it s worth a shot
play

Its worth a shot. https://youtu.be/7W5au-IJUEc Approach 1. What - PowerPoint PPT Presentation

Apr 30, 2023 •9 likes •199 views

Its worth a shot. https://youtu.be/7W5au-IJUEc Approach 1. What created the vulnerability. 2. How the vulnerability is exploited. 3. How to protect yourself. Web 2.0 What could possibly go wrong?! Servers send HTML and JS to clients

  1. It’s worth a shot. https://youtu.be/7W5au-IJUEc

  2. Approach 1. What created the vulnerability. 2. How the vulnerability is exploited. 3. How to protect yourself.

  3. Web 2.0 What could possibly go wrong?! Servers send HTML and JS to clients ● Clients execute JS that changes the ● DOM and makes requests back to the server HTML, CSS, JS Server Bingo

  4. Authentication Username and password… easy. Usually requires a username and password ● What kinds of passwords are acceptable? ● How should we send the username and password? ● How should we store and validate the username and password? ●

  5. Authentication Don’t store passwords in plaintext ● Hash! ●

  6. Authentication Password Storage random salt hash Hash password salt+hash function

  7. Authentication Password Validation salt Hash password salt+hash function hash to hash check Are hashed passwords match? uncrackable? No!

  8. Authentication Encryption We’re hashing passwords, so do we need encryption? ● We sure do! ● Thanks! Bongo HTTP POST Server salt+hash username, password Bingo

  9. Authentication Tokens We don’t want people to have to constantly log in ● We need to give the client a token that they can use to prove ● that they have authenticated successfully HTTPS POST username, password Server token Bingo

  10. Authentication Tokens Bongo fake Must identify the user ● token Must be signed with the server’s private key ● nope token Server OK Bingo

  11. SQL Injection What happens when name is “ or “” = “ ●

  12. SQL Injection Solving the problem. Blacklist certain characters ● Whitelist certain characters ● Use prepared statements ●

  13. Cross-site Scripting (XSS) Just stick to the script. www.bongo.com Stored XSS ● Check this out! Reflected XSS ● www.bank.com/profile?name=<script>...

  14. Cross-site Scripting (XSS) Protection. Sanitize inputs ● Escape HTML ● Use auto-escaping framework like React or Vue.js ●

  15. Cookies Just maintain state! No problem! HTTP is stateless ● Cookies are used to maintain state ● Store session information ○ Store user preferences ○ Track your every move... ○

  16. Cross-site Request Forgery (CSRF) It really wasn’t me this time. Your browser automatically attaches cookies to requests to the ● domain they came from

  17. Cross-site Request Forgery (CSRF) www.bongo.com malicious GET content www.bongo.com transfer <cookie> Server OK Bingo

  18. Cross-site Request Forgery (CSRF) Prevention. Don’t use GET to modify state ● Hidden nonces in forms ● Use Samesite cookies ● Check the origin or referer of the request ●

  19. Honorable Mentions Containers ● Metasploit (penetration testing): www.metasploit.com ● OWASP (web application security): www.owasp.org ● WebGoat: github.com/WebGoat/WebGoat ●

Recommend

Your Health is Worth A Shot Arpita Jindani Program Manager Immunization Initiative Partnership

Your Health is Worth A Shot Arpita Jindani Program Manager Immunization Initiative Partnership

Your Health is Worth A Shot Arpita Jindani Program Manager Immunization Initiative Partnership for Maternal and Child of Northern New Jersey by by Demographic Target Tweens and adolescents have low awareness regarding the need for

434 views • 17 slides
Kigali a fjlm by Andy Amadi Okoroafor Synopsis Kigali, Rwanda. For hot-shot expats, there are

Kigali a fjlm by Andy Amadi Okoroafor Synopsis Kigali, Rwanda. For hot-shot expats, there are

Kigali a fjlm by Andy Amadi Okoroafor Synopsis Kigali, Rwanda. For hot-shot expats, there are three things worth doing in the capital city: closing deals, partying, and playing moto polo the Rwandan-invented version of polo that substitutes

1.39k views • 7 slides
Fort Worth Public Art a City of Fort Worth Program Fort Worth Public Art (FWPA) FWPA

Fort Worth Public Art a City of Fort Worth Program Fort Worth Public Art (FWPA) FWPA

Fort Worth Public Art a City of Fort Worth Program Fort Worth Public Art (FWPA) FWPA established by City Ordinance in 2001 Funded by 2% of Bond Programs (Streets and Transportation 1%) City Council-appointed Fort Worth Art Commission

163 views • 15 slides
SHOT Brand Price NOTES WEST COAST MAGNUM SIZES 4 - 9 $ 39.20 Eagle shot prices may not be

SHOT Brand Price NOTES WEST COAST MAGNUM SIZES 4 - 9 $ 39.20 Eagle shot prices may not be

SHOT Brand Price NOTES WEST COAST MAGNUM SIZES 4 - 9 $ 39.20 Eagle shot prices may not be stable as prices are set when $ 37.20 EAGLE SHOT SIZES 7.5, 8.5, 9 supplier receives from Peru SPARTAN MAGNUM SHOT SIZES 7.5, 8.5, 9 $ 40.50

298 views • 6 slides
A New Vision of Assessment Texts Worth Reading Problems Worth Solving Tests Worth Taking NCSA

A New Vision of Assessment Texts Worth Reading Problems Worth Solving Tests Worth Taking NCSA

A New Vision of Assessment Texts Worth Reading Problems Worth Solving Tests Worth Taking NCSA June 2013 1 PARCC States PARCC Priorities 1. Determine whether students are college and career ready or on track 2. Connect to the Common Core

423 views • 41 slides
Zero-Shot Learning for Word Translation: Successes and Failures Ndapa Nakashole, University of

Zero-Shot Learning for Word Translation: Successes and Failures Ndapa Nakashole, University of

Zero-Shot Learning for Word Translation: Successes and Failures Ndapa Nakashole, University of California, San Diego 05 June 2018 Outline Introduction Successes Limitations 2 Zero-shot learning Zero-shot learning: ) at test

881 views • 49 slides
Siamese Network &amp; Matching Network for one-shot learning Reference Papers Siamese Neural

Siamese Network &amp; Matching Network for one-shot learning Reference Papers Siamese Neural

Reading Group 2016.11.22 Siamese Network &amp; Matching Network for one-shot learning Reference Papers Siamese Neural Networks for One-Shot Image Recognition (Gregory Koch, Ruslan Salakhutdinov) Matching Network for One-shot Learning (Oriol

802 views • 16 slides
Competing as an Innovation Community Some things worth knowing Some things worth considering

Competing as an Innovation Community Some things worth knowing Some things worth considering

Competing as an Innovation Community Some things worth knowing Some things worth considering Presented by: Jonathan Aberman Terry Clower Dean, Business School Northern Virginia Chair Marymount University Director, Center for Regional

352 views • 12 slides
Fred Yarur Nothing in the world is worth having or worth doing unless it means effort, pain,

Fred Yarur Nothing in the world is worth having or worth doing unless it means effort, pain,

Fred Yarur Nothing in the world is worth having or worth doing unless it means effort, pain, difficulty -T. Roosevelt 1. 2. 3. 4. 5. Repeat Acquire Estimate Sell Schedule Survey Qualify Produce Refer 2. 1. 3. 4. 5.

910 views • 55 slides
Passages worth the dig Passages worth the dig Matt 7.1-5 Judge not, that ye not be judged

Passages worth the dig Passages worth the dig Matt 7.1-5 Judge not, that ye not be judged

Passages worth the dig Passages worth the dig Matt 7.1-5 Judge not, that ye not be judged David Capes Senior Research Fellow Lanier Theological Library Judge Not . . . Really David Kinnamon, Barna Group Gabe Lyons, Fermi Project

390 views • 15 slides
Concepts with Few-shot Supervision Xuming He ShanghaiTech University

Concepts with Few-shot Supervision Xuming He ShanghaiTech University

Learning Structured Visual Concepts with Few-shot Supervision Xuming He ShanghaiTech University hexm@shanghaitech.edu.cn 1 12/5/2019 Outline Introduction Learning from very limited annotated data Background in few-shot

807 views • 52 slides
Horizontal Movable Shot Blasting Machine PW2-40DA Horizontal movable shot blasting machine Dust

Horizontal Movable Shot Blasting Machine PW2-40DA Horizontal movable shot blasting machine Dust

Horizontal Movable Shot Blasting Machine PW2-40DA Horizontal movable shot blasting machine Dust Collector QS1700 Road Cleaning Equipment Automatic Asphalt Distributor Chippings Spreader SS4000 self-propelled chip spreader Asphalt Rubber

372 views • 19 slides
Research Ethics Tyson S. Barrett, PhD PSY 3500 Was it worth it?

Research Ethics Tyson S. Barrett, PhD PSY 3500 Was it worth it?

Research Ethics Tyson S. Barrett, PhD PSY 3500 Was it worth it? https://www.britannica.com/event/Tuskegee-syphilis-study Was it worth it? Milgram (1963) Was it worth it? Milgram (1963) &quot;In a large number of cases, the degree of

165 views • 5 slides
Co-Representation Network for Generalized Zero-Shot Learning Fei Zhang, Guangming Shi XIDIAN

Co-Representation Network for Generalized Zero-Shot Learning Fei Zhang, Guangming Shi XIDIAN

Co-Representation Network for Generalized Zero-Shot Learning Fei Zhang, Guangming Shi XIDIAN UNIVERSITY ICML 2019 In Intr troduct oduction ion Classic Deep CNN Data requirements decrease Predict Transfer Learning Few-Shot

456 views • 11 slides
2017 Audit and Accounting update Peter Worth Director Worth Technical Accounting Solutions

2017 Audit and Accounting update Peter Worth Director Worth Technical Accounting Solutions

cipfa.org.uk Local Government Pension Funds: 2017 Audit and Accounting update Peter Worth Director Worth Technical Accounting Solutions Worth Technical Accounting Solutions Worth Technical Accounting Solutions 1 1 This session will cover:

468 views • 14 slides
Predicting Deep Zero-Shot Convolutional Neural Networks using Textual Descriptions Jimmy Lei Ba,

Predicting Deep Zero-Shot Convolutional Neural Networks using Textual Descriptions Jimmy Lei Ba,

Predicting Deep Zero-Shot Convolutional Neural Networks using Textual Descriptions Jimmy Lei Ba, Kevin Swersky, Sanja Fidler, Ruslan Salakhutdinov ICCV 2015 Presenter: Fartash Faghri Zero-shot Learning Classify images of an unseen class

156 views • 12 slides
Semantic Spaces for Zero-Shot Behaviour Analysis Xun Xu Computer Vision and Interactive Media

Semantic Spaces for Zero-Shot Behaviour Analysis Xun Xu Computer Vision and Interactive Media

Semantic Spaces for Zero-Shot Behaviour Analysis Xun Xu Computer Vision and Interactive Media Lab, NUS Singapore 1 Collaborators Prof. Shaogang Gong Dr. Timothy Hospedales 2 Outline Background Transductive Zero-Shot Action

764 views • 73 slides
The Lake Worth Greenprint (working title) Lake Worth Regional Coordinating Committee Meeting

The Lake Worth Greenprint (working title) Lake Worth Regional Coordinating Committee Meeting

The Lake Worth Greenprint (working title) Lake Worth Regional Coordinating Committee Meeting April 24, 2014 1 Presentation Items Project background Water quality and recreation maps Conservation Finance Options report with

481 views • 31 slides
Non-Parametric Few-Shot Learning CS 330 1 Logistics Homework 1 due tonight, Homework 2 out soon

Non-Parametric Few-Shot Learning CS 330 1 Logistics Homework 1 due tonight, Homework 2 out soon

Non-Parametric Few-Shot Learning CS 330 1 Logistics Homework 1 due tonight, Homework 2 out soon Fill out project group form if you havent already. Project suggestions &amp; project spreadsheet posted 2 Plan for Today Non-Parametric Few-Shot

676 views • 34 slides
Shelter Task Force Presentation Budget and Metrics Fort Worth Code Compliance Fort Worth Code

Shelter Task Force Presentation Budget and Metrics Fort Worth Code Compliance Fort Worth Code

Shelter Task Force Presentation Budget and Metrics Fort Worth Code Compliance Fort Worth Code Compliance Brandon Scott Bennett, Director January 6, 2016 Overview Response to Previous Meeting Fort Worth Code Compliance Organization and

1.37k views • 99 slides
eCo-shot delivers Improved Fuel Economy More Power Reduced Emissions Cleaner Oils

eCo-shot delivers Improved Fuel Economy More Power Reduced Emissions Cleaner Oils

eCo-shot delivers Improved Fuel Economy More Power Reduced Emissions Cleaner Oils eCo-shot is uncomplicated It Is Boost Pressure Controlled There Are No Computers No Interfering With The Engine Management No

386 views • 27 slides
A Baseline for Few-Shot Image Classification Guneet S. Dhillon 1 , Pratik Chaudhari 2 , Avinash

A Baseline for Few-Shot Image Classification Guneet S. Dhillon 1 , Pratik Chaudhari 2 , Avinash

A Baseline for Few-Shot Image Classification Guneet S. Dhillon 1 , Pratik Chaudhari 2 , Avinash Ravichandran 1 , Stefano Soatto 1, 3 1 Amazon Web Services, 2 University of Pennsylvania, 3 University of California, Los Angeles What is few-shot

138 views • 9 slides
Lake Worth IS D Vision LWIS D Believes . . . Our Goal . . . Lake Worth IS D Focus Areas Lake

Lake Worth IS D Vision LWIS D Believes . . . Our Goal . . . Lake Worth IS D Focus Areas Lake

Lake Worth IS D Vision LWIS D Believes . . . Our Goal . . . Lake Worth IS D Focus Areas Lake Worth IS D District of Innovation District of Innovation Adoption Process The process begins wit h a board of t rust ees adopt ed resolut ion.

652 views • 12 slides
Infinite Mixture Prototypes for Few-Shot Learning Adaptively inferring model capacity for simple

Infinite Mixture Prototypes for Few-Shot Learning Adaptively inferring model capacity for simple

Infinite Mixture Prototypes for Few-Shot Learning Adaptively inferring model capacity for simple and complex tasks Kelsey Allen, Evan Shelhamer*, Hanul Shin*, Josh Tenenbaum Few-Shot Learning by Deep Metric Learning Given few instances of a few

369 views • 12 slides

More recommend