Presentation is loading. Please wait.

Presentation is loading. Please wait.

MIS 5212.001 Week 7 Site:

Published byRandell Harrison Modified over 9 years ago

Similar presentations

Presentation on theme: "MIS 5212.001 Week 7 Site:"— Presentation transcript:

1 MIS 5212.001 Week 7 Site: http://community.mis.temple.edu/mis5212sec001s15/ http://community.mis.temple.edu/mis5212sec001s15/

2  In the news  Presentations (2)  More Walk Through of WebGoat  Next Week 2MIS 5212.001

3  Submitted  http://arstechnica.com/security/2015/02/lenovo-pcs- ship-with-man-in-the-middle-adware-that-breaks-https- connections/ http://arstechnica.com/security/2015/02/lenovo-pcs- ship-with-man-in-the-middle-adware-that-breaks-https- connections/  http://www.darkreading.com/vulnerabilities--- threats/insider-threats/from-hacking-systems-to- hacking-people-/a/d-id/1319195 http://www.darkreading.com/vulnerabilities--- threats/insider-threats/from-hacking-systems-to- hacking-people-/a/d-id/1319195  http://solutions.3m.com/wps/portal/3M/en_US/3MSc reens_NA/Protectors/Industries/VisualHackingExperim ent/?WT.mc_id=www.3Mscreens.com/visualhacking http://solutions.3m.com/wps/portal/3M/en_US/3MSc reens_NA/Protectors/Industries/VisualHackingExperim ent/?WT.mc_id=www.3Mscreens.com/visualhacking  http://news.sky.com/story/1432853/10000-drivers-in- parking-ticket-data-breach http://news.sky.com/story/1432853/10000-drivers-in- parking-ticket-data-breach  http://thehackernews.com/2015/02/track-smartphone- location.html http://thehackernews.com/2015/02/track-smartphone- location.html MIS 5212.0013

4  Submitted  http://www.securityweek.com/attackers-increase-use- powershell-wmi-evade-detection-mandiant http://www.securityweek.com/attackers-increase-use- powershell-wmi-evade-detection-mandiant  http://thehackernews.com/2015/02/vulnerable- operating-system.html?m=1 http://thehackernews.com/2015/02/vulnerable- operating-system.html?m=1  http://threatpost.com/google-pwnium-program-now- open-all-year/111251 http://threatpost.com/google-pwnium-program-now- open-all-year/111251  http://www.darkreading.com/analytics/threat- intelligence/cybercrime-cyber-espionage-tactics- converge/d/d-id/1319203?print=yes http://www.darkreading.com/analytics/threat- intelligence/cybercrime-cyber-espionage-tactics- converge/d/d-id/1319203?print=yes  http://redmondmag.com/blogs/the-schwartz- report/2015/02/lenovo-betrayed-customer-trust.aspx http://redmondmag.com/blogs/the-schwartz- report/2015/02/lenovo-betrayed-customer-trust.aspx MIS 5212.0014

5  What I noted  http://krebsonsecurity.com/2015/02/turbotaxs-anti- fraud-efforts-under-scrutiny/ http://krebsonsecurity.com/2015/02/turbotaxs-anti- fraud-efforts-under-scrutiny/  http://www.itworld.com/article/2887795/nsa-director- wants-govt-access-to-encrypted-communications.html http://www.itworld.com/article/2887795/nsa-director- wants-govt-access-to-encrypted-communications.html  http://www.theregister.co.uk/2015/02/24/anthem_data _breach_broadens/ http://www.theregister.co.uk/2015/02/24/anthem_data _breach_broadens/  http://www.theregister.co.uk/2015/02/24/redmond_bo ffins_build_exploit_kit_coffins/ http://www.theregister.co.uk/2015/02/24/redmond_bo ffins_build_exploit_kit_coffins/  http://www.theregister.co.uk/2015/02/24/samba_remo te_execution_vuln/ http://www.theregister.co.uk/2015/02/24/samba_remo te_execution_vuln/  http://www.theregister.co.uk/2015/02/23/hp_hack_vul nerable_threat_study/ (2-4 Yr Old Hacks) http://www.theregister.co.uk/2015/02/23/hp_hack_vul nerable_threat_study/ MIS 5212.0015

6 6

7  Access Control Flaws  Stage 1  Stage 2  Authentication Flaws  Cross-Site Scripting  Phishing  Stage 1  Stage 5  Reflected XSS Attacks  Improper Error Handling  Fail Open Authentication Scheme MIS 5212.0017

8  Injection Flaws:  Command Injection: " & netstat -ant & ifconfig“  Numerical SQL Injection: or 1=1  Log Spoofing  XPATH Injection  String SQL Injection  Modifying Data with SQL Injection  Adding Data with SQL Injection  Blind Numeric SQL Injection  Blind String SQL Injection MIS 5212.0018

9  In the news  More Walkthrough of WebGoat MIS 5212.0019

10 ? 10

Download ppt "MIS 5212.001 Week 7 Site:"

Similar presentations

Webgoat.

Webgoat.
Preventing Web Application Injections with Complementary Character Coding Raymond Mui Phyllis Frankl Polytechnic Institute of NYU Presented at ESORICS.

Preventing Web Application Injections with Complementary Character Coding Raymond Mui Phyllis Frankl Polytechnic Institute of NYU Presented at ESORICS.
Closing the Gap: Analyzing the Limitations of Web Application Vulnerability Scanners David Shelly Randy Marchany Joseph Tront Virginia Polytechnic Institute.

Closing the Gap: Analyzing the Limitations of Web Application Vulnerability Scanners David Shelly Randy Marchany Joseph Tront Virginia Polytechnic Institute.
Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.

Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.
Hands on Demonstration for Testing Security in Web Applications

Hands on Demonstration for Testing Security in Web Applications
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
How Did I Steal Your Database Mostafa

How Did I Steal Your Database Mostafa
-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.

-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.

It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Information Networking Security and Assurance Lab National Chung Cheng University WebGoat.

Information Networking Security and Assurance Lab National Chung Cheng University WebGoat.
Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.

Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.
Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software

Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
Web Application Security

Web Application Security
Workshop 3 Web Application Security Li Weichao March 14 2014.

Workshop 3 Web Application Security Li Weichao March
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers.
MIS 5211.001 Week 11 Site:

MIS Week 11 Site:

Similar presentations

Ads by Google