Download presentation
Presentation is loading. Please wait.
1
CS144: Security
3
Smart Card
4
OTP card
5
Buffer Overflow Attack main() { if (login()) start_session(); return 0; } login() { char passwd[10]; gets(passwd); return (strcmp(passwd, "mypasswd") == 0); } start_session() {... }
6
Client State Manipulation …
7
SQL/Command Injection “SELECT name, price FROM product WHERE id =“ + user_input + “;” system(“cp file1.dat” + user_input);
8
SQL Prepared Statement PreparedStatement s = db.prepareStatement("SELECT * from Product WHERE id = ?"); s.setInt(1, Integer.parseInt(user_input)); ResultSet rs = s.executeQuery();
9
Cross Site Scripting (XSS) Welcome to $user_name$ ’s profile …
10
Cross Site Request Forgery (XSRF) The user visited http://victim.com beforehttp://victim.com The user is at http://evilsite.com nowhttp://evilsite.com <input type=“hidden” name=“newpassword” value=“hacked”> document.hack.submit()
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.