NKU James Walden Director of the CIS

Slides:



Advertisements
Similar presentations
Welcome to Middleware Joseph Amrithraj
Advertisements

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Hands on Demonstration for Testing Security in Web Applications
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Barracuda Web Application Firewall
OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.
Chapter 7 HARDENING SERVERS.
INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.
Database Connectivity Rose-Hulman Institute of Technology Curt Clifton.
M ERP (Enterprise Resources Planning) M ERP (Enterprise Resources Planning) Session 7 - ERP Technology Ir. Ekananta Manalif, MM, MKom (D2664)
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
SNA, Step 2, 10/31 Survivable Network Analysis Oracle Financial Management Services Ali Ardalan Qianming “Michelle” Chen Yi Hu Jason Milletary Jian Song.
Client – Server Architecture A Basic Introduction Kathleen R. Murray, Ph.D. May 2002.
ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.
Databases and the Internet. Lecture Objectives Databases and the Internet Characteristics and Benefits of Internet Server-Side vs. Client-Side Special.
Chapter 4: Core Web Technologies
Networked Application Architecture Design. Application Building Blocks Application Software Data Infrastructure Software Local Area Network Server Desktop.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Database Architecture Introduction to Databases. The Nature of Data Un-structured Semi-structured Structured.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University
Web 2.0 Security James Walden Northern Kentucky University.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.
M1G Introduction to Database Development 6. Building Applications.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 23 How Web Host Servers Work.
Software Security Testing Vinay Srinivasan cell:
Introduction to Barracuda IM Firewall. Two Security Products in One Public IM Management –Manages traffic from public IM clients, including AIM, Yahoo!
Client – Server Architecture. Client Server Architecture A network architecture in which each computer or process on the network is either a client or.
SIGITE 2008: Oct Integrating Web Application Security into the IT Curriculum James Walden Northern Kentucky University.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Mainframe (Host) - Communications - User Interface - Business Logic - DBMS - Operating System - Storage (DB Files) Terminal (Display/Keyboard) Terminal.
All Input is Evil (Part 1) Introduction Will not cover everything Healthy level of paranoia Use my DVD Swap Shop application (week 2)
Database Security and Data Protection Suseel Pachalla, CISSP.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
What is a Database? SECTION 1. Database Technology and its Evolution Decades long evolution Early data processing systems Today's systems New technology.
October 3, 2008IMI Security Symposium Application Security through a Hacker’s Eyes James Walden Northern Kentucky University
SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.
PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
System Center Lesson 4: Overview of System Center 2012 Components System Center 2012 Private Cloud Components VMM Overview App Controller Overview.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
Louisiana Tech Capstone Submitted by Capstone 2010 Cyber Security Situational Awareness System.
Part V Electronic Commerce Security Online Security Issues Overview Managing Risk Computer Security Classifications. Security.
WEB SERVER SOFTWARE FEATURE SETS
Week1: Introduction to Computer Networks. Copyright © 2012 Cengage Learning. All rights reserved.2 Objectives 2 Describe basic computer components and.
Client – Server Architecture A Basic Introduction 1.
Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
Information Security Trend, Threats & Challenges Dr. Mohsen Kahani APA Lab, Ferdowsi Univ. of Mashhad
 Abstract  Introduction  Literature Survey  Conclusion on Literature Survey  Threat model and system architecture  Proposed Work  Attack Scenarios.
Database and Cloud Security
Manuel Brugnoli, Elisa Heymann UAB
Web Application Protection Against Hackers and Vulnerabilities
Penetration Testing following OWASP
practice-questions.html If you Are Thinking about your dumps? Introduction:
Defense in Depth Web Server Custom HTTP Handler Input Validation
Unit 1.6 Systems security Lesson 2
IS 4506 Server Configuration (HTTP Server)
Tiers vs. Layers.
Chapter 13 Security Methods Part 3.
Designing IIS Security (IIS – Internet Information Service)
Electronic Payment Security Technologies
Security: Attacks & Countermeasures
IS 4506 Configuring the FTP Service
Presentation transcript:

NKU James Walden Director of the CIS

We all have Assets

Who are the threats? Hacktivists VandalsCriminals Spies

Components of Security Integrity ConfidentialityAvailability

States of Information 1.Storage: information in permanent storage (disk or tape) that is not currently being accessed. 2.Processing: information in memory (RAM or cache) that is currently being used by a program. 3.Transmission: information in transit between one node and another on a network.

Attack Surface System surface The attack surface of a system consists of the ways in which a threat can enter the system. 1. Methods 2. Channels 3. Data Attacks Entry/Exit Points Methods are code components that receive input. Channels are avenues of communication (sockets, environment, keyboard, files, etc.) Data are the actual input strings.

Automotive Attack Surface

Firewalls reduce Attack Surface Firewall Port 80 HTTP Traffic Web Client Web Server Application Database Server telnet ftp

Vulnerabilities

SQL Injection – Illustrated Firewall Hardened OS Web Server App Server Firewall Databases Legacy Systems Web Services Directories Human Resrcs Billing Custom Code APPLICATION ATTACK Network Layer Application Layer Accounts Finance Administration Transactions Communication Knowledge Mgmt E-Commerce Bus. Functions HTTP request  SQL query  DB Table   HTTP response   "SELECT * FROM accounts WHERE acct=‘’ OR 1=1-- ’" 1. Application presents a form to the attacker 2. Attacker sends an attack in the form data 3. Application forwards attack to the database in a SQL query Account Summary Acct: Acct: Acct: Acct: Database runs query containing attack and sends encrypted results back to application 5. Application decrypts data as normal and sends results to the user Account: SKU: Account: SKU

Malware

Malware is a Growing Threat

Botnets

CAE in IA/CD Center of Academic Excellence in – Information Assurance and – Cyber Defense Only CAE in Kentucky; only IA/CD in region. Benefits – Scholarship for Service program eligibility. – Employers look for CAE graduates. – Cybersecurity certificate.

Cybersecurity Certificate INF 282: Introduction to Databases BIS 382: Principles of Information Security CIT 247: Networking Fundamentals CIT 371: UNIX Systems CIT 480: Securing Computer Systems CIT 481: Cybersecurity Capstone

Ugrad Cybersecurity Classes CSC 482: Computer Security CSC 483: Cryptology CIT 430: Computer Forensics CIT 480: Securing Computer Systems CIT 481: Cybersecurity Capstone CIT 484: Network Security BIS 382: Principles of Information Security

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.