MIDN Zac Dannelly. May 2009: President's 60-day Cyberspace Policy Review – "expand and train the workforce” May 2010: The Ad Hoc Committee on Cyber Security.

Slides:

Advertisements

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Advertisements

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

17 th ACM CCS (October, 2010).  Introduction  Threat Model  Cross-Origin CSS Attacks  Example Attacks  Defenses  Experiment  Related Work 2 A Presentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

By Raymond Greenlaw United States Naval Academy, Annapolis, Maryland Chiang Mai University, Chiang Mai, Thailand Ray gratefully acknowledges partial support.

-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.

Getting Started in Blackboard. You will need… A web browser, preferably Internet Explorer, version 4.0 or higher An account and the knowledge of.

August 15 click! 1 Basics Kitsap Regional Library.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

Chapter 6: Hostile Code Guide to Computer Network Security.

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

Secure Software Development Mini Zeng University of Alabama in Huntsville 1.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.

Prevent Cross-Site Scripting (XSS) attack

CSCI 6962: Server-side Design and Programming Secure Web Programming.

Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.

INE1020 Introduction to Internet Engineering Tutorial 8 All about Lab 6.

Internet Security for Small & Medium Business Week 6

Introduction to Network Security J. H. Wang Feb. 24, 2011.

Security Planning and Administrative Delegation Lesson 6.

Anatomy, Dissection, and Mechanics of an Introductory Cyber-Security Course’s Curriculum at the United States Naval Academy By Raymond Greenlaw.

Section 2 Section 2.1 Identify hardware Describe processing components Compare and contrast input and output devices Compare and contrast storage devices.

Identity on Force.com & Benefits of SSO Nick Simha.

An Introduction to Web-Supplemented Blackboard Sites Connie Cerniglia X 2259 Spring 2003.

All Input is Evil (Part 1) Introduction Will not cover everything Healthy level of paranoia Use my DVD Swap Shop application (week 2)

Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.

Computer Labs Orientation September 2003 Prepared by Computer Services.

Electronic Security Initiative 2005 Security Assessment & Security Services 23 August 2005.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Awicaksi E-Commerce Security & Payment System E-Commerce.

PHP Error Handling & Reporting. Error Handling Never allow a default error message or error number returned by the mysql_error() and mysql_errno() functions.

© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.

SCSC 455 Computer Security Chapter 3 User Security.

INFO 344 Web Tools And Development CK Wang University of Washington Spring 2014.

Koji OKAMURA Cybersecurity Center, Kyushu University Advanced Cybersecurity Education Course Program using Cyber Range.

 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.

By Collin Donaldson. Hacking is only legal under the following circumstances: 1.You hack (penetration test) a device/network you own. 2.You gain explicit,

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Understanding Security Policies Lesson 3. Objectives.

SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.

Understanding Security Policies

Group 18: Chris Hood Brett Poche

CSCE 548 Student Presentation Ryan Labrador

Tonga Institute of Higher Education IT 141: Information Systems

SQL Server Security & Intrusion Prevention

Instructor Materials Chapter 5 Providing Network Services

Web Application Vulnerabilities, Detection Mechanisms, and Defenses

Technology Vocabulary Words

Password Management Limit login attempts Encrypt your passwords

Lesson Objectives Aims You should be able to:

Database Driven Websites

Adaptive Authentication

HTML Forms and User Input

Unit 7 NT1330 Client-Server Networking II Date: 7/26/2016

Web Systems Development (CSC-215)

Tonga Institute of Higher Education IT 141: Information Systems

An Introduction to Web Application Security

Tonga Institute of Higher Education IT 141: Information Systems

PLANNING A SECURE BASELINE INSTALLATION

Unit 32 Every class minute counts! 2 assignments 3 tasks/assignment

How to Reset a Forgotten Windows Live Hotmail Password? | Call

Unit 1.6 Systems security Lesson 1

Presentation transcript:

MIDN Zac Dannelly

May 2009: President's 60-day Cyberspace Policy Review – "expand and train the workforce” May 2010: The Ad Hoc Committee on Cyber Security Curriculum Options August 22, 2011: First day of class; SI110 begins.

Educate each Midshipman about: 1.Cyber infrastructure and embedded systems 2.Inherent cyber vulnerabilities and threats 3.Appropriate defensive security procedures Thereby enabling them to make principled decisions regarding the potential benefits, consequences, and risks.

Introduction to Cyber Security – Technical Foundations Semester long (16-week) 3 credit course More than 1,000 students per year – Mandatory for graduation across all majors Precursor to EC 310 Applications of Cyber Engineering

Cyber Battlefield Introduction to Cyber Security Digital Data Hardware Operating Systems Web Networking Cyber Battlefield Introduction to Cyber Security Digital Data Hardware Operating Systems Web Networking Cyber Security Tools Encryption Hashing & Passwords Cryptography in Practice Firewalls Steganography Cyber Security Tools Encryption Hashing & Passwords Cryptography in Practice Firewalls Steganography Cyber Operations Forensics: Digital Forensics Reconnaissance Attack Defense Case Studies Cyber Operations Forensics: Digital Forensics Reconnaissance Attack Defense Case Studies

An XKCD-style password generator: The hard-to-remember passwords we're all using are not that secure and hard to remember. Choose four random words and sticking them together instead. This tool generates such a password for you. An XKCD-style password generator: The hard-to-remember passwords we're all using are not that secure and hard to remember. Choose four random words and sticking them together instead. This tool generates such a password for you.

CSS and webpage design is left up to instructor

Hands-On Collaborative Adaptive

“The omission of password rules provides us with a good teaching opportunity to discuss the utility of such password rules: length of password, use of special symbols, uppercase letters, characters different from last password, and so on. ” “Users do not want to have to enter credentials to the browser each time that they make a request to a web server. “ “The omission of password rules provides us with a good teaching opportunity to discuss the utility of such password rules: length of password, use of special symbols, uppercase letters, characters different from last password, and so on. ” “Users do not want to have to enter credentials to the browser each time that they make a request to a web server. “

“The instructor then begins announcing the passwords for every student by reading the webserver log for the server running on the instructor computer, demonstrating another weakness in authentication.” “To end the lab, the instructor discusses the importance of sanitizing inputs and how to accomplish this task by escaping the symbols used to denote HTML tags, the symbols. “ “The instructor then begins announcing the passwords for every student by reading the webserver log for the server running on the instructor computer, demonstrating another weakness in authentication.” “To end the lab, the instructor discusses the importance of sanitizing inputs and how to accomplish this task by escaping the symbols used to denote HTML tags, the symbols. “

“The professor sends an with an enticing HTML attachment to an unsuspecting student, or to all students in the section. When a student opens the attachment, the student’s message-board login credentials are used to post a message to the message board. For example, a message is posted as follows: Student: My professor is a real doofus!”

Students look at code to make website and answer: “Is there a file mentioned within the mb.cgi script that might be of interest?” Students look at code to make website and answer: “Is there a file mentioned within the mb.cgi script that might be of interest?” rockyou.com break yielded 40 million user passwords that were stored all in an accessible plaintext file Case Study

INJECTION ATTACKS AND CROSS_SITE SCRIPTING USERS/PASSWORDS AND AUTHENTICATION

“There is no exaggerating our dependence on DoD’s information networks for command and control of our forces, the intelligence and logistics on which they depend, and the weapons technologies we develop and field.” Quadrennial Defense Review

CAPT Paul J. Tortora, USN (ret.) Director, Center for Cyber Security Studies 117 Decatur Ave, Leahy Hall, Room 304 United States Naval Academy Annapolis Md MIDN 1/C Zac Dannelly |