secure programming laboratory 4 web attack
play

Secure Programming Laboratory 4: Web Attack SP Demonstrators: - PowerPoint PPT Presentation

Apr 04, 2024 •471 likes •556 views

Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 15th November 2019 Orientation This is the fourth Laboratory Session for Secure Programming It is convened by Arthur, Henry and David. The handout and

  1. Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 15th November 2019

  2. Orientation This is the fourth Laboratory Session for Secure Programming It is convened by Arthur, Henry and David. The handout and other resources are available online via the course web page. ◮ If you have question about the past labs, ask us.

  3. What is this lab about? Cross Site Scripting ◮ Task 1 ~ 2 Attaching JavaScript in web request ◮ Task 3 ~ 5 Attaching attack payload in web request ◮ Task 6 Cross Site Scripting Worm ◮ Task 7 Countermeasures for Cross Site Scripting Cross Site Request Forgery (optional) ◮ Task 1 Web request analysing tools ◮ Task 2 ~ 3 Cross Site Request Forgery ◮ Task 4 Countermeasures for CSRF

  4. What do we hope you will learn? ◮ Understanding client side web attack ◮ Understanding countermeasure for web attack ◮ Understanding further web security concerns

  5. Warning ◮ You will be attacking a web server, always point your attack payload to localhost of the seedlab. ◮ You will be attacking the web server on the following url ◮ http://www.xsslabelgg.com . ◮ http://www.csrflabattacker.com . ◮ http://www.csrflabelgg.com . We have modified the host file in the seed lab to point this url to the localhost of the SEED Lab. Don’t change this setting as it is protecting you not to attack the dice environment and the real network. ◮ ALWAYS KEEP YOUR ATTACK TRIAL WITHIN THE SEED LAB ENVIRONMENT

  6. Solutions and Checkpoints You do not need to submit a lab report to us, but please keep answers to the checkpoint questions for your own use, to check your understanding and when revising the material for the lab. Please do not post solutions on any forum. If solutions are distributed it will spoil the experience for other students using SEED labs around the world. During the lab we will provide individual help and guidance, and also make announcements during the lab with hints and tips. You can always discuss the checkpoint question or any materials with us during the lab section or through Piazza.

  7. Coursework Reminder Coursework deadline: 5pm TODAY (Before the end of this lab) You have 9 files to submit in total for both parts of the coursework, see the final page of each coursework for the required filenames.

  8. Good Luck! We hope you enjoy the lab.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 20th

Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 20th

Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 20th March 2019 Orientation This is the fourth Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other

441 views • 8 slides
Secure Programming Laboratory 3: Race Condition SP Demonstrators: Arthur Chan / Henry Clausen /

Secure Programming Laboratory 3: Race Condition SP Demonstrators: Arthur Chan / Henry Clausen /

Secure Programming Laboratory 3: Race Condition SP Demonstrators: Arthur Chan / Henry Clausen / David Aspinall 1st November 2019 Orientation This is the third Laboratory Session for Secure Programming It is convened by Arthur (in abstentia),

536 views • 8 slides
Secure Programming Laboratory 2: Shellshock and Race Condition SP Demonstrators: Arthur Chan /

Secure Programming Laboratory 2: Shellshock and Race Condition SP Demonstrators: Arthur Chan /

Secure Programming Laboratory 2: Shellshock and Race Condition SP Demonstrators: Arthur Chan / David Aspinall 13th February 2019 Orientation This is the second Laboratory Session for Secure Programming It is convened by Arthur and David. The

332 views • 14 slides
Secure Programming Laboratory 5: Android Security SP Demonstrators: Arthur Chan / David Aspinall

Secure Programming Laboratory 5: Android Security SP Demonstrators: Arthur Chan / David Aspinall

Secure Programming Laboratory 5: Android Security SP Demonstrators: Arthur Chan / David Aspinall 27th March 2019 Orientation This is the final Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other

113 views • 8 slides
Secure Programming Laboratory 1: Introduction SP Demonstrators: Arthur Chan / David Aspinall 4th

Secure Programming Laboratory 1: Introduction SP Demonstrators: Arthur Chan / David Aspinall 4th

Secure Programming Laboratory 1: Introduction SP Demonstrators: Arthur Chan / David Aspinall 4th October 2019 Orientation This is the first Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other

570 views • 11 slides
Secure Programming Laboratory 3: Injection SP Demonstrators: Arthur Chan / David Aspinall 6th

Secure Programming Laboratory 3: Injection SP Demonstrators: Arthur Chan / David Aspinall 6th

Secure Programming Laboratory 3: Injection SP Demonstrators: Arthur Chan / David Aspinall 6th March 2019 Orientation This is the third Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other

81 views • 7 slides
Attack on Traffic Systems These attack examples have happened in the past. We will take an

Attack on Traffic Systems These attack examples have happened in the past. We will take an

From start to finish how a cyber attack would be performed on traffic system, we will go over first day >> exploitation of the device >> the real-world aftermath. Mission Secure, Inc. Attack on Traffic Systems These attack examples

556 views • 18 slides
Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure

Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure

Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure Metering Issues and Extensions Real World Other Directions Metering for General Access Structures Understanding the model Audit Agency

480 views • 35 slides
Secure Programming Laboratory 3: Web app security Joseph Hallett and David Aspinall, Informatics

Secure Programming Laboratory 3: Web app security Joseph Hallett and David Aspinall, Informatics

Secure Programming Laboratory 3: Web app security Joseph Hallett and David Aspinall, Informatics @ Edinburgh 14th March 2014 What is this lab about? Web app security with Gruyere Lab from Google Worth working through Were just

84 views • 5 slides
Secure C Programming: Memory Management Lucas Cordeiro Department of Computer Science

Secure C Programming: Memory Management Lucas Cordeiro Department of Computer Science

Systems and Software Verification Laboratory Secure C Programming: Memory Management Lucas Cordeiro Department of Computer Science lucas.cordeiro@manchester.ac.uk Secure C Programming Lucas Cordeiro (Formal Methods Group)

1.63k views • 144 slides
Ling 555 Programming for Linguists More unix basics & Regular Expressions Robert Albert

Ling 555 Programming for Linguists More unix basics & Regular Expressions Robert Albert

Ling 555 Programming for Linguists More unix basics & Regular Expressions Robert Albert Felty Speech Research Laboratory Indiana University Sep. 08, 2008 Network tools ssh secure remote login to another computer sftp secure file

594 views • 38 slides
Diffie-Hellman not secure against Man-in-the-Middle-attack: Want to guarantee authenticity. Alice

Diffie-Hellman not secure against Man-in-the-Middle-attack: Want to guarantee authenticity. Alice

Diffie-Hellman not secure against Man-in-the-Middle-attack: Want to guarantee authenticity. Alice Mallory Bob Can achieve this with publc-key cryptography as well. g a a First example: Schnorr Signature g m m a 1024 bit

283 views • 3 slides
Attack and Improvement of a Secure S-box Calculation Based on the Fourier Transform ebastien Coron

Attack and Improvement of a Secure S-box Calculation Based on the Fourier Transform ebastien Coron

8 + Attack and Improvement of a Secure S-box Calculation Based on the Fourier Transform ebastien Coron 1 , Christophe Giraud 2 , Emmanuel Prouff 2 , and Jean-S Matthieu Rivain 1 , 2 1 University of Luxembourg 2 Oberthur Technologies August 11,

718 views • 55 slides
Diffie-Hellman not secure against Man-in-the-Middle-attack: Alice Mallory Bob g a a g

Diffie-Hellman not secure against Man-in-the-Middle-attack: Alice Mallory Bob g a a g

Diffie-Hellman not secure against Man-in-the-Middle-attack: Alice Mallory Bob g a a g m m g ma g ma g n n g b b g nb g nb g ma g ma , g nb g nb Eike Ritter Cryptography 2014/15 106

417 views • 9 slides
Evolving Secure Information Systems through Attack Simulation Elmar Kiesling, Andreas Ekelhart,

Evolving Secure Information Systems through Attack Simulation Elmar Kiesling, Andreas Ekelhart,

Evolving Secure Information Systems through Attack Simulation Elmar Kiesling, Andreas Ekelhart, Bernhard Grill, Christine Strau, Christian Stummer January 7, 2014; Waikoloa, Big Island, Hawaii Funded by the Austrian Science Fund under project

1.13k views • 87 slides
Secure Sockets Layer Transport Layer Security BEAST Attack Dan Luedtke <mail@danrl.de>

Secure Sockets Layer Transport Layer Security BEAST Attack Dan Luedtke <mail@danrl.de>

Secure Sockets Layer Transport Layer Security BEAST Attack Dan Luedtke <mail@danrl.de> Wed Apr 18, 2012 University of the German Federal Armed Forces, Munich Slide 1 Outline History Design Goals SSL/TLS Stack

439 views • 15 slides
Zinovy Diskin, Yingfei Xiong, Krzysztof Czarnecki Genera9ve So;ware

Zinovy Diskin, Yingfei Xiong, Krzysztof Czarnecki Genera9ve So;ware

Zinovy Diskin, Yingfei Xiong, Krzysztof Czarnecki Genera9ve So;ware Lab University of Waterloo, Canada Overlap? Consistency? Model D1 Model D2 same A C D

353 views • 22 slides
Management Handbook 7. Identify the System Modes Kansas State University St Steps s in in

Management Handbook 7. Identify the System Modes Kansas State University St Steps s in in

FAA Requirements Engineering Management Handbook 7. Identify the System Modes Kansas State University St Steps s in in the REMH EMH Develop the System Overview 1. Identify the System Boundary 2. Develop the Operational Concepts 3.

148 views • 12 slides
CS 2334: Lab 3 Im Importing a CSV File Andrew H. Fagg: CS2334: Lab 3 1 Notes Rubric for

CS 2334: Lab 3 Im Importing a CSV File Andrew H. Fagg: CS2334: Lab 3 1 Notes Rubric for

CS 2334: Lab 3 Im Importing a CSV File Andrew H. Fagg: CS2334: Lab 3 1 Notes Rubric for each lab and project tells you what we are specifically looking for when we are grading your assignments Dont forget to: Add documentation

288 views • 16 slides
Design Engineering 1.3 Electronics Home Lab 2 Explained Electronic Circuits Peter Cheung

Design Engineering 1.3 Electronics Home Lab 2 Explained Electronic Circuits Peter Cheung

Design Engineering 1.3 Electronics Home Lab 2 Explained Electronic Circuits Peter Cheung Department of Electrical & Electronic Engineering Imperial College London URL: www.ee.ic.ac.uk/pcheung/teaching/DE1_EE/ E-mail:

355 views • 12 slides
DCS Lab: Short Presentation Evangelos Markatos: markatos@ics.forth.gr 2 Distributed Computing

DCS Lab: Short Presentation Evangelos Markatos: markatos@ics.forth.gr 2 Distributed Computing

DCS Lab: Short Presentation Evangelos Markatos: markatos@ics.forth.gr 2 Distributed Computing Systems and Cybersecurity Focus : Cyber Security and Privacy Areas of expertise : Systems Security, Privacy, cyberattacks

376 views • 10 slides
Measurement Lab @ IFF Measurement Village Lai Yi Ohlsen laiyi@measurementlab.net

Measurement Lab @ IFF Measurement Village Lai Yi Ohlsen laiyi@measurementlab.net

Measurement Lab @ IFF Measurement Village Lai Yi Ohlsen laiyi@measurementlab.net @measurementlab @laiyiohlsen S 1 Agenda @ What is M-Lab? How do we measure the Internet? What makes the data valuable? How can you use

876 views • 42 slides
CS 2334: Lab 5 Exceptions Andrew H. Fagg: CS2334: Lab 5 1 Exceptions Remember when an

CS 2334: Lab 5 Exceptions Andrew H. Fagg: CS2334: Lab 5 1 Exceptions Remember when an

CS 2334: Lab 5 Exceptions Andrew H. Fagg: CS2334: Lab 5 1 Exceptions Remember when an Exception is thrown: The normal execution of code stops The JVM begins to search the call stack for a catch statement that matches the Exception

576 views • 24 slides
Beaker Quick Start Guide Introduction to Beaker for the Impatient Petr plchal Red Hat 2011

Beaker Quick Start Guide Introduction to Beaker for the Impatient Petr plchal Red Hat 2011

Beaker Quick Start Guide Introduction to Beaker for the Impatient Petr plchal Red Hat 2011 Abstract This is a short introduction to Beaker, designed for quick-learning the essential skills for automated test case writing. It will

777 views • 57 slides

More recommend