Web Applications Security Seminar David Evans University of Virginia 28 August 2007.

Slides:



Advertisements
Similar presentations
Welcome to the seminar course
Advertisements

Year 4 Eagles and Parrots Welcome Evening. Year 4 Staff Eagles ~ Miss Eames Parrots ~ Mrs. Palmer Supported By: Mrs. Howard, Mrs. Long and Mrs. Smith.
Suggestion #1 Richard Gonzalez. What do I what to bring to this semester from the last one ? Why ?  I wanted to bring to this semester from the previous.
Peer-led instruction for a qualifying exam preparatory course or: How I learned to stop worrying and love the Ph.D. qualifying exam Warren Christensen.
Class 1 Background, Tools, and Trust CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman
1 i206: Distributed Computing Applications & Infrastructure 2012
1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (
CptS 401, Fall /28/2010 Welcome to Term Project Teambuilding Day! 1 Are you here? A: Yes.
Computers in Society Encryption. Shameless Plug Catch the kayak club trip to Glenwood on Saturday. Fun!
213: User Interface Design & Development Professor: Tapan Parikh TA: Eun Kyoung Choe
Welcome to CS 450 Internet Security: A Measurement-based Approach.
Administrivia Turn in ranking sheets, we’ll have group assignments to you as soon as possible Homeworks Programming Assignment 1 due next Tuesday Group.
Approaches to Representing and Recognizing Objects Visual Classification CMSC 828J – David Jacobs.
Welcome to CS 395/495 Measurement and Analysis of Online Social Networks.
Welcome to CS 395/495 Internet Architectures. What is this class about? (1) Goal: to help you understand what the future Internet will look like –What.
Camps Planning, organizing, and running camps for elementary and middle school students. Nancy Moyers John Nguyen.
Outreach at the NGS Gillian Sinclair NGS Liaison Officer.
Contacting the UCO Help Desk Welcome to English 101! This brief lesson will explain options for receiving technical support as you participate in this.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
First... Background Topics Schedule Self Study Me Willem de Bruijn PhD candidate at Vrije Universiteit.
COMP Introduction to Programming Yi Hong May 13, 2015.
Hello and Welcome! This brief walkthrough is designed to help you become familiar with the ALEKS program and how it will be used in this class. It will.
Year 2 Phoenix & Flamingos Welcome Evening. Year 2 Staff Phoenix ~ Miss Kitchener Class Teacher Flamingos ~ Mrs Tatford Class Teacher Miss Crowhurst Miss.
James Tam CPSC 203: Introduction To Computers (Independent Study) James Tam.
Bell Activity Please fill out the “Student Information Sheet”. Please answer the questions on the “Student Interest Survey” (on the back of the “Student.
Welcome to BMMS Open House Mrs. Jackson 6 th Grade English.
The Protection of Information in Computer Systems Part I. Basic Principles of Information Protection Jerome Saltzer & Michael Schroeder Presented by Bert.
Peer-led instruction for a qualifying exam preparatory course or: How I learned to stop worrying and love the Ph.D. qualifying exam Warren Christensen.
How to start Milestone 1 CSSE 371 Project Info There are only 8 easy steps…
Dana Nau: CMSC 722, AI Planning Licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License:
CSci8211: Logistics1 CSci8211: Advanced Computer Networks and Their Applications aka Basic Architecture, Mechanisms and Research Issues in Emerging Software-
1 Student Orientation. Hello and Welcome! This brief walkthrough is designed to help you become familiar with the ALEKS program and how it will be used.
WELCOME TO UNIT 1. Tonight’s Agenda Tonight I am going to review the following topics with you: The syllabus, the expectations for the course, we will.
CS 494 Web Development Class Size: Winter, 214: 97 Spring, 214: 81 Summer, 2014: 69.
CS 6961: Structured Prediction Fall 2014 Course Information.
Course Information Sarah Diesburg Operating Systems COP 4610.
Welcome to Mrs. Raines’ Algebra I Class! Conference period: 2 nd period Tutoring: Tuesday AM 6:45-7:15.
Introduction to CS Senior Design Project I / II Prof. Dr. H. Altay Güvenir.
CS 858 – Hot Topics in Computer and Communications Security Winter 2009 Introduction.
Welcome to EECS 395/495 Networking Problems in Cloud Computing.
David Evans Nate Paul Anh Nguyen-Tuong CS851: Malware University of Virginia Computer Science Malware Seminar Fall 2004.
Welcome to Academic Strategies CS Janine Przybyl "When there is a start to be made, don't step over! Start where you are." ~Edgar Cayce.
PRESENTATIONS RB, p MK, p.181. CONTENT DELIVERY % % ?
Fall 2015 Don Perry ECON 201 Introduction to Microeconomics.
How can students study ESL at home? Presented by FACE DL Program Welcome to Distance Learning! Rev 09/2014.
1 Student Orientation. Hello and Welcome! This brief walkthrough is designed to help you become familiar with the ALEKS program and how it will be used.
Fall 2008CS 334: Computer SecuritySlide #1 Design Principles Thanks to Matt Bishop.
SHAPE THE WORLD. WEB DEVELOPMENT.
W ELCOME TO 3 RD G RADE ! Get ready for a challenging year!
June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Winter 2015 Don Perry ECON 202 Introduction to Macroeconomics.
Advances in Cloud Computing CIS6930/CIS4930
Welcome to EECS 395/495 Online Advertising: A Systems Approach.
WELCOME NU 499 Capstone Professor Tina Vaughn MSN-RN-C Kaplan University 2011.
Web Design Monday, February 11 Bell Work ◦ Explain what functionality is Essential Question ◦ How can I tell if a site has good design or poor design?
Interviewing The art of productive listening. Interviewing A conversation with a purpose (Lindloff and Taylor, 2011, pp ).
Week 2: Interviews. Definition and Types  What is an interview? Conversation with a purpose  Types of interviews 1. Unstructured 2. Structured 3. Focus.
Slide #13-1 Design Principles CS461/ECE422 Computer Security I Fall 2008 Based on slides provided by Matt Bishop for use with Computer Security: Art and.
Software Security II Karl Lieberherr. What is Security Enforcing a policy that describes rules for accessing resources. Policy may be explicit or implicit.
1 Saltzer [1974] and later Saltzer and Schroeder [1975] list the following principles of the design of secure protection systems, which are still valid:
1 Design Principles CS461 / ECE422 Spring Overview Simplicity  Less to go wrong  Fewer possible inconsistencies  Easy to understand Restriction.
Welcome... Hello Class, I want to remind you that I am here to assist you with any questions or concerns you have about the class. Feel free to contact.
Web Syndication Formats Seminar Week 1 Old Dominion University Department of Computer Science CS 791/891 Spring 2008 Michael L. Nelson 1/16/08.
Web Application Development Instructor: Matthew Schurr Please sign in on the sheet at the front of the room when you arrive.
Welcome to EECS 395/495 Networking Problems in Cloud Computing
Developing Web-Based Applications
Technologies of Google Seminar Week 1
Presentation transcript:

Web Applications Security Seminar David Evans University of Virginia 28 August 2007

2 Welcome! Brief Seminar Intro Sign Up Sheets

3 Do Web Applications Change Security?

4 No perimeters HTTP = UFBP

5 Dynamic Rapidly Changing Distributed State

6 Composed content Complex trust models Personal Information

7 (This is a hoax) Real money from virtual actions Competition, fraud, incentives

8 Some things don’t change? Most Classic Security Principles Still Apply (but get much harder...) –Economy of Mechanism –Fail-safe Defaults –Complete Mediation –Open Design –Least Privilege –Psychological Acceptability –Least Common Mechanism –Separation of Privilege Saltzer & Schroeder, The Protection of Information in Computer Systems, 1973

9 Seminar Expectations You already know something about security –Basic understanding of cryptography (e.g., public key crypto, SSL) –System and software security Minimal web application knowledge expected –Java, AJAX, JavaScript, PHP, Python, Ruby

10 Seminar Meetings Tuesdays and Thursday, 11am-12:15 One student (with help from an assistant) will lead a presentation on a topic All students will read focus paper(s)

11 Leading a Topic Topic leader and assistant Focus paper (sometimes two) Background and context papers, other sources, “hands-on” experience Meet with me at least a week before your scheduled presentation –Office Hours: Mondays 10:30am, Tuesdays 12:15pm (or to schedule other time)

12 Pre-Presentation Meeting Plan for your presentation –What is the main story you want to tell? –What technical nuggets are worth explaining? –What context and background information do you need? Suggestions for the 2-3 response questions

13 Responses Short answers to questions about the focus paper –3 generic questions –1-3 specific questions –Feel free to add any additional brilliant ideas you have Turn in (on paper) at beginning of seminar Come prepared to the seminar to discuss the paper

14 Projects Goal: do something interesting and important enough to write a conference paper Teams: alone or in a small group Topic: anything you can convince me is relevant and worthwhile Start thinking of ideas, finding teammates now: mini-proposal due Oct 2

15 Questions? Sign up on registration sheet Sign up on schedule sheet: –One time as topic leader –One time as assistant –Don’t need to fill in topic now Thursday: MashupOS –Response questions on website

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.