The document discusses various types of software vulnerabilities including:
1. Vulnerabilities can result from weak passwords, software bugs, viruses, or insecure user input.
2. Common causes of vulnerabilities are password management flaws, operating system design flaws, software bugs, and unchecked user input.
3. There is debate around how vulnerabilities should be disclosed, with options including full disclosure, responsible disclosure, and limited disclosure.
Vulnerability assessment & Penetration testing Basics Mohammed Adam
In these days of widespread Internet usage, security is of prime importance. The almost universal use of mobile and Web applications makes systems vulnerable to cyber attacks. Vulnerability assessment can help identify the loopholes in a system while penetration testing is a proof-of-concept approach to actually explore and exploit a vulnerability.
The Security Vulnerability Assessment Process & Best PracticesKellep Charles
Conducting regular security assessments on the organizational network and computer systems has become a vital part of protecting information-computing assets. Security assessments are a proactive and offensive posture towards information security as compared to the traditional reactive and defensive stance normally implemented with the use of Access Control-Lists (ACLs) and firewalls.
Too effectively conduct a security assessment so it is beneficial to an organization, a proven methodology must be followed so the assessors and assesses are on the same page.
This presentation will evaluate the benefits of credential scanning, scanning in a virtual environment, distributed scanning as well as vulnerability management.
Penetration testing reporting and methodologyRashad Aliyev
This paper covering information about Penetration testing methodology, standards reporting formats and comparing reports. Explained problem of Cyber Security experts when they making penetration tests. How they doing current presentations.
We will focus our work in penetration testing methodology reporting form and detailed information how to compare result and related work information.
Vulnerability assessment & Penetration testing Basics Mohammed Adam
In these days of widespread Internet usage, security is of prime importance. The almost universal use of mobile and Web applications makes systems vulnerable to cyber attacks. Vulnerability assessment can help identify the loopholes in a system while penetration testing is a proof-of-concept approach to actually explore and exploit a vulnerability.
The Security Vulnerability Assessment Process & Best PracticesKellep Charles
Conducting regular security assessments on the organizational network and computer systems has become a vital part of protecting information-computing assets. Security assessments are a proactive and offensive posture towards information security as compared to the traditional reactive and defensive stance normally implemented with the use of Access Control-Lists (ACLs) and firewalls.
Too effectively conduct a security assessment so it is beneficial to an organization, a proven methodology must be followed so the assessors and assesses are on the same page.
This presentation will evaluate the benefits of credential scanning, scanning in a virtual environment, distributed scanning as well as vulnerability management.
Penetration testing reporting and methodologyRashad Aliyev
This paper covering information about Penetration testing methodology, standards reporting formats and comparing reports. Explained problem of Cyber Security experts when they making penetration tests. How they doing current presentations.
We will focus our work in penetration testing methodology reporting form and detailed information how to compare result and related work information.
Mobile application security and threat modelingShantanu Mitra
From Telegraph to 5G, there is huge evolution and transformation in the network accessibility, application design, security threats and risk assessment - the change is getting reflected everywhere. The presentation describes here how good we can follow the best practices in our developments, how best we can we gain the trust of our clients.
This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world.
Additional resources can be found in the blog below:
https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers
More security blogs by the authors can be found @
https://www.netspi.com/blog/
Ethical Hacking Conference 2015- Building Secure Products -a perspectiveDr. Anish Cheriyan (PhD)
This talk was given in Unicom Ethical Hacking Conference 2015. This talk focuses on the importance of building security inside the product development life cycle. The presentation talks about architectural flaws and implementation bugs, principles of design, software development life cycle and activities to be done from security perspective.
Slide Deck Class Session 11 – FRSecure CISSP Mentor ProgramFRSecure
FRSecure has a goal of changing a broken industry. There are many ways to accomplish this endeavor such as setting high assessment standards, using proprietary reporting methods that are easy to understand to hiring expert talent just to name a few. However, one unique approach FRSecure uses to bring about change is our CISSP Mentor Program. By design the program is provided at no cost to anyone with an interest in the information security industry.
Develop, Test & Maintain Secure Systems (While Being PCI Compliant)Security Innovation
To ensure critical data can only be accessed by authorized personnel, it is paramount to integrate security best practices during development. It’s equally important to protect deployed systems, especially in CI/CD (continuous integration and deployment) and DevOps environments.
Attend this webcast to learn techniques to define, design, develop, test, and maintain secure systems. Particular focus will be paid to software-dependent systems.
Topics include:
• Identifying and risk-rating common vulnerabilities
• Applying practices such as least privilege, input/output sanitation, and system hardening
• Implementing test techniques for system components, COTS, and custom software
Deception Technology: Use Cases & Implementation ApproachesPriyanka Aash
Deception over the years
• Millions of years in Natural World for survival/aggression
• Millions of years in bacteria and virus to thrive
• 1000s of years in Warfare/Military to attack or defend
The Bot Baseline - Fraud in Digital Advertisingyann le gigan
>>The Bot Baseline: Fraud in Digital Advertising
[ana.net 09.12.14]
Advertisers will lose $6.3 billion globally to bots in 2015.
http://www.ana.net/content/show/id/botfraud
Mobile application security and threat modelingShantanu Mitra
From Telegraph to 5G, there is huge evolution and transformation in the network accessibility, application design, security threats and risk assessment - the change is getting reflected everywhere. The presentation describes here how good we can follow the best practices in our developments, how best we can we gain the trust of our clients.
This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world.
Additional resources can be found in the blog below:
https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers
More security blogs by the authors can be found @
https://www.netspi.com/blog/
Ethical Hacking Conference 2015- Building Secure Products -a perspectiveDr. Anish Cheriyan (PhD)
This talk was given in Unicom Ethical Hacking Conference 2015. This talk focuses on the importance of building security inside the product development life cycle. The presentation talks about architectural flaws and implementation bugs, principles of design, software development life cycle and activities to be done from security perspective.
Slide Deck Class Session 11 – FRSecure CISSP Mentor ProgramFRSecure
FRSecure has a goal of changing a broken industry. There are many ways to accomplish this endeavor such as setting high assessment standards, using proprietary reporting methods that are easy to understand to hiring expert talent just to name a few. However, one unique approach FRSecure uses to bring about change is our CISSP Mentor Program. By design the program is provided at no cost to anyone with an interest in the information security industry.
Develop, Test & Maintain Secure Systems (While Being PCI Compliant)Security Innovation
To ensure critical data can only be accessed by authorized personnel, it is paramount to integrate security best practices during development. It’s equally important to protect deployed systems, especially in CI/CD (continuous integration and deployment) and DevOps environments.
Attend this webcast to learn techniques to define, design, develop, test, and maintain secure systems. Particular focus will be paid to software-dependent systems.
Topics include:
• Identifying and risk-rating common vulnerabilities
• Applying practices such as least privilege, input/output sanitation, and system hardening
• Implementing test techniques for system components, COTS, and custom software
Deception Technology: Use Cases & Implementation ApproachesPriyanka Aash
Deception over the years
• Millions of years in Natural World for survival/aggression
• Millions of years in bacteria and virus to thrive
• 1000s of years in Warfare/Military to attack or defend
The Bot Baseline - Fraud in Digital Advertisingyann le gigan
>>The Bot Baseline: Fraud in Digital Advertising
[ana.net 09.12.14]
Advertisers will lose $6.3 billion globally to bots in 2015.
http://www.ana.net/content/show/id/botfraud
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Rafal Los
Security intelligence is only worthwhile if a relevant piece of information is obtained and analyzed in a timely manner and able to aide a rapid decision-making process to mitigate an imminent threat – this capability is part of the new school security approach of Detect, Respond, Resolve with greater efficiency and speed which mid-market enterprises should be benefiting from.
Applying Anti-Reversing Techniques to Machine CodeTeodoro Cipresso
CS266 Software Reverse Engineering (SRE)Applying Anti-Reversing Techniques to Machine Code
Teodoro (Ted) Cipresso, teodoro.cipresso@sjsu.edu
Department of Computer Science
San José State University
Spring 2015
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
chap-1 : Vulnerabilities in Information SystemsKashfUlHuda1
Introduction to Cyber Security. Chapter #1. Vulnerabilities in Information Systems. What is a vulnerability?
Cyberspace: From terra incognita to terra nullius.
Cyberspace performance expectations. Measuring vulnerabilities. CVSS XCCDF OVAL
Avoiding vulnerabilities through secure coding
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackTechSecIT
Cyber Security - What is a SQL Injection, Buffer Overflow & Wireless Network Attack. Types of SQL Injection, Buffer Overflow and Wireless Network Attack
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...IBM Security
View the on-demand recording: http://securityintelligence.com/events/avoiding-application-attacks/
Your organization is running fast to build your business. You are developing new applications faster than ever and utilizing new cloud-based development platforms. Your customers and employees expect applications that are powerful, highly usable, and secure. Yet this need for speed coupled with new development techniques is increasing the likelihood of security issues.
How can you meet the needs of speed to market with security? Hear Paul Ionescu, IBM Security, Ethical Hacking Team Lead discuss:
- How application attacks work
- Open Web Application Security Project (OWASP) goals
- How to build defenses into your applications
- The 10 most common web application attacks, including demos of the infamous Shellshock and Heartbleed vulnerabilities
- How to test for and prevent these types of threats
Application Security Testing for Software Engineers: An approach to build sof...Michael Hidalgo
This talk was presented at the 7th WCSQ World Congress for Software Quality in Lima, Perú on Wednesday, 22nd March 2017.
Writing secure code certainly is not an easy endeavor. In the book titled “Writing Secure Code: Practical Strategies and Proven Techniques for Building Secure Applications in a Networked World (Developer Best Practices)” authors Howard and LeBlanc talk about the so called attacker’s advantage and the defenders dilemma and they put into perspective the fact that developers (identified as defenders) must build better quality software because attackers have the advantage.
In this dilemma, software applications must be on a state of defense because attackers are out there taking advantage of any minor mistake, whereas the defender must be always vigilant, adding new features to the code, fixing issues, adding new engineers to the team. All this conditions are important when it comes to software security.
Sadly, strong understanding of software security principles is not always a characteristic of most software engineers but we can’t blame them. Writing code is a complex task per se, the abstraction level required, along with choosing and/or writing the accurate algorithm and dealing with tight schedules seems to be always a common denominator and the outcome when talking to developers.
This talk also includes techniques, tools and guidance that software engineers can use to perform Application Security testing during the development stage, enabling them to catch vulnerabilities at the time they are created.
Talk on threats to database security. The title is, of course, deadly serious. Wile E. Coyote & other experts on correctness & security are enlisted to help make key points.
Expand Your Control of Access to IBM i Systems and DataPrecisely
Controlling all the ways your company’s data is being accessed, especially given the proliferation of open source software and other non-traditional data-access methods, is critical to ensuring security and regulatory compliance. This webinar reviews the different ways your data can be accessed, discusses how exit points work and how they can be managed, and why a global data access control strategy is especially important to efficiently protect sensitive data against unwanted access.
Topics include:
• IBM i access methods and risks
• Using exit programs to block traditional and modern access methods
• Real life examples and perspectives
Conducting a NIST Cybersecurity Framework (CSF) AssessmentNicholas Davis
In today's ever-evolving cybersecurity landscape, organizations face an increasing number of threats. Conducting a NIST Cybersecurity Framework (CSF) assessment can be a valuable tool to identify, manage, and mitigate these risks. Let's explore how it can benefit your organization.
A NIST CSF assessment is not just about compliance; it's about proactively managing your cybersecurity posture. By identifying and addressing your vulnerabilities, you can reduce the likelihood and impact of cyberattacks. Additionally, the framework can help you communicate your security efforts effectively to internal and external stakeholders.
UW-Madison, Information Systems 371 - Decision Support SystemsNicholas Davis
Today, is Information Systems 371, I am lecturing about Decision Support Systems. In addition to covering the basics at a conceptual level, I am trying to get the students to think about the impact of IoT, 5G, and Artificial Intelligence, in terms of how Decision Support Systems are changing and what the new demands placed upon them will be.
During the Spring semester, I teach a 3 credit survey course in software development, at UW-Madison (IS 371), which is the first in the series of courses in the Information Systems major track. As part of this course, I devote an entire lecture to discussing different types of software development (Agile, Waterfall, Extreme, Spiral, etc.) I hope it helps the students better understand the different types of software development styles, as well as the benefits and drawbacks of each. In my opinion, they need to learn early on that there is more than one way to go about a software development challenge, and they need to figure out which style works best for them.
Information systems 365 - Cloud and BYOD SecurityNicholas Davis
Today, in class, I will be covering the topics of Cloud and BYOD Information Security. The intent of the lecture is to introduce students to the general issues surrounding information security in these two areas.
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
This is the security awareness presentation which I will be giving to Quartz Health Solutions, on October 24, 2018. If focuses in on three areas: information security best practices for work, at home, and also contains some tips for kids. Topics include: PHI, ePHI, HIPAA, Identity Theft, Social Engineering, phishing, password management, malware, insider threats, social networks, and mobile devices.
A presentation about cyberwar basics, the past, present and future directions of cyberwar and some needed changes in technology and long standing societal attitudes, to combat this escalating threat
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...Nicholas Davis
Last day of lecture, a summary presentation of everything the students learned this semester, in the information security class I teach at the University of Wisconsin-Madison
Bringing the Entire Information Security Semester Together With a Team ProjectNicholas Davis
Absorbing information does no good, unless you are able to apply what you have learned. Each semester, I give my information security students a team project, in which they must use all the knowledge acquired during the semester, in combination with their ability to do Internet research, to deliver an overall information security assessment of a company of their choosing. To make it a challenge, I make them grade all the other teams in the class, but only give them enough points to distribute so that the average is 90. In grading their peers, they must make decisions about which presentations are excellent, and which are not.
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...Nicholas Davis
Horrible things happen on the Deep Web. It is important for information security professionals to know about this topic, so that we can help to stop the problem. Silence is acquiescence----If you see something horribly wrong, you have got to speak up and be part of the solution to stop it. Contact the FBI or local law enforcement.
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...Nicholas Davis
The final assignment in the Information Security 365/765 course I teach at UW-Madison, is for teams of students to put together company focused IT security presentations, in which they take the concepts learned in class throughout the entire semester, and apply them to a real company. Here is a sample from Team Netflix! I am proud of the students, and feel that they have gained a solid foundation in the field of information security. Another semester come and gone!
Information Security Fall Semester 2016 - Course Wrap Up SummaryNicholas Davis
This presentation is a summary, for the students of the IS 365/765 course I teach, at the University of Wisconsin-Madison, providing a 104 slide reminder of the most important topics in Information Security, which we covered throughout the semester. Today is the last day of course material. We have 4 days of student team presentations, to follow.
A general education presentation, created to teach employees of an organization about Phishing, what it is, how to recognize it, avoid becoming a phishing victim, how to recognize common social engineering techniques, and what to do if you think you have been phished.
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...Nicholas Davis
Today's topic in the Information Security 365/765 class, which I teach at the University of Wisconsin-Madison.
Computer crimes and computer laws, Motives and profiles of attackers, Various types of evidence, Laws and acts to fight computer crime, Computer crime investigation process, Incident handling procedures, Ethics and best practices
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
2. Vulnerability
• Applied to a weakness in a
system which allows an
attacker to violate the
integrity of that system.
Vulnerabilities may result from
weak passwords, software
bugs, a computer virus or
other malware, a script code
injection, or a SQL injection.
3. Vulnerability vs. Exploit
• A security risk is classified as a
vulnerability if it is recognized as a
possible means of attack.
• A security risk with one or more
known instances of working and
fully-implemented attacks is
classified as an exploit.
4. Causes
• There are multiple causes of
vulnerabilities
• Password Management
Flaws
• Fundamental Operating
System Design Flaws
• Software Bugs
• Unchecked User Input
5. Password Management
Flaws
• The computer user uses weak
passwords that could be
discovered by brute force.
• The computer user stores the
password on the computer
where a program can access
it.
• Users re-use passwords
between many programs and
websites.
6.
7. Operating System Design Flaws
• The operating system designer chooses
to enforce sub optimal policies on
user/program management. F
• or example operating systems with
policies such as default permit grant
every program and every user full
access to the entire computer.
• This operating system flaw allows
viruses and malware to execute
commands on behalf of the
administrator
8. Software Bugs
• The programmer
leaves an exploitable
bug in a software
program.
• The software bug may
allow an attacker to
misuse an application
through (for example)
bypassing access
control checks or
executing commands
on the system hosting
the application.
9. Software Bugs
• Also the programmer's
failure to check the
size of data buffers,
which can then be
overflowed, causing
corruption of the stack
or heap areas of
memory (including
causing the computer
to execute code
provided by the
attacker).
10. Unchecked User Input
• The program
assumes that all
user input is safe.
Programs that do
not check user
input can allow
unintended direct
execution of
commands or SQL
statements
(known as Buffer
overflows, SQL
injection or other
non-validated
inputs).
11. Vulnerability Disclosure
• The method of disclosing
vulnerabilities is a topic of debate
in the computer security
community.
• Some advocate immediate full
disclosure of information about
vulnerabilities once they are
discovered.
• Others argue for limiting disclosure
to the users placed at greatest
risk, and only releasing full details
after a delay, if ever.
• What do you think?
12. Vulnerability Disclosure
• Benefit to limited disclosure:
• Such delays may allow those
notified to fix the problem by
developing and applying
patches,
• Drawback to limited disclosure
• May increase the risk to those
not privy to full details.
13. Full Disclosure
• Disclose all the details of a security
problem which are known. It is a
philosophy of security
management completely opposed
to the idea of security through
obscurity
14. Full Disclosure
• The theory behind full disclosure is
that releasing vulnerability
information immediately results in
quicker fixes and better security.
• Fixes are produced faster because
vendors and authors are forced to
respond in order to save face.
• Security is improved because the
window of exposure, the amount
of time the vulnerability is open to
attack, is reduced.
15. Responsible Disclosure
• Some believe that in the
absence of any public exploits
for the problem, full and
public disclosure should be
preceded by disclosure of the
vulnerability to the vendors or
authors of the system. This
private advance disclosure
allows the vendor time to
produce a fix or workaround.
16. Limited Disclosure
• With full details going to a
restricted community of
developers and vendors, and
only the existence of the
problem being released to the
public, is another possible
approach
• Nick doesn’t like Limited
Disclosure
17. A.C. Hobbs - Locksmith
• A commercial, and in some respects a
social doubt has been started within the
last year or two, whether it is right to
discuss so openly the security or
insecurity of locks. Many well-meaning
persons suppose that the discussion
respecting the means for baffling the
supposed safety of locks offers a
premium for dishonesty, by showing
others how to be dishonest. This is a
fallacy. Rogues are very keen in their
profession, and know already much
more than we can teach them respecting
their several kinds of roguery.
18. Security Through Obscurity
• Attempts to use secrecy (of
design, implementation, etc.) to
provide security.
• A system relying on security
through obscurity may have
theoretical or actual security
vulnerabilities, but its owners or
designers believe that the flaws
are not known, and that attackers
are unlikely to find them.
19.
20. Vulnerability Disclosure Date
• When can it be said that a
vulnerability has been disclosed?
• 1. The information is freely
available to the public
• 2. The vulnerability information is
published by a trusted and
independent channel/source
• 3. The vulnerability has
undergone analysis by experts
such that risk rating information is
included upon disclosure
21. Examples of Vulnerabilities
• Buffer overflows
• Dangling pointers
• Input validation errors, such as:
• Format string bugs
• Improperly handling shell metacharacters so they are
interpreted
• SQL injection
• Code injection
• E-mail injection
• Directory traversal
• Cross-site scripting in web applications
• Race conditions, such as:
• Time-of-check-to-time-of-use bugs
• Symlink races
• Privilege-confusion bugs, such as:
• Cross-site request forgery in web applications
• Privilege escalation
• User interface failures, such as:
• Warning fatigue or user conditioning
• Blaming the Victim Prompting a user to make a security
decision without giving the user enough information to
answer it.
• Race Conditions
22. Buffer Overflow
• A condition where
a process
attempts to store
data beyond the
boundaries of a
fixed-length
buffer.
• The result is that
the extra data
overwrites
adjacent memory
locations.
23. Buffer Overflow
• The overwritten data may include
other buffers, variables and
program flow data, and may result
in erratic program behavior, a
memory access exception,
program termination (a crash),
incorrect results or ― especially if
deliberately caused by a malicious
user ― a possible breach of
system security.
24. Basic example
• In the following example, a
program has defined two data
items which are adjacent in
memory: an 8-byte-long string
buffer, A, and a two-byte integer,
B. Initially, A contains nothing but
zero bytes, and B contains the
number 3. Characters are one byte
wide.
A B
0 0 0 0 0 0 0 0 0 3
25. Buffer Overflow Example
• Now, the program attempts to
store the character string
"excessive" in the A buffer,
followed by a zero byte to
mark the end of the string. By
not checking the length of the
string, it overwrites the value
of B:
A B
'e' 'x' 'c' 'e' 's' 's' 'i' 'v' 'e' 0
26. SQL Injection
• User input is either incorrectly
filtered for string literal escape
characters embedded in SQL
statements or user input is not
strongly typed and thereby
unexpectedly executed. It is in fact
an instance of a more general
class of vulnerabilities that can
occur whenever one programming
or scripting language is embedded
inside another.
28. Email Injection
• A security vulnerability that
can occur in Internet
applications that are used to
send e-mail messages. Like
SQL injection attacks, this
vulnerability is one of a
general class of vulnerabilities
that occur when one
programming language is
embedded within another.
29.
30. Directory Traversal
• The goal of this attack is to order an
application to access a computer file
that is not intended to be accessible.
This attack exploits a lack of security
(the software is acting exactly as it is
supposed to) as opposed to exploiting
a bug in the code.
• Directory traversal is also known as
the ../ (dot dot slash) attack, directory
climbing, and backtracking.
31. Cross-Site Scripting
• (XSS) is a type of computer security
vulnerability typically found in web
applications which allow code injection
by malicious web users into the web
pages viewed by other users. Examples
of such code include HTML code and
client-side scripts. An exploited cross-
site scripting vulnerability can be used
by attackers to bypass access controls
such as the same origin policy.
32.
33. Time-of-check-to-time-of-use
• TOCTTOU − pronounced "TOCK
too") is a software bug caused by
changes in a system between the
checking of a condition (such as a
security credential) and the use of
the results of that check. It is a
kind of race condition.
34. Confused Deputy
• A confused deputy is a computer
program that is innocently fooled
by some other party into misusing
its authority. It is a specific type of
privilege escalation. In information
security, the confused deputy
problem is often cited as an
example of why capability-based
security is important.
• Billing example
35. Blaming The Victim
• Prompting a
user to make a
security
decision
without giving
the user
enough
information to
answer it.
36. Physical Security
• Physical security
describes measures
that prevent or
deter attackers
from accessing a
facility, resource, or
information stored
on physical media.
It can be as simple
as a locked door or
as elaborate as
multiple layers of
armed guardposts.
37. 3 Elements to Physical Security
• Obstacles, to frustrate trivial
attackers and delay serious ones;
• Alarms, security lighting, security
guard patrols or closed-circuit
television cameras, to make it
likely that attacks will be noticed;
and
• Security response, to repel, catch
or frustrate attackers when an
attack is detected.
38. 4 Layers to Physical Security
• Environmental design
• Mechanical and electronic
access control
• Intrusion detection
• Video monitoring
39. What Are Physical Security
Goals?
• The goal is to convince
potential attackers that the
likely costs of attack exceed
the value of making the
attack.
• If you are unable to convince
them, then the second goal
comes into play—to keep
them from entering
40. Layer One - Physical
• The initial layer of security for a
campus, building, office, or
physical space uses Crime
Prevention Through Environmental
Design to deter threats. Some of
the most common examples are
also the most basic - barbed wire,
warning signs and fencing,
concrete bollards, metal barriers,
vehicle height-restrictors, site
lighting and trenches.
41. Layer Two - Mechanical
• Includes gates, doors, and locks.
• Key control of the locks becomes a
problem with large user populations and
any user turnover.
• Keys quickly become unmanageable
forcing the adoption of electronic access
control.
• Electronic access control easily manages
large user populations, controlling for
user lifecycles times, dates, and
individual access points.
• For example a user's access rights could
allow access from 0700 to 1900 Monday
through Friday and expires in 90 days.
42. Layer Three – Intrusion
Detection
• Monitors for attacks. It is
less a preventative
measure and more of a
response measure,
although some would
argue that it is a
deterrent. Intrusion
detection has a high
incidence of false
alarms. In many
jurisdictions, law
enforcement will not
respond to alarms from
intrusion detection
systems.
43. Layer Four - Monitoring
• Typically video monitoring systems.
Like intrusion detection, these are not
much of a deterrent.
• Video monitoring systems are more
useful for incident verification and
historical analysis.
• For instance, if alarms are being
generated and there is a camera in
place, the camera could be viewed to
verify the alarms.
• In instances when an attack has
already occurred and a camera is in
place at the point of attack, the
recorded video can be reviewed.
• Monitoring is ALWAYS active
44. Intertwined in These Four
Layers are People
• Guards have a role in all layers.
• In the first as patrols and at
checkpoints.
• In the second to administer
electronic access control.
• In the third to respond to alarms.
The response force must be able
to arrive on site in less time than
it is expected that the attacker
will require to breach the
barriers.
• In the fourth to monitor and
analyze video.
45. Users Are Helpful Too
• Users obviously have a role also by
questioning and reporting suspicious
people.
• Aiding in identifying people as known
versus unknown are identification
systems.
• Often photo ID badges are used and are
frequently coupled to the electronic
access control system.
• Visitors are often required to wear a
visitor badge.
46. Examples of Physical Security
• ATMs (cash dispensers) are
protected, not by making them
invulnerable, but by spoiling the
money inside when they are
attacked. Thieves quickly learned
that it was futile to steal or break
into an ATM if all they got was
worthless money covered in dye.
47. Examples Continued
• Safes are rated in terms
of the time in minutes
which a skilled, well
equipped safe-breaker is
expected to require to
open the safe. These
ratings are developed by
highly skilled safe
breakers employed by
insurance agencies, such
as Underwriters
Laboratories. In a
properly designed
system, either the time
between inspections by
a patrolling guard should
be less than that time,
or an alarm response
force should be able to
reach it in less than that
time.
48. How Is Physical Security Like
Software Security?
• Hiding the resources, or hiding the
fact that resources are valuable, is
also often a good idea as it will
reduce the exposure to opponents
and will cause further delays
during an attack, but should not be
relied upon as a principal means of
ensuring security
• Security through obscurity can
be used in the cases of
software security and physical
security!
• Video!