2009 Eighth International Conference on Networks 1 Speaker : Chang, Kun-Hsiang.

Slides:

Advertisements

Similar presentations

The GridSite Toolbar Shiv Kaushal The University of Manchester All Hands Meeting 2006.

Advertisements

The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

SmartSoft Network Solutions, Inc.  Project Presentation  21/12/2005.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Web 2.0 security Kushal Karanjkar Under guidance of Prof. Richard Sinn.

Malicious Attacks Angela Ku Adeline Li Jiyoung You Selena Yuen.

Location based social networking on Android phones – integrated with Facebook. Simple and easy to use.

Network Security Testing Techniques Presented By:- Sachin Vador.

Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.

Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

WHAT IS AJAX? Zack Sheppard [zts2101] WHIM April 19, 2011.

Circuit & Application Level Gateways CS-431 Dick Steflik.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

IBM Security Network Protection (XGS)

Beyond Security Ltd. Port Knocking Beyond Security Noam Rathaus CTO Sunday, July 11, 2004 Presentation on.

CLOUD COMPUTING.  It is a collection of integrated and networked hardware, software and Internet infrastructure (called a platform).  One can use.

Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky.

Happy Hacking HTML5! Group members: Dongyang Zhang Wei Liu Weizhou He Yutong Wei Yuxin Zhu.

When Good Services Go Wild: Reassembling Web Services for Unintended Purposes Feng Lu, Jiaqi Zhang, Stefan Savage UC San Diego.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )

Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

Introduction to Honeypot, Botnet, and Security Measurement

Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Open Web App. Purpose To explain Open Web Apps To explain Open Web Apps To demonstrate some opportunities for a small business with this technology To.

FIORANO FOR SAAS.  Fiorano addresses the need for integration technology that bridge the gap between SaaS providers and Consumers.  Fiorano enables.

Sharing Using Social Networks in a Composable Web of Things Presenter: Yong-Jin Jeong Korea University of Technology and Education.

 Two types of malware propagating through social networks, Cross Site Scripting (XSS) and Koobface worm.  How these two types of malware are propagated.

Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.

Implementing a Port Knocking System in C Honors Thesis Defense by Matt Doyle.

Introduction To Web Application Security in PHP. Security is Big And Often Difficult PHP doesn’t make it any easier.

1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

A Collaborative Cloud-Based Multimedia Sharing Platform for Social Networking Environments Speaker : Chang,Kun-Hsiang /11/$26.00 ©2011.

Qing-Cai Chen; Xiao-Hong Yang; Xiao-Long Wang Machine Learning and Cybernetics (ICMLC), 2011 International Conference on Year: 2011, Page(s): 1878 – 1883.

Cross Site Scripting and its Issues By Odion Oisamoje.

Introduction to Honeypot, measurement, and vulnerability exploits

Presented by Teererai Marange. Background Open SSL Hearbeat extension Heartbleed vulnerability Description of work Methodology Summary of results Vulnerable.

DM_PPT_NP_v01 SESIP_0715_JR HDF Server HDF for the Web John Readey The HDF Group Champaign Illinois USA.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Integration Framework: QRadar 7.2 MR1.

INTRODUCTION TO DBS Database: a collection of data describing the activities of one or more related organizations DBMS: software designed to assist in.

Module 7: Advanced Application and Web Filtering.

PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.

A Social Approach to Security: Using Social Networks to Help Detect Malicious Web Content Michael Robertson, Yin Pan, and Bo Yuan Department of Networking,

Authors: Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu University of British Columbia Annual Computer Security Applications Conference.

Chapter 14 Advanced Architectural Styles. Objectives Describe the characteristics of a distributed system Explain how middleware supports distributed.

Understand Malware LESSON Security Fundamentals.

Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure Paper By : V.T.Lam, S.Antonatos, P.Akritidis, K.G.Anagnostakis Conference : ACM.

1 #UPAugusta Today’s Topics What are Deadly IT Sins? Know them. Fear them. Fix them. #UPAugusta201 6.

Network Security SUBMITTED BY:- HARENDRA KUMAR IT-3 RD YR. 1.

Backdoor Attacks.

Speaker : YUN–KUAN,CHANG Date : 2009/11/17

Prepared By : Pina Chhatrala

Practical Censorship Evasion Leveraging Content Delivery Networks

Vulnerability Scanning with Credentials

0_kit End to End encryption in your app

Measuring and Mitigating OAuth Access Token Abuse by Collusion Networks Shehroze Farooqi1, Fareed Zaffar2, Nektarios Leontiadis3, Zubair Shafiq1 University.

Introduction to SQL Server 2000 Security

Cross Sight scripting: Type-2

Security in Networking

Nessus Vulnerability Scanning

Chap 10 Malicious Software.

Implementing Client Security on Windows 2000 and Windows XP Level 150

Chap 10 Malicious Software.

Presentation transcript:

2009 Eighth International Conference on Networks 1 Speaker : Chang, Kun-Hsiang

Outline Abstract APPLICATION TRUST ATTACK PROFILING SECURITY LEAKS 2

Abstract We created a Facebook application for demonstration purposes that on the surface is a simple application, but on the background it collects useful data, making it easy to attack against the user with malicious programs, showing the risks that these platform scan expose their users to. 3

4 NIELSEN’S TOP TEN SOCIAL NETWORKS (USA), APRIL 2008

APPLICATION TRUST application can spread through hundreds of users, attacker could easily take ad-vantage of. 5

ATTACK PROFILING In our work, we used the Attack API [2], which can be used very easily in order to scan open ports of a host and it provides the following function to scan hosts returning the open/closed status of the port being scanned. 6

ATTACK PROFILING At t a ckAPI. P o r t S c a n n e r. s c a n P o r t ( c a l l b a c k, t a r g e t, p o r t s [ i n d e x ], t ime o u t ) ; 7

ATTACK PROFILING 8

SECURITY LEAKS was because it is written in Javascript which is executed by the client, not the server doesn’t show his identityand the attack is made by an approved and authenticated application using Javascript less malicious traffic is made by the server, lowering its payload as well as the hiding the fingerprint of a possible attack 9

10