Basics of Software and Security

477 views

Published on

This slide contains basic concepts of Software Development and basic concepts of System Security.

Published in: Software
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
477
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
24
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Basics of Software and Security

  1. 1. Software & Security PiTechnologies
  2. 2. www.pitechnologies.net PiTechnologies is an Egyptian company PiTechnologies is specialized in: Mobile Applications Development Web Applications Development Security Services Professional Training Services About PiTechnologies
  3. 3. www.pitechnologies.net Agenda Software Technical Point of View Basic Security Concepts Security is a must
  4. 4. www.pitechnologies.net Technical Point of View
  5. 5. www.pitechnologies.net Programming Concepts www.pitechnologies.net
  6. 6. www.pitechnologies.net Code Life Cycle Source Codes Compiler Object Files Linker Exe File Compiler Based Run www.pitechnologies.net
  7. 7. www.pitechnologies.net Code Life Cycle Source Codes Interpret er Interpreter Based Run www.pitechnologies.net
  8. 8. www.pitechnologies.net Source Code It is human readable code written on a normal text file www.pitechnologies.net
  9. 9. www.pitechnologies.net Compiler It is the program that transfers the human like code into a machine code Compiler targets certain machine (processor architecture) Input is source file, output is object file www.pitechnologies.net
  10. 10. www.pitechnologies.net Linker It is a program that gathers all the object files (compiler output) into a single exe file Gathering object files into a single exe file is called static linking, while linking object file with an external lib is called dynamic linking www.pitechnologies.net
  11. 11. www.pitechnologies.net EXE file It is the final product (runnable file) in the compiler based languages www.pitechnologies.net
  12. 12. www.pitechnologies.net Compiler Example GCC GNU C Compiler www.pitechnologies.net
  13. 13. www.pitechnologies.net Interpreter It is an application that runs the source code without compiling A programming language is either interpreter based or compiler based www.pitechnologies.net
  14. 14. www.pitechnologies.net Interpreter Example Python Perl Shell scripting PHP www.pitechnologies.net
  15. 15. www.pitechnologies.net Compiler VS Interpreter Which is better ? Wrong Question www.pitechnologies.net
  16. 16. www.pitechnologies.net Usage Compiler Interpreter Size Large Projects Small Projects Reuse High reusability Low reusability Output Application Script Functions Multi Function Single Function www.pitechnologies.net
  17. 17. www.pitechnologies.net Portability Concept www.pitechnologies.net
  18. 18. www.pitechnologies.net Why Java ? Portability www.pitechnologies.net
  19. 19. www.pitechnologies.net Portability It means that you can run the same executable file on different platforms Operating System + Processor Architecture www.pitechnologies.net
  20. 20. www.pitechnologies.net Illustration Platform 1Platform 2 Bin 2 Bin 1 www.pitechnologies.net
  21. 21. www.pitechnologies.net Illustration Platform 1Platform 2 Bin 2 Bin 1 Bin 0 JVM JVM Bin 0 JVM JVM www.pitechnologies.net
  22. 22. www.pitechnologies.net Benefits We will change only one app for each new platform, the JVM We don’t need to change all the apps for each new platform www.pitechnologies.net
  23. 23. www.pitechnologies.net Security is a Must
  24. 24. www.pitechnologies.net Laptops Phones Employees Secure the following …
  25. 25. www.pitechnologies.net Security Concepts
  26. 26. www.pitechnologies.net CIATriangle
  27. 27. www.pitechnologies.net Confidentiality Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information
  28. 28. www.pitechnologies.net Integrity Guarding against improper information modification or destruction, including ensuring information nonrepudiation and authenticity
  29. 29. www.pitechnologies.net Availability Ensuring timely and reliable access to and use of information
  30. 30. www.pitechnologies.net Common Attacks
  31. 31. www.pitechnologies.net Phishing Session HiJacking Password Reuse Sniffing 1 2 3 4
  32. 32. www.pitechnologies.net Phishing
  33. 33. www.pitechnologies.net Session HiJacking S E R V E R Client Username + Password + remember me Cookie Cookie
  34. 34. www.pitechnologies.net Session Hijacking S E R V E R Attacker Victim Machine Text + JavaScript XSS Text + JavaScript Text: Display JS: Run Cookie
  35. 35. www.pitechnologies.net Password Reuse Q? Do you reuse your password for many sites ?
  36. 36. www.pitechnologies.net Don’t Do this !
  37. 37. www.pitechnologies.net Sniffing Local Network Who ? Public/Cafe/Free Wifi Cookies UnencryptedTraffic
  38. 38. www.pitechnologies.net Security Facts
  39. 39. www.pitechnologies.net Do you know ..
  40. 40. www.pitechnologies.net 100 Billion $ Cost of Cyber Crimes / Year 100,000,000,000
  41. 41. www.pitechnologies.net 556 Million Victims / Year of Cyber Crimes ~ 18 Victim / Second 556,000,000
  42. 42. www.pitechnologies.net 216,000 FB Accounts hacked / Year ~ 600 Account / Day 216,000
  43. 43. www.pitechnologies.net 36 % of Cyber attacks target Companies’ networks and websites 36 %
  44. 44. www.pitechnologies.net Does not sound serious yet ..
  45. 45. www.pitechnologies.net Think of ..
  46. 46. www.pitechnologies.net Losing all business/personal data 1
  47. 47. www.pitechnologies.net A competitor getting an access to your computer 2
  48. 48. www.pitechnologies.net Employees getting access to confidential documents 3
  49. 49. www.pitechnologies.net A virus halts your office/home computers for a week 4
  50. 50. www.pitechnologies.net A customer see your website/blog/Facebook page down, or hacked 5
  51. 51. www.pitechnologies.net Some one is reading and sending messages from your inbox 6
  52. 52. www.pitechnologies.net It is not an easy job for an attacker to do the previous issues, howeverDon’t worrymuch .. YOU Help him doing this
  53. 53. www.pitechnologies.net Do you want to know how you are helping the attacker ?
  54. 54. www.pitechnologies.net Finally
  55. 55. www.pitechnologies.net Learn .. Think .. Code ..
  56. 56. www.pitechnologies.net Change Passwords .. Dont trust Public Networks .. Stay Secure ..
  57. 57. www.pitechnologies.net Easy to Remember Hard to Guess • word site number • ahmedfb21@! • aHMeDFB21@! • zHMdDRG21@! ! • Pass for gmail: using gm can be: zHMdDTJ21@! ahmedfb2121 use shift with second 21 use shift with non vowel letters use the key below the vowel letter in the keyboard use the key above the letter in the keyboard for the site letters f,b
  58. 58. www.pitechnologies.net Thanks  for  listening  :) ayossef@pitechnologies.net skype: ahmedyossef.21 facebook.com/PiTechnologies.page

×