Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software and its Discontents

Published byJennifer Carson Modified over 6 years ago

Similar presentations

Presentation on theme: "Software and its Discontents"— Presentation transcript:

1 Software and its Discontents

2 The Trouble with Software
Software is hard Correction: software is very hard Most security problems are due to buggy code cybersec

3 Why is Software Hard? Computers interpret instructions literally
They do this whether or not those instructions are sensible Programs today are huge—and any small error can result in a software problem cybersec

4 Why Do Programmers Starve to Death in the Shower?
See the instructions on the shampoo bottle: Lather Rinse Repeat cybersec

5 A Common Bug: Buffer Overflow
What if you fill out the form online and enter a too-long date? It overflows into the “Official Use Only” area… cybersec

6 Another Common Bug: SQL Injection
( And see cybersec

7 SQL Injection Example Consider the SQL command select where user= "%s" && query= "%s" where the first %s is the user’s login and the second is a user-entered query. If query is foo" || user= "target the resulting SQL command is select where user="uname" && query = "foo" || user= "target" cybersec

8 It’s the Services That Get You
The more functionality a computer provides over the Internet, the more vulnerable it is We will never escape this trap completely Note that everything is a computer: your phone, your car (probably has computers), your USB stick, your disk drive, and more Plus, everything else on the “Internet of Things”: vacuum cleaners, light bulbs, thermostats, toothbrushes, forks, pacemakers, and more cybersec

Download ppt "Software and its Discontents"

Similar presentations

Lesson 6. The Computer Operation Computer Operating Systems GUI vs. Command line The Microsoft Windows Family File Systems – How Computers Manage Data.

Lesson 6. The Computer Operation Computer Operating Systems GUI vs. Command line The Microsoft Windows Family File Systems – How Computers Manage Data.
-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.

-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.
Computer Components.

Computer Components.
Introduction The concept of “SQL Injection”

Introduction The concept of “SQL Injection”
Finding Security Errors in Java Applications Using Lightweight Static Analysis Benjamin Livshits Computer Science Lab Stanford University.

Finding Security Errors in Java Applications Using Lightweight Static Analysis Benjamin Livshits Computer Science Lab Stanford University.
Why Security Testing Is Hard Herbert H. Thompson Presenter: Alicia Young.

Why Security Testing Is Hard Herbert H. Thompson Presenter: Alicia Young.
Software and Software Vulnerabilities. Synopsis Array overflows Stack overflows String problems Pointer clobbering. Dynamic memory management Integer.

Software and Software Vulnerabilities. Synopsis Array overflows Stack overflows String problems Pointer clobbering. Dynamic memory management Integer.
Chapter 9 Security 9.4 - 9.6 Authentication Insider Attacks Exploiting Code Bugs.

Chapter 9 Security Authentication Insider Attacks Exploiting Code Bugs.
Peter Torres, Tim Poley CS526 Spring 2009.  What is SQL Injection?  Basic Example  Case Studies  Defensive Techniques  Demo.

Peter Torres, Tim Poley CS526 Spring  What is SQL Injection?  Basic Example  Case Studies  Defensive Techniques  Demo.
Robofest 2001 Online Management System Jim Needham MCS 4833/01 Senior Project Dr. Chan-Jin Chung, Ph.D.

Robofest 2001 Online Management System Jim Needham MCS 4833/01 Senior Project Dr. Chan-Jin Chung, Ph.D.
SQL Injection and Buffer overflow

SQL Injection and Buffer overflow
UQC113S2 Interrupt driven IO. We have already seen the hardware support required to facilitate interrupts We will now look at the higher levels of software.

UQC113S2 Interrupt driven IO. We have already seen the hardware support required to facilitate interrupts We will now look at the higher levels of software.
Presented By: Shashank Bhadauriya Varun Singh Shakti Suman.

Presented By: Shashank Bhadauriya Varun Singh Shakti Suman.
Adding UCB This will show you how to register for a UCB.

Adding UCB This will show you how to register for a UCB.
SQL Injection Timmothy Boyd CSE 7330.

SQL Injection Timmothy Boyd CSE 7330.
Lesson 4 Computer Software

Lesson 4 Computer Software
Types of Operating System

Types of Operating System
An anti-hacking guide.  Hackers are kindred of expert programmers who believe in freedom and spirit of mutual help. They are not malicious. They may.

An anti-hacking guide.  Hackers are kindred of expert programmers who believe in freedom and spirit of mutual help. They are not malicious. They may.
Standard Grade Computing System Software & Operating Systems.

Standard Grade Computing System Software & Operating Systems.
Making a great Project 2 OCR 1994/2360. User Documentation Your User Documentation is the instructions for how to use the system you have created It is.

Making a great Project 2 OCR 1994/2360. User Documentation Your User Documentation is the instructions for how to use the system you have created It is.

Similar presentations

Ads by Google