secure programming laboratory 3 web app security
play

Secure Programming Laboratory 3: Web app security Joseph Hallett - PowerPoint PPT Presentation

Oct 18, 2023 •34 likes •84 views

Secure Programming Laboratory 3: Web app security Joseph Hallett and David Aspinall, Informatics @ Edinburgh 14th March 2014 What is this lab about? Web app security with Gruyere Lab from Google Worth working through Were just

  1. Secure Programming Laboratory 3: Web app security Joseph Hallett and David Aspinall, Informatics @ Edinburgh 14th March 2014

  2. What is this lab about? ◮ Web app security with Gruyere ◮ Lab from Google ◮ Worth working through ◮ We’re just going to focus on a little bit of it

  3. What is this lab about? ◮ Input validation ◮ Obfuscation ◮ Redirection ◮ Authentication ◮ Exploitation ◮ Little bit of static analysis

  4. What do we want you to learn ◮ Always check your inputs! ◮ Problems with web security other than SQLi and XSS ◮ Static analysis is great

  5. Good Luck! We hope you enjoy the lab.

Recommend

Secure Programming Laboratory 5: Android Security SP Demonstrators: Arthur Chan / David Aspinall

Secure Programming Laboratory 5: Android Security SP Demonstrators: Arthur Chan / David Aspinall

Secure Programming Laboratory 5: Android Security SP Demonstrators: Arthur Chan / David Aspinall 27th March 2019 Orientation This is the final Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other

113 views • 8 slides
Secure Programming Laboratory 3: Race Condition SP Demonstrators: Arthur Chan / Henry Clausen /

Secure Programming Laboratory 3: Race Condition SP Demonstrators: Arthur Chan / Henry Clausen /

Secure Programming Laboratory 3: Race Condition SP Demonstrators: Arthur Chan / Henry Clausen / David Aspinall 1st November 2019 Orientation This is the third Laboratory Session for Secure Programming It is convened by Arthur (in abstentia),

536 views • 8 slides
Secure Programming Laboratory 2: Shellshock and Race Condition SP Demonstrators: Arthur Chan /

Secure Programming Laboratory 2: Shellshock and Race Condition SP Demonstrators: Arthur Chan /

Secure Programming Laboratory 2: Shellshock and Race Condition SP Demonstrators: Arthur Chan / David Aspinall 13th February 2019 Orientation This is the second Laboratory Session for Secure Programming It is convened by Arthur and David. The

332 views • 14 slides
Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 15th

Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 15th

Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 15th November 2019 Orientation This is the fourth Laboratory Session for Secure Programming It is convened by Arthur, Henry and David. The handout and

556 views • 8 slides
Secure Programming Laboratory 1: Introduction SP Demonstrators: Arthur Chan / David Aspinall 4th

Secure Programming Laboratory 1: Introduction SP Demonstrators: Arthur Chan / David Aspinall 4th

Secure Programming Laboratory 1: Introduction SP Demonstrators: Arthur Chan / David Aspinall 4th October 2019 Orientation This is the first Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other

570 views • 11 slides
Secure Programming Laboratory 3: Injection SP Demonstrators: Arthur Chan / David Aspinall 6th

Secure Programming Laboratory 3: Injection SP Demonstrators: Arthur Chan / David Aspinall 6th

Secure Programming Laboratory 3: Injection SP Demonstrators: Arthur Chan / David Aspinall 6th March 2019 Orientation This is the third Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other

81 views • 7 slides
Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 20th

Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 20th

Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 20th March 2019 Orientation This is the fourth Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other

441 views • 8 slides
SECURE PROGRAMMING A.A. 2018/2019 INTEGER SECURITY System, Social and Mobile Security SECURITY

SECURE PROGRAMMING A.A. 2018/2019 INTEGER SECURITY System, Social and Mobile Security SECURITY

SECURE PROGRAMMING A.A. 2018/2019 INTEGER SECURITY System, Social and Mobile Security SECURITY FLAWS The integers are formed by the natural numbers including 0 (0, 1, 2, 3, . . .) together with the negatives of the nonzero natural numbers

704 views • 52 slides
SECURE PROGRAMMING A.A. 2018/2019 TERMINOLOGY System, Social and Mobile Security SECURITY FLAWS

SECURE PROGRAMMING A.A. 2018/2019 TERMINOLOGY System, Social and Mobile Security SECURITY FLAWS

SECURE PROGRAMMING A.A. 2018/2019 TERMINOLOGY System, Social and Mobile Security SECURITY FLAWS Software engineering has long been concerned with the elimination of software defects. A software defect is the encoding of a human error into

1.75k views • 156 slides
Secure C Programming: Memory Management Lucas Cordeiro Department of Computer Science

Secure C Programming: Memory Management Lucas Cordeiro Department of Computer Science

Systems and Software Verification Laboratory Secure C Programming: Memory Management Lucas Cordeiro Department of Computer Science lucas.cordeiro@manchester.ac.uk Secure C Programming Lucas Cordeiro (Formal Methods Group)

1.63k views • 144 slides
Outline More secure design principles Software engineering for security CSci 5271 Introduction

Outline More secure design principles Software engineering for security CSci 5271 Introduction

Outline More secure design principles Software engineering for security CSci 5271 Introduction to Computer Security Secure use of the OS Defensive programming and design, contd Announcements intermission Stephen McCamant Bernsteins

535 views • 8 slides
Secure Programming Skoudis, Tom Liston, Prentice Hall Hacking Exposed 7: Network Security

Secure Programming Skoudis, Tom Liston, Prentice Hall Hacking Exposed 7: Network Security

17.2.2016 Course material 2 Counter Hack Reloaded:A Step by Step Guide to Computer Attacks and Effective Defenses, Edward Secure Programming Skoudis, Tom Liston, Prentice Hall Hacking Exposed 7: Network Security Secrets &

410 views • 4 slides
IT 4500 : Information Security Secure Programming Dr Joe Francom Buffer Overflow What it is? A

IT 4500 : Information Security Secure Programming Dr Joe Francom Buffer Overflow What it is? A

IT 4500 : Information Security Secure Programming Dr Joe Francom Buffer Overflow What it is? A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold.

221 views • 3 slides
Secure Programming with Static Analysis Brian Chess brian@fortify.com Software Systems that

Secure Programming with Static Analysis Brian Chess brian@fortify.com Software Systems that

Secure Programming with Static Analysis Brian Chess brian@fortify.com Software Systems that are Ubiquitous Connected Dependable Complexity Unforeseen Consequences Software Security Today The line between secure/insecure is

624 views • 48 slides
Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication:

Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication:

SSL 1 Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication: basic, digest often supplemented by cookies access control via network addresses multi-layered: SHTTP (secure HTTP) = just

713 views • 32 slides
Ling 555 Programming for Linguists More unix basics & Regular Expressions Robert Albert

Ling 555 Programming for Linguists More unix basics & Regular Expressions Robert Albert

Ling 555 Programming for Linguists More unix basics & Regular Expressions Robert Albert Felty Speech Research Laboratory Indiana University Sep. 08, 2008 Network tools ssh secure remote login to another computer sftp secure file

594 views • 38 slides
Web Security: Web Security: Secure Electronic Transaction Secure Electronic Transaction

Web Security: Web Security: Secure Electronic Transaction Secure Electronic Transaction

Web Security: Web Security: Secure Electronic Transaction Secure Electronic Transaction Cunsheng Cunsheng Ding Ding HKUST, Hong Kong, CHI NA HKUST, Hong Kong, CHI NA Secure Elect ronic Transact ions An applicat ion-layer secur it y

483 views • 24 slides
Security Summer 2013 Cornell University 1 Today How does the OS provide security?

Security Summer 2013 Cornell University 1 Today How does the OS provide security?

CS 4410 Operating Systems Security Summer 2013 Cornell University 1 Today How does the OS provide security? Secure System Security Violations Security Measures Threats User Authentication Protection 2 Secure

381 views • 14 slides
Principles for Secure Software Following these doesnt guarantee security But they touch

Principles for Secure Software Following these doesnt guarantee security But they touch

Principles for Secure Software Following these doesnt guarantee security But they touch on the most commonly seen security problems Thinking about them is likely to lead to more secure code Lecture 13 Page 1 CS 236 Online 1.

439 views • 22 slides
SECURE Act Brian Graff SECURE Act Setting Every Community Up for Retirement Security (SECURE)

SECURE Act Brian Graff SECURE Act Setting Every Community Up for Retirement Security (SECURE)

SECURE Act Brian Graff SECURE Act Setting Every Community Up for Retirement Security (SECURE) Act of 2019 (H.R. 1994) Introduced in the House March 29, 2019 Passed House Ways & Means Committee April 2, 2019 Passed House

354 views • 12 slides
Outline Saltzer & Schroeders principles (contd) CSci 5271 More secure design

Outline Saltzer & Schroeders principles (contd) CSci 5271 More secure design

Outline Saltzer & Schroeders principles (contd) CSci 5271 More secure design principles Introduction to Computer Security Software engineering for security Defensive programming 2 (combined lecture) Announcements intermission

632 views • 9 slides
Social Security www.socialsecurity.gov Save for a Secure Future Social Security is the

Social Security www.socialsecurity.gov Save for a Secure Future Social Security is the

Social Security www.socialsecurity.gov Save for a Secure Future Social Security is the foundation for a secure retirement, but you also will need other savings and investments. If you want to learn more about how and why to save, visit

352 views • 33 slides
Outline Saltzer & Schroeders principles CSci 5271 More secure design principles

Outline Saltzer & Schroeders principles CSci 5271 More secure design principles

Outline Saltzer & Schroeders principles CSci 5271 More secure design principles Introduction to Computer Security Day 7: Defensive programming and design, part 1 Software engineering for security Stephen McCamant Announcements

355 views • 7 slides
Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL: Secure Sockets Layer v widely deployed security v original goals: protocol Web e-commerce supported by almost all transactions browsers, web

570 views • 21 slides

More recommend