webseclab
play

Webseclab Elie Bursztein Baptiste Gourdin Celine Fabry - PowerPoint PPT Presentation

Feb 23, 2023 •189 likes •325 views

Webseclab Elie Bursztein Baptiste Gourdin Celine Fabry Jason Bau Gustav Rydstedt Hristo Bojinov Dan Boneh John C. Mitchell Stanford University 1 Web vs System Evolution of the number of vulnerabilties by years 3000 2793

  1. Webseclab Elie Bursztein Baptiste Gourdin Celine Fabry Jason Bau Gustav Rydstedt Hristo Bojinov Dan Boneh John C. Mitchell Stanford University 1

  2. Web vs System Evolution of the number of vulnerabilties by years 3000 2793 Web System Number of vulnerabilities 2000 1951 2000 1647 1528 1531 1275 1186 1095 1000 996 2005 2006 2007 2008 2009 Elie Bursztein et al Webseclab http://ly.tl/t15

  3. Web vulnerabilities breakdown Evolution of the web vulnerabilities over the years by types 1000 XSS SQLi 900 XCS Session 800 CSRF SSL 700 Infomation Leak Number of vulnerability 600 500 400 300 200 100 0 2005 2006 2007 2008 2009 Elie Bursztein et al Webseclab http://ly.tl/t15

  4. BlackHat Training on Web security 10 9 8 7 6 5 4 3 2 1 0 2005 2006 2007 2008 2009 2010 Elie Bursztein et al Webseclab http://ly.tl/t15

  5. No bullet proof language php 5070 aspx 1220 asp 1170 jsp 511 cfm 302 100% 90% do 224 80% pl 140 70% 60% 50% 40% 30% 20% 10% 0% PHP ASP ASPX JSP CFM DO PL Elie Bursztein et al Webseclab http://ly.tl/t15

  6. Webseclab Goals • Blending edge exercises • Inclusive environment • No setup • Minimal learning curve • Easy class management Elie Bursztein et al Webseclab http://ly.tl/t15

  7. Webseclab architecture Cloud service User 1 User 2 VM1 VM2 VM1 VM2 Elie Bursztein et al Webseclab http://ly.tl/t15

  8. Key features VM Cloud • Class management • Exercises • Synchronization • Quizzes • Realtime goal • Projects • Quizzes push • Real case • Analytics Elie Bursztein Slide deck 2010 http://ly.tl/t1

  9. Elie Bursztein et al Webseclab http://ly.tl/t15

  10. Elie Bursztein et al Webseclab http://ly.tl/t15

  11. Webseclab VM architecture Webseclab Webseclab Elie Bursztein et al Webseclab http://ly.tl/t15

  12. Webseclab VM architecture Virtual ¡Machine Firefox WebSecLab Exercise Webseclab Exercice ¡ Categories Objective Webseclab rendered Exercice ¡ Sync Constraints code Dashboard Pitch Hints SQL ¡via ¡phpmyadmin Sandbox IDE Elie Bursztein et al Webseclab http://ly.tl/t15

  13. Exercises repartition 20 17 15 12 10 8 7 7 6 6 5 5 4 1 0 Introduction Browser security Mixing content XSS CSRF Session Phishing Authentication Embedding SQL injections Elie Bursztein et al Webseclab http://ly.tl/t15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Composition and Interoperation of Rules Enrico Pontelli and Tran Cao Son Chitta Baral

Composition and Interoperation of Rules Enrico Pontelli and Tran Cao Son Chitta Baral

Composition and Interoperation of Rules Enrico Pontelli and Tran Cao Son Chitta Baral Department of Computer Science Computer Science and Engineering New Mexico State University Arizona State University Department of Computer Science

638 views • 19 slides
A Case for Flash Memory SSD in A Case for Flash Memory SSD in A Case for Flash Memory SSD in

A Case for Flash Memory SSD in A Case for Flash Memory SSD in A Case for Flash Memory SSD in

SIGMOD 08 08 SIGMOD SIGMOD08 A Case for Flash Memory SSD in A Case for Flash Memory SSD in A Case for Flash Memory SSD in Enterprise Database Applications Enterprise Database Applications Enterprise Database Applications

480 views • 27 slides
Technology for Multilingual Communications TermWeb 3.9 The most powerful terminology management

Technology for Multilingual Communications TermWeb 3.9 The most powerful terminology management

Technology for Multilingual Communications TermWeb 3.9 The most powerful terminology management system on the market Web-based Open Easy Visuals and architecture administration sounds TermWeb in brief Multilingual, Multimedia

403 views • 14 slides
More ASP.NET Page model, Session State, Data Binding Today ASP.NET review Page model

More ASP.NET Page model, Session State, Data Binding Today ASP.NET review Page model

More ASP.NET Page model, Session State, Data Binding Today ASP.NET review Page model Session State Data Binding and List-Bound controls Shopping Cart Demo Review: Example Web Form <%@ Page language="c#"

367 views • 10 slides
Implementation of Argumentation Stefan Woltran G. Charwat, W. Dvo r ak, S. Gaggl, J.

Implementation of Argumentation Stefan Woltran G. Charwat, W. Dvo r ak, S. Gaggl, J.

Implementation of Argumentation Stefan Woltran G. Charwat, W. Dvo r ak, S. Gaggl, J. Wallner Database and Artificial Intelligence Group Institute of Information Systems Vienna University of Technology ACAI13 - July 2, 2013 Stefan

740 views • 59 slides
IT350 Web & Internet Programming Fall 2016 Introductions

IT350 Web & Internet Programming Fall 2016 Introductions

IT350 Web & Internet Programming Fall 2016 Introductions http://www.usna.edu/Users/cs/Adina/teaching/it350/fall2016/index.html 2 Outline Class Survey / Role Call What is: - the web/internet? - web programming? - this class?

343 views • 9 slides
Designing Slides Business and Administrative Communication 1. Before you start 2. Designing

Designing Slides Business and Administrative Communication 1. Before you start 2. Designing

Anne-Pierre de Peyronnet Designing Slides Business and Administrative Communication 1. Before you start 2. Designing slides* 3. Comments generally made to students Anne-Pierre de Peyronnet presenting power-point slides 4. Exercises *

1.23k views • 92 slides
Table of Contents I Intro to the Logic-Based Approach to AI Language Choice Simple Knowledge

Table of Contents I Intro to the Logic-Based Approach to AI Language Choice Simple Knowledge

Table of Contents I Intro to the Logic-Based Approach to AI Language Choice Simple Knowledge Base Example History: A Part of the Big Picture Motivation for ASP Syntax and Semantics of ASP Syntax Informal Semantics Formal Semantics

1.35k views • 77 slides
Advanced MySQL Exploitation Muhaimin Dzulfakar Blackhat U.S.A 2009 Las Vegas 1 Who am I

Advanced MySQL Exploitation Muhaimin Dzulfakar Blackhat U.S.A 2009 Las Vegas 1 Who am I

Advanced MySQL Exploitation Muhaimin Dzulfakar Blackhat U.S.A 2009 Las Vegas 1 Who am I Muhaimin Dzulfakar Security Consultant Security-Assessment.com 2 SQL Injection An attack technique used to exploit web sites that

678 views • 20 slides
Revisiting Horn Approximations to Clausal Theories Henry Kautz University of Rochester

Revisiting Horn Approximations to Clausal Theories Henry Kautz University of Rochester

Revisiting Horn Approximations to Clausal Theories Henry Kautz University of Rochester Rochester, New York, USA Not Unique Unique Rest of talk about GLBs only GLBs are always small and can be found by searching through the space of

468 views • 23 slides
Performance Metrics for TIM Timeline A multi-agency dispatch center that combines an

Performance Metrics for TIM Timeline A multi-agency dispatch center that combines an

Performance Metrics for TIM Timeline A multi-agency dispatch center that combines an emergency response center with a Traffic Management Center. We dispatch and manage Incident Response as well as manage the traffic How we collect

489 views • 24 slides
-ASP for computing repairs with existential ontologies Jean-Franc ois Baget (1) Zied

-ASP for computing repairs with existential ontologies Jean-Franc ois Baget (1) Zied

-ASP for computing repairs with existential ontologies Jean-Franc ois Baget (1) Zied Bouraoui (2) Farid Nouioua (3) Odile Papini (3) Swan Rocher (4) Eric W urbel (3) (1) INRIA, France. (2) Cardiff University, UK. (3) Aix-Marseille

466 views • 34 slides
Fly Ash Slides for Investors As at 29 May 2018 A collection of previously communicated

Fly Ash Slides for Investors As at 29 May 2018 A collection of previously communicated

Fly Ash Slides for Investors As at 29 May 2018 A collection of previously communicated information Sources (available at www.boral.com): Script for Boral Property & Investor Trading Update Call 1 May 2018 Half Year Ended 31

592 views • 11 slides
Drawing on the Web CSS CSCI-UA 380 Transforms, Transitions, and Animation Drawing on the Web

Drawing on the Web CSS CSCI-UA 380 Transforms, Transitions, and Animation Drawing on the Web

Drawing on the Web CSS CSCI-UA 380 Transforms, Transitions, and Animation Drawing on the Web CSS CSCI-UA 380 Transforms, Transitions, and Animation With CSS3 transforms, we can move, CSS3 Transforms scale, turn, spin, and stretch elements

223 views • 10 slides
asprin : Answer Set Programming with Preferences Javier Romero University of Potsdam Javier

asprin : Answer Set Programming with Preferences Javier Romero University of Potsdam Javier

asprin : Answer Set Programming with Preferences Javier Romero University of Potsdam Javier Romero (KRR@UP) asprin : ASP with Preferences 1 / 55 Outline 1 Introduction 2 Declarative Problem Solving 3 An Example 4 Preliminaries 5 Language 6

1.47k views • 111 slides
STICK: Science & Technology Innovation Concept Knowledge-base Ping Wang Ben Shneiderman Yan

STICK: Science & Technology Innovation Concept Knowledge-base Ping Wang Ben Shneiderman Yan

AAAS+NSF SciSIP Workshop: Building a Community of Practice II Washington, DC, October 19, 2010 STICK: Science & Technology Innovation Concept Knowledge-base Ping Wang Ben Shneiderman Yan Qu Why Do We Develop STICK? Artificial or

256 views • 11 slides
Supposed to Use? KCDC 2018 TITANIUM SPONSORS Platinum Sponsors Gold Sponsors WiFi SSID:

Supposed to Use? KCDC 2018 TITANIUM SPONSORS Platinum Sponsors Gold Sponsors WiFi SSID:

Chad Green Which Microsoft Framework Am I Supposed to Use? KCDC 2018 TITANIUM SPONSORS Platinum Sponsors Gold Sponsors WiFi SSID: KCDC2018 Password: KCDCR0cks! Who is Chad Green Data & Solutions Architect at

833 views • 39 slides
Parallel Answer Set Programming Agostino Dovier 1 Andrea Formisano 2 Enrico Pontelli 3 1.

Parallel Answer Set Programming Agostino Dovier 1 Andrea Formisano 2 Enrico Pontelli 3 1.

Parallel Answer Set Programming Agostino Dovier 1 Andrea Formisano 2 Enrico Pontelli 3 1. Universit di Udine 2. Universit di Perugia 3. New Mexico State University PCR17 @ CADE17 Gothenburg, August 2017 Material from Handbook of

704 views • 45 slides
A Dual-MST Approach For Clock Network Synthesis 15 th Asian and South Pacific Design Automation

A Dual-MST Approach For Clock Network Synthesis 15 th Asian and South Pacific Design Automation

A Dual-MST Approach For Clock Network Synthesis 15 th Asian and South Pacific Design Automation Conference Jingwei Lu 1 , Wing-Kai Chow 1 , Chiu- Wing Sham 1 and Evangeline F. Y. Young 2 1.Dept. of EIE, HKPU 2.Dept. of CSE, CUHK Presentation

375 views • 23 slides
Web Security Part 2 CS642: Computer Security Professor

Web Security Part 2 CS642: Computer Security Professor

Web Security Part 2 CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu Liberal borrowing from

933 views • 37 slides
Inductive Learning of Answer Set Programs Mark Law, Alessandra Russo and Krysia Broda

Inductive Learning of Answer Set Programs Mark Law, Alessandra Russo and Krysia Broda

Inductive Learning of Answer Set Programs Mark Law, Alessandra Russo and Krysia Broda Inductive Logic Programming The task of Inductive Logic Programming (ILP) is to find a hypothesis H which explains a set of positive and negative

583 views • 12 slides
Non-morphological reduplication in Torau . Bill Palmer Pacific Languages Research Group

Non-morphological reduplication in Torau . Bill Palmer Pacific Languages Research Group

Non-morphological reduplication in Torau . Bill Palmer Pacific Languages Research Group University of Newcastle (Australia) bill.palmer@newcastle.edu.au 1 Support is gratefully acknowledged from AHRC Research Grant APN19365, BA Small Research

1.35k views • 72 slides
CROSS PLATFORM MOBILE APPS WITH PHONEGAP CHRISTOPHE COENRAETS ADOBE @CCOENRAETS

CROSS PLATFORM MOBILE APPS WITH PHONEGAP CHRISTOPHE COENRAETS ADOBE @CCOENRAETS

CROSS PLATFORM MOBILE APPS WITH PHONEGAP CHRISTOPHE COENRAETS ADOBE @CCOENRAETS HTTP://COENRAETS.ORG h t ps://github.com/ccoenraets N Platforms = N Apps Objective-C Java NDK J2ME C# C++ C++ C/C++ N = 1 ? Objective-C Java NDK J2ME

273 views • 25 slides
Disjunctive Logic Programming: Knowledge Representation Techniques, Systems, and Applications

Disjunctive Logic Programming: Knowledge Representation Techniques, Systems, and Applications

Disjunctive Logic Programming: Knowledge Representation Techniques, Systems, and Applications Nicola Leone Department of Mathematics University of Calabria leone@unical.it Topics Context and Motivation Datalog Theoretical

1.17k views • 106 slides

More recommend