Web Technologies for Social Networking Dr Dan Everett Master of Internet Technology program University of Georgia, US.

Slides:



Advertisements
Similar presentations
HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
Advertisements

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
How Did I Steal Your Database Mostafa
Advantage Data Dictionary. agenda Creating and Managing Data Dictionaries –Tables, Indexes, Fields, and Triggers –Defining Referential Integrity –Defining.
-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.
An Overview of Database Access on the Web An Overview of Database Access on the Web Using ASP and Microsoft Database Technology Sheffield Hallam University.
Input Validation For Free Text Fields ADD Project Members: Hagar Offer & Ran Mor Academic Advisor: Dr Gera Weiss Technical Advisors: Raffi Lipkin & Nadav.
Web-Enabling the Warehouse Chapter 16. Benefits of Web-Enabling a Data Warehouse Better-informed decision making Lower costs of deployment and management.
Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.
Sql Server Advanced Features MIS 424 Professor Sandvig.
CVS Reporting Design Daniel Vikström: Project manager / cvs manager / PDF imp. / cvsql interface design. Carmine Protano: Webb & PDF design & imp. Francesco.
1 Web Database Processing. Web Database Applications Static Report Publishing a report is prepared from a database application and exported to HTML DB.
CSCI 6962: Server-side Design and Programming Course Introduction and Overview.
+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.
An anti-hacking guide.  Hackers are kindred of expert programmers who believe in freedom and spirit of mutual help. They are not malicious. They may.
Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.
Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.
CSCI 6962: Server-side Design and Programming Secure Web Programming.
About Dynamic Sites (Front End / Back End Implementations) by Janssen & Associates Affordable Website Solutions for Individuals and Small Businesses.
Web Based Inventory Site Building Room Asset Number Category Type Description Serial Number Manufacturer Model Vendor Name Acquired Date P O Number Budget.
1 PHP and MySQL. 2 Topics  Querying Data with PHP  User-Driven Querying  Writing Data with PHP and MySQL PHP and MySQL.
AMNESIA: Analysis and Monitoring for NEutralizing SQL- Injection Attacks Published by Wiliam Halfond and Alessandro Orso Presented by El Shibani Omar CS691.
November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University
Architecture Planning and designing a successful system Use tried and tested techniques Easy to maintain Robust and long lasting.
SQL Server 2000 Acropolis Institute of Technology and Research Database fundamentals Prepared By: Rahul Patel.
Web Application Security ECE ECE Internetwork Security What is a Web Application? An application generally comprised of a collection of scripts.
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.
1 IT420: Database Management and Organization Database Security 5 April 2006 Adina Crăiniceanu
We will cover in this lecture A first look at issues related to Security Maintenance Scalability Simple Three Tier Architecture Module Road Map Assignment.
Okalo Daniel Ikhena Dr. V. Z. Këpuska December 7, 2007.
Login to a Database (from a Webpage), Inserting data into a database from a form, getting data from database and display on Webpage Done by: Mashail Alsolamy.
SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.
Aniket Joshi Justin Thomas. Agenda Introduction to SQL Injection SQL Injection Attack SQL Injection Prevention Summary.
Web Applications Testing By Jamie Rougvie Supported by.
By Sean Rose and Erik Hazzard.  SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.
Web Server Administration Chapter 7 Installing and Testing a Programming Environment.
GOAL User Interactive Web Interface Update Pages by Club Officers Two Level of Authentication.
Web Application Vulnerabilities ECE 4112 Internetwork Security, Spring 2005 Chris Kelly Chris Lewis April 28, 2005 ECE 4112 Internetwork Security, Spring.
2. SQL Security Objectives –Learn SQL Server 2000 components Contents –Understanding the Authentication Process –Understanding the Authorization Process.
Microsoft Management Seminar Series SMS 2003 Change Management.
PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.
Controlling Web Site Access Using Logins CS 320. Basic Approach HTML form a php page that collects the username and password  Sends them to second PHP.
Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.
Database Security Lesson Introduction ●Understand the importance of securing data stored in databases ●Learn how the structured nature of data in databases.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
Michael Dalton, Christos Kozyrakis, and Nickolai Zeldovich MIT, Stanford University USENIX 09’ Nemesis: Preventing Authentication & Access Control Vulnerabilities.
Extended DISC Online System User Instruction: How to Review Completed Reports.
ASP. ASP is a powerful tool for making dynamic and interactive Web pages An ASP file can contain text, HTML tags and scripts. Scripts in an ASP file are.
INFO 344 Web Tools And Development CK Wang University of Washington Spring 2014.
February 26, 2008 Andy Chang · Osei Simba Hinds · Rachal Royce.
Web Applications on the battlefield Alain Abou Tass.
Error-based SQL Injection
Apache Struts Technology A MVC Framework for Java Web Applications.
Introduction to MySQL  Working with MySQL and MySQL Workbench.
ADVANCED SQL.  The SQL ORDER BY Keyword  The ORDER BY keyword is used to sort the result-set by one or more columns.  The ORDER BY keyword sorts the.
Stuff to memorise… "A method tells an object to perform an action. A property allows us to read or change the settings of the object."
Stuff to memorise… "A method tells an object to perform an action. A property allows us to read or change the settings of the object."
Introduction SQL Injection is a very old security attack. It first came into existence in the early 1990's ex: ”Hackers” movie hero does SQL Injection.
SQL INJECTION Diwakar Kumar Dinkar M.Tech, CS&E Roll Diwakar Kumar Dinkar M.Tech, CS&E Roll
Group 18: Chris Hood Brett Poche
Web Application Security
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
Introduction to Dynamic Web Programming
SQL INJECTION ATTACKS.
Computer Security Fundamentals
Student: Salman Shtayeh
Database Driven Websites
Chapter 13 Security Methods Part 3.
Lecture 2 - SQL Injection
Security - Forms Authentication
Presentation transcript:

Web Technologies for Social Networking Dr Dan Everett Master of Internet Technology program University of Georgia, US

Two big questions

Outline of this talk

The Great Development Debate: 1950's – 1970's Import-substitution development strategy vs Export-led development strategy

Thomas Friedman, Apostle of Neoliberalism

What is a social networking site?

Some social networking projects done by the MIT program An organization of volunteers building a community playground Caregivers of autistic individuals Practitioners of child law Students preparing for careers as health care executives

Facebook

Communities of practice

Communities of Practice, Social networking sites, and Ontologies

A spectrum of tools for building social networks

Content management system: A web site whose information content is stored in a database An engine to dynamically generate pages from the stored content An administrator who designs the layout, monitors site content, and assigns roles to users

Taiwanese government site

Site for Web Programmers

A Jordanian Drupal site

Drupal useful features

Vulnerability to an SQL injection attack Consider a Web site that responds to an input form providing two user-entered values, login- name and my_pwd. The server program inserts these user- suppled values into an SQL query: “Select userName from User where login='login- name' and password='my_pwd'” If this query returns a result, the user is valid.

The Evil Hacker strikes! The Evil Hacker enters the following values into the form: Your login name: login-name Your password: my_pwd'; update User set password='my_pwd

The Evil Hacker strikes! The server is deceived into executing this: “Select userName from User where login='login-name' and password='my_pwd'; update User set password='my_pwd'” The server changes the password of every user into the evil hacker's password!

Scripting languages

Java-based Web Apps

Model-View-Controller Architecture

Automated Unit Testing

J2EE – adding Enterprise Beans

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.