Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ethics CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University

Published byMarvin Hearrell Modified over 9 years ago

Similar presentations

Presentation on theme: "Ethics CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University"— Presentation transcript:

1 Ethics CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University http://adamdoupe.com

2 Adam Doupé, Security and Vulnerability Analysis

3 Albert Gonzalez

4 Adam Doupé, Security and Vulnerability Analysis Albert Gonzalez He and his crew used SQL injection vulnerabilities to steal credit cards Total stolen ~ 170 million credit cards Responsible for –Dave & Busters (May 2008) –TJ Maxx (May 2008) –Heartland Payment (August 2009) On March 25 th, 2010 he was sentenced to 20 years in federal prison

5 Adam Doupé, Security and Vulnerability Analysis Avoiding Jail Pretty easy, don't do anything illegal! What does this mean in a hacking context? –Never hack into a site that you do not own or have permission –Do not attempt to find vulnerabilities in a site that you do not own or have permission

6 Adam Doupé, Security and Vulnerability Analysis Practicing Without Going to Jail Download website source onto a server that you control (assuming the website is open- source) Only try to find vulnerabilities in a site that has a bug bounty program Become an academic –We can sometimes do vulnerability analysis, however we are very careful to consider the ethical considerations before performing any analysis

7 Adam Doupé, Security and Vulnerability Analysis Bug Bounty Programs A number of web sites have started to offer Bug Bounty programs They will give you money or fame in exchange for reporting security vulnerabilities to them –Make sure that they also give you permission, and make sure you understand what is in scope Google, Facebook, AT&T, Coinbase, Etsy, Github, Heroku, Microsoft, Paypal, –https://bugcrowd.com/list-of-bug-bounty-programs

8 Adam Doupé, Security and Vulnerability Analysis Facebook Incident Security researcher found vulnerability in Facebook to post on anyone's wall Breakdown in communication with Facebook's security team Researcher decided to post on Mark Zuckerberg's wall to get attention about the vulnerability Ultimately, Facebook said that the researcher did not follow the policy and therefore was ineligible for bounty

9 Adam Doupé, Security and Vulnerability Analysis

10

11 Disclosure In case you do find a vulnerability in software, what is your responsibility? –Tell the world (full disclosure) –Tell the company/group responsible for the software (responsible disclosure) –Sell the information to the grey or black market (no disclosure) Personal decision –I believe in responsible disclosure, first disclosing to the company then releasing the information publically

12 Adam Doupé, Security and Vulnerability Analysis Summary Proceed ethically Only attempt to find vulnerabilities in web applications that you either –Control –Have permission Jail is a possibility Also against ASU policy

Download ppt "Ethics CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University"

Similar presentations

Part I: Making Good Online Choices

Part I: Making Good Online Choices
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Implications and Security Issues of the Internet By Neelesh Patel.

Implications and Security Issues of the Internet By Neelesh Patel.
Black, White, Grey Hat Hackers Not all hackers are bad…which one’s which?

Black, White, Grey Hat Hackers Not all hackers are bad…which one’s which?
Clickjacking CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University

Clickjacking CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University
Victoria ISD Common Sense Media Grade 6: Scams and schemes

Victoria ISD Common Sense Media Grade 6: Scams and schemes
Information Security Jim Cusson, CISSP. Largest Breaches 110,000 2009-11-27 NorthgateArinso, Verity Trustees 6,400 2009-11-25 Aurora St. Luke's Medical.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
 Identity theft is the taking of one’s personal information and using it for yourself. Usually for illegal reasons. Though its all illegal if you even.

 Identity theft is the taking of one’s personal information and using it for yourself. Usually for illegal reasons. Though its all illegal if you even.
INTERNET SAFETY.

INTERNET SAFETY.
What is identity theft, and how can you protect yourself from it?

What is identity theft, and how can you protect yourself from it?
Ethical Hacking Pratheeba Murugesan. HACKER AENDA  What is Ethical Hacking?  Who are ethical hackers?  Every Website-A Target  Get out of jail free.

Ethical Hacking Pratheeba Murugesan. HACKER AENDA  What is Ethical Hacking?  Who are ethical hackers?  Every Website-A Target  Get out of jail free.
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
Internet Safety/Cyber Ethics

Internet Safety/Cyber Ethics
Security for Internet Every Day Use Standard Security Practices and New Threats.

Security for Internet Every Day Use Standard Security Practices and New Threats.
The Hacker Mindset CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University

The Hacker Mindset CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University
Into the Mind of the Hacker: Hands-On Web Application Hacking Adam Doupé University of California, Santa Barbara 4/23/12.

Into the Mind of the Hacker: Hands-On Web Application Hacking Adam Doupé University of California, Santa Barbara 4/23/12.
Web Security Model CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University

Web Security Model CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University
Staying Safe, Having Fun, And Cruising The ‘Net Daniel Owens IT Security Professional.

Staying Safe, Having Fun, And Cruising The ‘Net Daniel Owens IT Security Professional.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
Scams Stevie's Scam School videos

Scams Stevie's Scam School videos

Similar presentations

Ads by Google