Bcs april 2013

•

1 gostou•723 visualizações

BCSLeicester

Tecnologia Negócios

(Web) Security
All in the mind(?)
BCS Talk
April 2013

23/04/13 BCS - April 20132
Who, me?
• Clinton Ingrams
• CSC
– Cyber Security Centre, DMU
– Teaching CS since 1986
– Love PHP

23/04/13 BCS - April 20133
• The problems
• What, if anything, can be done?

23/04/13 BCS - April 20134
Famous Hacks
• LinkedIn
• eHarmony

23/04/13 BCS - April 20135
Problem 1 – the Wetware
• Gullible people
– Don't understand/care about security
• Social Engineering
http://www.madsecurity.com/portfolio/social-engineering/

23/04/13 BCS - April 20136
Problems 2 – crappy Web Apps
• Web application issues
– OWASP top 10
• Errors in business logic
– Ebay
– TV news service
– bitcoins

23/04/13 BCS - April 20137
• Web sites are easy to build
• Web applications are also easy
– PHP – very easy to learn
• (could make it harder)

23/04/13 BCS - April 20138
• WAMP or XAMPP make the AMP stack to
install & configure
• Wordpress, Drupal & Joomla make it
easy...
– but reliant on the developers

23/04/13 BCS - April 20139
Common hacks
• SQLi, XSS, Command Line Injection
– SEO attacks
• Clickjacking, CSRFing, Cross-site History
Manipulation
• Hacks are “easy” with automated toolkits
– Backtrack & Samurai
– Metasploit
– SQLMap

23/04/13 BCS - April 201310
Problem 3 – Smart ...
• Buildings
• Towns & Cities

23/04/13 BCS - April 201311
Problem 3 – Smart ...
• Medical
–Pacemakers
–Diagnosic equipment
–Data set manipulation

23/04/13 BCS - April 201312
Problem 3 – Smart ...
• Utilities
–SCADA problems
• Supervisory Control and Data
Acquisition
• Industrial Control Systems
–Stuxnet

23/04/13 BCS - April 201313
Problem 3 – Smart ...
• Transport
–Traffic Control systems
–Hugo Teso
• Hacked aircraft systems with an
Andoid app

23/04/13 BCS - April 201315
• Government
• Organisations
– Voluntary
– Business
– News
• Education

23/04/13 BCS - April 201316
Government
• Cyber Security Fusion Cell
• The “Dad's Army” of cyber security
specialists

23/04/13 BCS - April 201317
Vulnerability Assessments
• 4 layers
– Scans
– Automated toolkits
– Penetration tests
– Physical probing
• See Tiger Team videos

23/04/13 BCS - April 201318
Education
(education, education)
• Teaching:
– MSc/BSc in Computer Security & Forensic
Computing
• Training
– Collaborate with commercial trainers
• Research

23/04/13 BCS - April 201319
Teaching Web App
development
• Architecture
• OOP
• Frameworks & CMS

23/04/13 BCS - April 201320
Teaching - security
• Web App Architecture
• Monitoring
– Iptables
– Snort
• Penetration testing
– Toolkits
– Deliberately vulnerable web apps
• DVWA
• Mutillidae
• WebGoat

23/04/13 BCS - April 201321
Research
• Vehicle Forensics
– Cyber MOT
• Collaborations with legal experts, cyber
psychologists, historians & linguists
• Read more at:
http://www.dmu.ac.uk/research/research-
faculties-and-institutes/technology/cyber-
security-centre/research.aspx

23/04/13 BCS - April 201322
TSI
• Trustworthy Software Initiative
“A public-private partnership for enhancing
the overall software and systems culture,
with the objective that all software should
become designed, implemented and
maintained in a trustworthy manner.”

23/04/13 BCS - April 201323
Risks
• Trust disappears as the web becomes a
more dangerous place for business,
education and entertainment

23/04/13 BCS - April 201324
Reading
• http://www.theiet.org/
• http://www.theregister.co.uk/
• https://www.owasp.org/
• http://www.webappsec.org/
• http://samurai.inguardians.com/
• http://plaintextoffenders.com/
• http://www.trutv.com/video/tiger-
team/tiger-team-101-1-of-4.html

Mais conteúdo relacionado

Semelhante a Bcs april 2013

LTB Demo - Healthcare Evaluation

Kubify - Learning Toolbox for ePosters

8 nsta tech talk

Ben Smith

Trustworthy Infrastructure for Personal Data Management

Ioannis Krontiris

Towards online math exams

Mart Laanpere

Ejrcicio Presentación mapas conceptuales L Liberal

liberall

Digital inslusion summit 2016

kcharvoz

Technology in Teaching, Research & Admin’: Some Quick Wins & Data Protection

Simon Bignell

Advanc ed illinois online network 2013

Scott Johnson

Iot security amar prusty

amarprusty

Integration data models, Learning Layers project meeting in Bremen

Vladimir Tomberg

Emerging Trends in Cybersecurity by Amar Prusty

Cysinfo Cyber Security Community

Career Guidance on Cybersecurity by Mohammed Adam

Mohammed Adam

Package Tracking Systems Are Not Just for Packages Anymore

SCLogic

SURFconext / OpenConext - De Cloudservice Integrator voor Hoger Onderwijs en ...

SURFconext

Security in Cyber-Physical Systems

Bob Marcus

Bkbiet intro

mihirio

ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with training

APNIC

Privacy. Winter School on “Topics in Digital Trust”. IIT Bombay

IIIT Hyderabad

AMARC Summary Description

Daniel Mintz

Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...

Cloud Security Alliance Lviv Chapter

Semelhante a Bcs april 2013 (20)

LTB Demo - Healthcare Evaluation

8 nsta tech talk

Trustworthy Infrastructure for Personal Data Management

Towards online math exams

Ejrcicio Presentación mapas conceptuales L Liberal

Digital inslusion summit 2016

Technology in Teaching, Research & Admin’: Some Quick Wins & Data Protection

Advanc ed illinois online network 2013

Iot security amar prusty

Integration data models, Learning Layers project meeting in Bremen

Emerging Trends in Cybersecurity by Amar Prusty

Career Guidance on Cybersecurity by Mohammed Adam

Package Tracking Systems Are Not Just for Packages Anymore

SURFconext / OpenConext - De Cloudservice Integrator voor Hoger Onderwijs en ...

Security in Cyber-Physical Systems

Bkbiet intro

ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with training

Privacy. Winter School on “Topics in Digital Trust”. IIT Bombay

AMARC Summary Description

Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...

Último

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

[2024]Digital Global Overview Report 2024 Meltwater.pdf

hans926745

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

GenCyber Cyber Security Day Presentation

Michael W. Hawkins

Scaling API-first – The story of a global engineering organization

Radu Cotescu

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Real Time Object Detection Using Open CV

Khem

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Bcs april 2013

1. (Web) Security All in the mind(?) BCS Talk April 2013

2. 23/04/13 BCS - April 20132 Who, me? • Clinton Ingrams • CSC – Cyber Security Centre, DMU – Teaching CS since 1986 – Love PHP

3. 23/04/13 BCS - April 20133 • The problems • What, if anything, can be done?

4. 23/04/13 BCS - April 20134 Famous Hacks • LinkedIn • eHarmony

5. 23/04/13 BCS - April 20135 Problem 1 – the Wetware • Gullible people – Don't understand/care about security • Social Engineering http://www.madsecurity.com/portfolio/social-engineering/

6. 23/04/13 BCS - April 20136 Problems 2 – crappy Web Apps • Web application issues – OWASP top 10 • Errors in business logic – Ebay – TV news service – bitcoins

7. 23/04/13 BCS - April 20137 • Web sites are easy to build • Web applications are also easy – PHP – very easy to learn • (could make it harder)

8. 23/04/13 BCS - April 20138 • WAMP or XAMPP make the AMP stack to install & configure • Wordpress, Drupal & Joomla make it easy... – but reliant on the developers

9. 23/04/13 BCS - April 20139 Common hacks • SQLi, XSS, Command Line Injection – SEO attacks • Clickjacking, CSRFing, Cross-site History Manipulation • Hacks are “easy” with automated toolkits – Backtrack & Samurai – Metasploit – SQLMap

10. 23/04/13 BCS - April 201310 Problem 3 – Smart ... • Buildings • Towns & Cities

11. 23/04/13 BCS - April 201311 Problem 3 – Smart ... • Medical –Pacemakers –Diagnosic equipment –Data set manipulation

12. 23/04/13 BCS - April 201312 Problem 3 – Smart ... • Utilities –SCADA problems • Supervisory Control and Data Acquisition • Industrial Control Systems –Stuxnet

13. 23/04/13 BCS - April 201313 Problem 3 – Smart ... • Transport –Traffic Control systems –Hugo Teso • Hacked aircraft systems with an Andoid app

14. 23/04/13 BCS - April 201314 Solutions

15. 23/04/13 BCS - April 201315 • Government • Organisations – Voluntary – Business – News • Education

16. 23/04/13 BCS - April 201316 Government • Cyber Security Fusion Cell • The “Dad's Army” of cyber security specialists

17. 23/04/13 BCS - April 201317 Vulnerability Assessments • 4 layers – Scans – Automated toolkits – Penetration tests – Physical probing • See Tiger Team videos

18. 23/04/13 BCS - April 201318 Education (education, education) • Teaching: – MSc/BSc in Computer Security & Forensic Computing • Training – Collaborate with commercial trainers • Research

19. 23/04/13 BCS - April 201319 Teaching Web App development • Architecture • OOP • Frameworks & CMS

20. 23/04/13 BCS - April 201320 Teaching - security • Web App Architecture • Monitoring – Iptables – Snort • Penetration testing – Toolkits – Deliberately vulnerable web apps • DVWA • Mutillidae • WebGoat

21. 23/04/13 BCS - April 201321 Research • Vehicle Forensics – Cyber MOT • Collaborations with legal experts, cyber psychologists, historians & linguists • Read more at: http://www.dmu.ac.uk/research/research- faculties-and-institutes/technology/cybersecurity-centre/research.aspx

22. 23/04/13 BCS - April 201322 TSI • Trustworthy Software Initiative “A public-private partnership for enhancing the overall software and systems culture, with the objective that all software should become designed, implemented and maintained in a trustworthy manner.”

23. 23/04/13 BCS - April 201323 Risks • Trust disappears as the web becomes a more dangerous place for business, education and entertainment

24. 23/04/13 BCS - April 201324 Reading • http://www.theiet.org/ • http://www.theregister.co.uk/ • https://www.owasp.org/ • http://www.webappsec.org/ • http://samurai.inguardians.com/ • http://plaintextoffenders.com/ • http://www.trutv.com/video/tiger- team/tiger-team-101-1-of-4.html

Bcs april 2013

Recomendados

Recomendados

Mais conteúdo relacionado

Semelhante a Bcs april 2013

Semelhante a Bcs april 2013 (20)

Último

Último (20)

Bcs april 2013