the discussion on the paper: Prophiler: a Fast Filter for the Large-Scale Detection of Malicious Web Page, WWW 2011  The course website : 

Next Week  We will have Hsin presenting Exploring Path Traversal (Chapter 10), Kuan-Ming presenting Hacker’s Toolkit (Chapter 19)  We will also have Adam lead the discussion on the paper: Protecting Browsers from Extension Vulnerabilities, NDSS 2010  We will also have the first tool presentation for Burp Intruder, which can help you to achieve automating bespoke attacks.