cse 484 cse m 584 computer security sql wireshark and
play

CSE 484 / CSE M 584 Computer Security: SQL, Wireshark, and Policy - PowerPoint PPT Presentation

Sep 07, 2023 •637 likes •771 views

CSE 484 / CSE M 584 Computer Security: SQL, Wireshark, and Policy TA: Thomas Crosley tcrosley@cs SQL Review Structured Query Language (SQL) used to communicate with databases Standard SQL commands SELECT, INSERT, UPDATE, DELETE, DROP

  1. CSE 484 / CSE M 584 Computer Security: SQL, Wireshark, and Policy TA: Thomas Crosley tcrosley@cs

  2. SQL Review • Structured Query Language (SQL) used to communicate with databases • Standard SQL commands SELECT, INSERT, UPDATE, DELETE, DROP

  3. More important SQL Commands • SELECT - extracts data from a database • UPDATE - updates data in a database • DELETE - deletes data from a database • INSERT INTO - inserts new data into a database • CREATE TABLE - creates a new table • ALTER TABLE - modifies a table • DROP TABLE - deletes a table

  4. Select • Used to select (read) data from a database • SELECT column_name , column_name FROM table_name WHERE column_name operator value ;

  5. Insert • Insert new records in a table • INSERT INTO table_name VALUES ( value1 , value2 , value3 ,...); • INSERT INTO table_name ( column1 , column2 ,...) VALUES ( value1 , value2 ,...);

  6. SQL InjecZon • SQL InjecZon allows the a[acker to insert malicious SQL statements • Usually caused by incorrect filtering or escaping of user input

  7. Forms of SQL InjecZon • 1=1 – SELECT * FROM Users WHERE UserId = 105 or 1=1 • “”=“” – SELECT * FROM Users WHERE Name =“” or “”=“” AND Pass =“” or “”=“” • Batched SQL Statements – SELECT * FROM Users; DROP TABLE Suppliers

  8. PrevenZng SQL InjecZon • “SaniZzing” input data – Can be hard to do well/completely – Removing SQL commands, etc. • Escaping strings oden works be[er – Each DBMS has their own version – Ex: mysqli_real_escape_string in MySql

  9. SQL InjecZon HTTP :// XKCD . COM /327/

  10. Helpful resources • SQL InjecZon – OWASP h[ps://www.owasp.org/index.php/ SQL_InjecZon • Cross-site ScripZng (XSS) h[ps://www.owasp.org/index.php/Cross- site_ScripZng_(XSS)

  11. Tech Policy • Talk to your neighbors • Write down 2 or more concerns you have about security • Write down 2 or more security related policy issues you think would be hard to come up with a policy for

  12. Wireshark • Free tool to inspect incoming and outgoing packets on HTTP/TCP/Ethernet/etc. • NoZce – Massive streams of data to load a single website – How many requests are being made to 3 rd parZes – Most content (including cookies) are sent in plaintext h[ps://www.wireshark.org/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CSE 484 / CSE M 584 Computer Security: iOS, Wireless Security & Wireshark TA: Adrian Sham

CSE 484 / CSE M 584 Computer Security: iOS, Wireless Security & Wireshark TA: Adrian Sham

CSE 484 / CSE M 584 Computer Security: iOS, Wireless Security & Wireshark TA: Adrian Sham adrsham@cs With material from Franzi and Bens slides Logistics / Reminders Tomorrow Ian will introduce more tools you will need for Lab #3

318 views • 11 slides
Section 6: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark

Section 6: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark

Section 6: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark https://courses.cs.washington.edu/courses/cse461/20au/section-data/461-demo.pcap Open this file in wireshark

622 views • 26 slides
Section ?: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark (Not that) advanced

Section ?: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark (Not that) advanced

Section ?: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark (Not that) advanced SSH ssh user@server -p port SSH Keys SSH Encryption SSH uses symmetrical encryption The session key is negotiated securely under

530 views • 25 slides
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer Capturing (sniffs) packets being

485 views • 13 slides
Network concepts introduction & wireshark workshop @ KirilsSolovjovs wireshark +4fd9

Network concepts introduction & wireshark workshop @ KirilsSolovjovs wireshark +4fd9

Network concepts introduction & wireshark workshop @ KirilsSolovjovs wireshark +4fd9 ISO/OSI+DoD model wireshark +4fd9 T opics for our workshop Network layer models Ethernet, WiFi Layer3: ARP, ICMP, IPv4, IPv6 Layer4:

812 views • 44 slides
Wireshark Tutorial Chris Neasbitt UGA Dept. of Computer Science Contents Introduction

Wireshark Tutorial Chris Neasbitt UGA Dept. of Computer Science Contents Introduction

Wireshark Tutorial Chris Neasbitt UGA Dept. of Computer Science Contents Introduction What is a network trace? What is Wireshark? Basic UI Some of the most useful parts of the UI. Packet Capture How do we capture

1.05k views • 27 slides
Wireshark network analyzing tool 19/03/2018 1 Wireshark network analyzing tool What?

Wireshark network analyzing tool 19/03/2018 1 Wireshark network analyzing tool What?

Wireshark network analyzing tool 19/03/2018 1 Wireshark network analyzing tool What? One of the best open source packet analyzers available today Captures network packets and tries to display content as detailed as possible

338 views • 5 slides
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber Security Practice 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer Capturing (sniffs)

593 views • 14 slides
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University CSC 5991 Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University CSC 5991 Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University CSC 5991 Cyber Security Prac@ce 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer Capturing (sniffs)

172 views • 14 slides
Open Source Security Tool Turbo Talks Wireshark Sharkfest 2011 Gordon Fyodor Lyon Nmap

Open Source Security Tool Turbo Talks Wireshark Sharkfest 2011 Gordon Fyodor Lyon Nmap

Insecure.Org Insecure.Org Open Source Security Tool Turbo Talks Wireshark Sharkfest 2011 Gordon Fyodor Lyon Nmap Security Scanner Project Tod Beardsley Metasploit Project (Rapid7) Thomas D'Otreppe Aircrack-ng Insecure.Org

279 views • 11 slides
Wireshark Drinking straight from the network hose Wireshark Drinking straight from the network

Wireshark Drinking straight from the network hose Wireshark Drinking straight from the network

Wireshark Drinking straight from the network hose Wireshark Drinking straight from the network hose Md. Abdul Awal TEIN Application Workshop 2017 BdREN University of Dhaka awal@bdren.net.bd December 11, 2017 These materials are licensed

612 views • 31 slides
Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of

TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of

TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP Sniffing the network and forging packets tcpdump, wireshark Today: ICMP and UDP Eike Ritter Network Security -

881 views • 38 slides
Quick Intro to Computer Security What is computer security? Securing communication

Quick Intro to Computer Security What is computer security? Securing communication

Carnegie Mellon Quick Intro to Computer Security What is computer security? Securing communication Cryptographic tools Access control User authentication Computer security and usability Thanks to Mike Reiter for the

412 views • 38 slides
Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and what threatens them? Lecture 1 Page 1 CS 236 Online Why Is Security Necessary? Because people arent always nice Because a lot of

415 views • 25 slides
Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP TCP/IP: ICMP, UDP

Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP TCP/IP: ICMP, UDP

1/24/2012 Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP TCP/IP: ICMP, UDP Sniffing the network and forging packets tcpdump, wireshark Today: ICMP and UDP Network Security Lecture 5 Eike Ritter Network

281 views • 7 slides
Game Engines IMGD 4000 Pedagogical Goal Your technical

Game Engines IMGD 4000 Pedagogical Goal Your technical

3/12/17 Game Engines IMGD 4000 Pedagogical Goal Your technical skills should not be Aed to any parAcular game engine Just like your programming

285 views • 16 slides
Preliminary data show 2,023 confirmed and estimated opioid- related overdose deaths in 2019.

Preliminary data show 2,023 confirmed and estimated opioid- related overdose deaths in 2019.

Preliminary data show 2,023 confirmed and estimated opioid- related overdose deaths in 2019. Figure 1. Opioid-Related Overdose Deaths, All Intents by Month Massachusetts Residents: January 2018 - December 2019 250 Confirmed Estimated 200

60 views • 5 slides
Scripting 1 Languages Prof. Dr. Debora Weber-Wulff Table of Contents 2 Difference Compiler

Scripting 1 Languages Prof. Dr. Debora Weber-Wulff Table of Contents 2 Difference Compiler

11.01.2010 Scripting 1 Languages Prof. Dr. Debora Weber-Wulff Table of Contents 2 Difference Compiler / Interpreter Popular scripting languages Compilers 3 Compilers 4 Interpreter 5 Java 6 Compilers 7 Scripting programming

309 views • 10 slides
Compiling, Linking & Mixed Languages Ivan Giro9o igiro9o@ictp.it Informa(on &

Compiling, Linking & Mixed Languages Ivan Giro9o igiro9o@ictp.it Informa(on &

Compiling, Linking & Mixed Languages Ivan Giro9o igiro9o@ictp.it Informa(on & Communica(on Technology Sec(on (ICTS) Interna(onal Centre for Theore(cal Physics (ICTP) Script Language Benefits Portability Script code does not

251 views • 21 slides
End-to-End Speech Recognition by Following my Research History Shinji Watanabe Center for

End-to-End Speech Recognition by Following my Research History Shinji Watanabe Center for

End-to-End Speech Recognition by Following my Research History Shinji Watanabe Center for Language and Speech Processing Johns Hopkins University Language Technologies Institute Carnegie Mellon University (Jan. 2021) @11-785 Introduction to

1.37k views • 102 slides
Shikav extensions to support networking animation Moniphal Say Under the guidance of: Prof.

Shikav extensions to support networking animation Moniphal Say Under the guidance of: Prof.

Outline Introduction Shikav description Examples for Shikav extension Implementation Conclusion and Future extensions Shikav extensions to support networking animation Moniphal Say Under the guidance of: Prof. Sridhar Iyer and Prof. Abhiram

843 views • 40 slides
Third Quarter 2010 Results 4 November 2010 Disclaimer Figures included in this presentation are

Third Quarter 2010 Results 4 November 2010 Disclaimer Figures included in this presentation are

1 Third Quarter 2010 Results 4 November 2010 Disclaimer Figures included in this presentation are unaudited. On 19 April 2010, BNP Paribas issued a restatement of its divisional results for 2009 reflecting the breakdown of BNP Paribas Fortis

911 views • 70 slides
A state-dependent model with unimodal feedback Qingwen Hu Center for Nonlinear Analysis

A state-dependent model with unimodal feedback Qingwen Hu Center for Nonlinear Analysis

A state-dependent model with unimodal feedback Qingwen Hu Center for Nonlinear Analysis Department of Mathematical Sciences The University of Texas at Dallas Richardson, Texas October 2014, UTD . . . . . . . . . . . . . . . .

691 views • 34 slides

More recommend