Lecture 2: How Software Breaks (Web)
نویسنده
چکیده
This lecture discusses how software weaknesses on the Web manifest, the vulnerabilities that lead to these weaknesses being exploited, and how they can be mitigated. The topics examined include the concept of weird machines, how privilege escalation works on the web via injection attacks such as Cross-Site Scripting, and defensive principles and programming techniques that can be used to guard against these injection attacks. Cross Site Request Forgery is given as an example of another type of attack, that is, a web session attack. Finally, two attack proxy tools are introduced; Burp Suite and Zaproxy. These tools are useful in performing web security testing of applications.
منابع مشابه
Lecture 2: How Web software breaks
These notes are roughly based on a lecture of Software Security-course on March 19th 2014. Author: Sami Koskinen. The Web and its interactive applications have become a very important part of information technology. The modern Web applications have become very complex and feature-rich, and at the same time, they will become more interesting targets for attackers. At points where the apps intera...
متن کاملLecture 1 : How software breaks ( native )
In order to understand how to build secure software, one must rst understand the ways in which software can be broken. The main focus during the rst lecture is native code. We discuss software defects in native code which often lead to crashes, some of which potentially open up opportunities to gain unauthorized access to a computer system. As an example of such a defect, we discuss old school ...
متن کاملThe Comparison of Lecture-Based and Web-Based Education on Nursing Students’ Learning in the Management of Radiation Injuries
Background: Extensive application of radioactive materials to medical and military purposes justifies the necessity of training military nurse students regarding the management of radiation injury. The current study aimed at comparing the effect of two methods (lecture and web-based) of training on the management of radiation-injured patients among military nurse students from 2013 to 2014. Ma...
متن کاملUsing paper presentation breaks during didactic lectures improves learning of physiology in undergraduate students.
Many studies have emphasized the incorporation of active learning into classrooms to reinforce didactic lectures for physiology courses. This work aimed to determine if presenting classic papers during didactic lectures improves the learning of physiology among undergraduate students. Twenty-two students of health information technology were randomly divided into the following two groups: 1) di...
متن کاملObject : an Architecture for Archiving Lectures on the Web
A new software architectural model for the archival of slide-based presentations on the Internet is proposed. This architecture is based on the concept of the " lecture object, " a persistent format, independent of the lecture production and viewing technology. The work has been undertaken in the context of the Web Lecture Archive Project, a collaboration of the CERN HR Division Training and De...
متن کامل