secure programming laboratory 3 web app security
play

Secure Programming Laboratory 3: Web app security Joseph Hallett - PowerPoint PPT Presentation

Oct 18, 2023 •34 likes •84 views

Secure Programming Laboratory 3: Web app security Joseph Hallett and David Aspinall, Informatics @ Edinburgh 14th March 2014 What is this lab about? Web app security with Gruyere Lab from Google Worth working through Were just

  1. Secure Programming Laboratory 3: Web app security Joseph Hallett and David Aspinall, Informatics @ Edinburgh 14th March 2014

  2. What is this lab about? ◮ Web app security with Gruyere ◮ Lab from Google ◮ Worth working through ◮ We’re just going to focus on a little bit of it

  3. What is this lab about? ◮ Input validation ◮ Obfuscation ◮ Redirection ◮ Authentication ◮ Exploitation ◮ Little bit of static analysis

  4. What do we want you to learn ◮ Always check your inputs! ◮ Problems with web security other than SQLi and XSS ◮ Static analysis is great

  5. Good Luck! We hope you enjoy the lab.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Secure Programming Laboratory 5: Android Security SP Demonstrators: Arthur Chan / David Aspinall

Secure Programming Laboratory 5: Android Security SP Demonstrators: Arthur Chan / David Aspinall

Secure Programming Laboratory 5: Android Security SP Demonstrators: Arthur Chan / David Aspinall 27th March 2019 Orientation This is the final Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other

113 views • 8 slides
Secure Programming Laboratory 3: Race Condition SP Demonstrators: Arthur Chan / Henry Clausen /

Secure Programming Laboratory 3: Race Condition SP Demonstrators: Arthur Chan / Henry Clausen /

Secure Programming Laboratory 3: Race Condition SP Demonstrators: Arthur Chan / Henry Clausen / David Aspinall 1st November 2019 Orientation This is the third Laboratory Session for Secure Programming It is convened by Arthur (in abstentia),

536 views • 8 slides
Secure Programming Laboratory 2: Shellshock and Race Condition SP Demonstrators: Arthur Chan /

Secure Programming Laboratory 2: Shellshock and Race Condition SP Demonstrators: Arthur Chan /

Secure Programming Laboratory 2: Shellshock and Race Condition SP Demonstrators: Arthur Chan / David Aspinall 13th February 2019 Orientation This is the second Laboratory Session for Secure Programming It is convened by Arthur and David. The

332 views • 14 slides
Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 15th

Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 15th

Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 15th November 2019 Orientation This is the fourth Laboratory Session for Secure Programming It is convened by Arthur, Henry and David. The handout and

556 views • 8 slides
Secure Programming Laboratory 1: Introduction SP Demonstrators: Arthur Chan / David Aspinall 4th

Secure Programming Laboratory 1: Introduction SP Demonstrators: Arthur Chan / David Aspinall 4th

Secure Programming Laboratory 1: Introduction SP Demonstrators: Arthur Chan / David Aspinall 4th October 2019 Orientation This is the first Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other

570 views • 11 slides
Secure Programming Laboratory 3: Injection SP Demonstrators: Arthur Chan / David Aspinall 6th

Secure Programming Laboratory 3: Injection SP Demonstrators: Arthur Chan / David Aspinall 6th

Secure Programming Laboratory 3: Injection SP Demonstrators: Arthur Chan / David Aspinall 6th March 2019 Orientation This is the third Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other

81 views • 7 slides
Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 20th

Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 20th

Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 20th March 2019 Orientation This is the fourth Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other

441 views • 8 slides
SECURE PROGRAMMING A.A. 2018/2019 INTEGER SECURITY System, Social and Mobile Security SECURITY

SECURE PROGRAMMING A.A. 2018/2019 INTEGER SECURITY System, Social and Mobile Security SECURITY

SECURE PROGRAMMING A.A. 2018/2019 INTEGER SECURITY System, Social and Mobile Security SECURITY FLAWS The integers are formed by the natural numbers including 0 (0, 1, 2, 3, . . .) together with the negatives of the nonzero natural numbers

704 views • 52 slides
SECURE PROGRAMMING A.A. 2018/2019 TERMINOLOGY System, Social and Mobile Security SECURITY FLAWS

SECURE PROGRAMMING A.A. 2018/2019 TERMINOLOGY System, Social and Mobile Security SECURITY FLAWS

SECURE PROGRAMMING A.A. 2018/2019 TERMINOLOGY System, Social and Mobile Security SECURITY FLAWS Software engineering has long been concerned with the elimination of software defects. A software defect is the encoding of a human error into

1.75k views • 156 slides
Secure C Programming: Memory Management Lucas Cordeiro Department of Computer Science

Secure C Programming: Memory Management Lucas Cordeiro Department of Computer Science

Systems and Software Verification Laboratory Secure C Programming: Memory Management Lucas Cordeiro Department of Computer Science lucas.cordeiro@manchester.ac.uk Secure C Programming Lucas Cordeiro (Formal Methods Group)

1.63k views • 144 slides
Outline More secure design principles Software engineering for security CSci 5271 Introduction

Outline More secure design principles Software engineering for security CSci 5271 Introduction

Outline More secure design principles Software engineering for security CSci 5271 Introduction to Computer Security Secure use of the OS Defensive programming and design, contd Announcements intermission Stephen McCamant Bernsteins

535 views • 8 slides
Secure Programming Skoudis, Tom Liston, Prentice Hall Hacking Exposed 7: Network Security

Secure Programming Skoudis, Tom Liston, Prentice Hall Hacking Exposed 7: Network Security

17.2.2016 Course material 2 Counter Hack Reloaded:A Step by Step Guide to Computer Attacks and Effective Defenses, Edward Secure Programming Skoudis, Tom Liston, Prentice Hall Hacking Exposed 7: Network Security Secrets &

410 views • 4 slides
IT 4500 : Information Security Secure Programming Dr Joe Francom Buffer Overflow What it is? A

IT 4500 : Information Security Secure Programming Dr Joe Francom Buffer Overflow What it is? A

IT 4500 : Information Security Secure Programming Dr Joe Francom Buffer Overflow What it is? A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold.

221 views • 3 slides
Secure Programming with Static Analysis Brian Chess brian@fortify.com Software Systems that

Secure Programming with Static Analysis Brian Chess brian@fortify.com Software Systems that

Secure Programming with Static Analysis Brian Chess brian@fortify.com Software Systems that are Ubiquitous Connected Dependable Complexity Unforeseen Consequences Software Security Today The line between secure/insecure is

624 views • 48 slides
Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication:

Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication:

SSL 1 Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication: basic, digest often supplemented by cookies access control via network addresses multi-layered: SHTTP (secure HTTP) = just

713 views • 32 slides
Ling 555 Programming for Linguists More unix basics & Regular Expressions Robert Albert

Ling 555 Programming for Linguists More unix basics & Regular Expressions Robert Albert

Ling 555 Programming for Linguists More unix basics & Regular Expressions Robert Albert Felty Speech Research Laboratory Indiana University Sep. 08, 2008 Network tools ssh secure remote login to another computer sftp secure file

594 views • 38 slides
XSRF How it works 3 - form is submitted on bank.com 4 - bank.com helpfully transfers money

XSRF How it works 3 - form is submitted on bank.com 4 - bank.com helpfully transfers money

XSRF How it works 3 - form is submitted on bank.com 4 - bank.com helpfully transfers money into trouts account 2 - evil.fish includes form on bank.com 1-user goes to evil.fish Defenses Form keys Check HTTP referer CSRF

422 views • 4 slides
Data Handling: Import, Cleaning and Visualisation Lecture 7: Data Sources, Data Gathering, Data

Data Handling: Import, Cleaning and Visualisation Lecture 7: Data Sources, Data Gathering, Data

9/12/2019 Data Handling: Import, Cleaning and Visualisation Data Handling: Import, Cleaning and Visualisation Lecture 7: Data Sources, Data Gathering, Data Import Prof. Dr. Ulrich Matter 24/10/2019 file:///home/umatter/Dropbox/T

1.06k views • 54 slides
Data Handling: Import, Cleaning and Visualisation Lecture 8: Data Preparation Prof. Dr. Ulrich

Data Handling: Import, Cleaning and Visualisation Lecture 8: Data Preparation Prof. Dr. Ulrich

9/12/2019 Data Handling: Import, Cleaning and Visualisation Data Handling: Import, Cleaning and Visualisation Lecture 8: Data Preparation Prof. Dr. Ulrich Matter 21/11/2019 file:///home/umatter/Dropbox/T

420 views • 19 slides
The Invariant Theory of Unipotent Groups Frank Grosshans Aachen RWTH June, 2010 Grosshans (West

The Invariant Theory of Unipotent Groups Frank Grosshans Aachen RWTH June, 2010 Grosshans (West

The Invariant Theory of Unipotent Groups Frank Grosshans Aachen RWTH June, 2010 Grosshans (West Chester University) (Institute) Invariant theory of unipotent groups 06/2010 1 / 37 1. Introduction Notation C : complex numbers V :

502 views • 33 slides
Experiences In Cyber Security Education: The MIT Lincoln Laboratory Capture-the-Flag Exercise*

Experiences In Cyber Security Education: The MIT Lincoln Laboratory Capture-the-Flag Exercise*

Experiences In Cyber Security Education: The MIT Lincoln Laboratory Capture-the-Flag Exercise* Joseph Werther, Michael Zhivich, Timothy Leek, Nickolai Zeldovich Cyber Security Experimentation And Test 2011 8 August 2011 This work is

313 views • 15 slides
Multidimensional Scaling Max Turgeon STAT 4690Applied Multivariate Analysis Recap: PCA

Multidimensional Scaling Max Turgeon STAT 4690Applied Multivariate Analysis Recap: PCA

Multidimensional Scaling Max Turgeon STAT 4690Applied Multivariate Analysis Recap: PCA We discussed several interpretations of PCA. Pearson : PCA gives the best linear approximation to the data (at a fjxed dimension). We also

708 views • 54 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 7 Malicious Software DD2395 Sonja Buchegger 1 Course Admin l Lab 2: - prepare before lab session - signup!

844 views • 39 slides
Collaborative Discussions Steve Smith September 5, 2002 The Herd Departs

Collaborative Discussions Steve Smith September 5, 2002 The Herd Departs

Collaborative Discussions Steve Smith September 5, 2002 The Herd Departs Date Steve Smith Nanobeams 2002 Slide # Chateau Gruyeres

336 views • 9 slides

More recommend