SlideShare a Scribd company logo

Bcs april 2013

B
BCSLeicester
TechnologyBusiness
1 of 24
(Web) Security All in the mind(?) BCS Talk April 2013
23/04/13 BCS - April 20132 Who, me? • Clinton Ingrams • CSC – Cyber Security Centre, DMU – Teaching CS since 1986 – Love PHP
23/04/13 BCS - April 20133 • The problems • What, if anything, can be done?
23/04/13 BCS - April 20134 Famous Hacks • LinkedIn • eHarmony
23/04/13 BCS - April 20135 Problem 1 – the Wetware • Gullible people – Don't understand/care about security • Social Engineering http://www.madsecurity.com/portfolio/social-engineering/
23/04/13 BCS - April 20136 Problems 2 – crappy Web Apps • Web application issues – OWASP top 10 • Errors in business logic – Ebay – TV news service – bitcoins
23/04/13 BCS - April 20137 • Web sites are easy to build • Web applications are also easy – PHP – very easy to learn • (could make it harder)
23/04/13 BCS - April 20138 • WAMP or XAMPP make the AMP stack to install & configure • Wordpress, Drupal & Joomla make it easy... – but reliant on the developers
23/04/13 BCS - April 20139 Common hacks • SQLi, XSS, Command Line Injection – SEO attacks • Clickjacking, CSRFing, Cross-site History Manipulation • Hacks are “easy” with automated toolkits – Backtrack & Samurai – Metasploit – SQLMap
23/04/13 BCS - April 201310 Problem 3 – Smart ... • Buildings • Towns & Cities
23/04/13 BCS - April 201311 Problem 3 – Smart ... • Medical –Pacemakers –Diagnosic equipment –Data set manipulation
23/04/13 BCS - April 201312 Problem 3 – Smart ... • Utilities –SCADA problems • Supervisory Control and Data Acquisition • Industrial Control Systems –Stuxnet
23/04/13 BCS - April 201313 Problem 3 – Smart ... • Transport –Traffic Control systems –Hugo Teso • Hacked aircraft systems with an Andoid app
23/04/13 BCS - April 201314 Solutions
23/04/13 BCS - April 201315 • Government • Organisations – Voluntary – Business – News • Education
23/04/13 BCS - April 201316 Government • Cyber Security Fusion Cell • The “Dad's Army” of cyber security specialists
23/04/13 BCS - April 201317 Vulnerability Assessments • 4 layers – Scans – Automated toolkits – Penetration tests – Physical probing • See Tiger Team videos
23/04/13 BCS - April 201318 Education (education, education) • Teaching: – MSc/BSc in Computer Security & Forensic Computing • Training – Collaborate with commercial trainers • Research
23/04/13 BCS - April 201319 Teaching Web App development • Architecture • OOP • Frameworks & CMS
23/04/13 BCS - April 201320 Teaching - security • Web App Architecture • Monitoring – Iptables – Snort • Penetration testing – Toolkits – Deliberately vulnerable web apps • DVWA • Mutillidae • WebGoat
23/04/13 BCS - April 201321 Research • Vehicle Forensics – Cyber MOT • Collaborations with legal experts, cyber psychologists, historians & linguists • Read more at: http://www.dmu.ac.uk/research/research- faculties-and-institutes/technology/cyber- security-centre/research.aspx
23/04/13 BCS - April 201322 TSI • Trustworthy Software Initiative “A public-private partnership for enhancing the overall software and systems culture, with the objective that all software should become designed, implemented and maintained in a trustworthy manner.”
23/04/13 BCS - April 201323 Risks • Trust disappears as the web becomes a more dangerous place for business, education and entertainment
23/04/13 BCS - April 201324 Reading • http://www.theiet.org/ • http://www.theregister.co.uk/ • https://www.owasp.org/ • http://www.webappsec.org/ • http://samurai.inguardians.com/ • http://plaintextoffenders.com/ • http://www.trutv.com/video/tiger- team/tiger-team-101-1-of-4.html

Recommended

Project Management
Project ManagementProject Management
Project ManagementTanvirsazzad
 
Web2.0 2012 - lesson 1
Web2.0 2012 - lesson 1Web2.0 2012 - lesson 1
Web2.0 2012 - lesson 1Carlo Vaccari
 
Fuzzy Logic in the Real World
Fuzzy Logic in the Real WorldFuzzy Logic in the Real World
Fuzzy Logic in the Real WorldBCSLeicester
 
Emerging Web Technologies October 2013
Emerging Web Technologies October 2013Emerging Web Technologies October 2013
Emerging Web Technologies October 2013bthat
 
Implementation of the JISC and RLUK resource discovery taskforce vision
Implementation of the JISC and RLUK resource discovery taskforce visionImplementation of the JISC and RLUK resource discovery taskforce vision
Implementation of the JISC and RLUK resource discovery taskforce visionandymcg
 
Securing Web Applications
Securing Web ApplicationsSecuring Web Applications
Securing Web ApplicationsMark Garratt
 
Lesson 2: Cloud data storage and retrieval
Lesson 2: Cloud data storage and retrievalLesson 2: Cloud data storage and retrieval
Lesson 2: Cloud data storage and retrievalOriol Borrás Gené
 
Enquiries on the responsive web
Enquiries on the responsive webEnquiries on the responsive web
Enquiries on the responsive webFederico Weber
 

Recommended

Project Management
Project ManagementProject Management
Project ManagementTanvirsazzad
 
Web2.0 2012 - lesson 1
Web2.0 2012 - lesson 1Web2.0 2012 - lesson 1
Web2.0 2012 - lesson 1Carlo Vaccari
 
Fuzzy Logic in the Real World
Fuzzy Logic in the Real WorldFuzzy Logic in the Real World
Fuzzy Logic in the Real WorldBCSLeicester
 
Emerging Web Technologies October 2013
Emerging Web Technologies October 2013Emerging Web Technologies October 2013
Emerging Web Technologies October 2013bthat
 
Implementation of the JISC and RLUK resource discovery taskforce vision
Implementation of the JISC and RLUK resource discovery taskforce visionImplementation of the JISC and RLUK resource discovery taskforce vision
Implementation of the JISC and RLUK resource discovery taskforce visionandymcg
 
Securing Web Applications
Securing Web ApplicationsSecuring Web Applications
Securing Web ApplicationsMark Garratt
 
Lesson 2: Cloud data storage and retrieval
Lesson 2: Cloud data storage and retrievalLesson 2: Cloud data storage and retrieval
Lesson 2: Cloud data storage and retrievalOriol Borrás Gené
 
Enquiries on the responsive web
Enquiries on the responsive webEnquiries on the responsive web
Enquiries on the responsive webFederico Weber
 
LTB Demo - Healthcare Evaluation
LTB Demo - Healthcare EvaluationLTB Demo - Healthcare Evaluation
LTB Demo - Healthcare EvaluationKubify - Learning Toolbox for ePosters
 
8 nsta tech talk
8 nsta tech talk 8 nsta tech talk
8 nsta tech talkBen Smith
 
Trustworthy Infrastructure for Personal Data Management
Trustworthy Infrastructure for Personal Data ManagementTrustworthy Infrastructure for Personal Data Management
Trustworthy Infrastructure for Personal Data ManagementIoannis Krontiris
 
Towards online math exams
Towards online math examsTowards online math exams
Towards online math examsMart Laanpere
 
Ejrcicio Presentación mapas conceptuales L Liberal
Ejrcicio Presentación mapas conceptuales L LiberalEjrcicio Presentación mapas conceptuales L Liberal
Ejrcicio Presentación mapas conceptuales L Liberalliberall
 
Digital inslusion summit 2016
Digital inslusion summit 2016Digital inslusion summit 2016
Digital inslusion summit 2016kcharvoz
 
Technology in Teaching, Research & Admin’: Some Quick Wins & Data Protection
Technology in Teaching, Research & Admin’: Some Quick Wins & Data ProtectionTechnology in Teaching, Research & Admin’: Some Quick Wins & Data Protection
Technology in Teaching, Research & Admin’: Some Quick Wins & Data ProtectionSimon Bignell
 
Advanc ed illinois online network 2013
Advanc ed illinois online network 2013Advanc ed illinois online network 2013
Advanc ed illinois online network 2013Scott Johnson
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prustyamarprusty
 
Integration data models, Learning Layers project meeting in Bremen
Integration data models, Learning Layers project meeting in BremenIntegration data models, Learning Layers project meeting in Bremen
Integration data models, Learning Layers project meeting in BremenVladimir Tomberg
 
Emerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar PrustyEmerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar PrustyCysinfo Cyber Security Community
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamMohammed Adam
 
Package Tracking Systems Are Not Just for Packages Anymore
Package Tracking Systems Are Not Just for Packages Anymore Package Tracking Systems Are Not Just for Packages Anymore
Package Tracking Systems Are Not Just for Packages Anymore SCLogic
 
SURFconext / OpenConext - De Cloudservice Integrator voor Hoger Onderwijs en ...
SURFconext / OpenConext - De Cloudservice Integrator voor Hoger Onderwijs en ...SURFconext / OpenConext - De Cloudservice Integrator voor Hoger Onderwijs en ...
SURFconext / OpenConext - De Cloudservice Integrator voor Hoger Onderwijs en ...SURFconext
 
Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical SystemsBob Marcus
 
Bkbiet intro
Bkbiet introBkbiet intro
Bkbiet intromihirio
 
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with training
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with trainingASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with training
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with trainingAPNIC
 
Privacy. Winter School on “Topics in Digital Trust”. IIT Bombay
Privacy. Winter School on “Topics in Digital Trust”. IIT BombayPrivacy. Winter School on “Topics in Digital Trust”. IIT Bombay
Privacy. Winter School on “Topics in Digital Trust”. IIT BombayIIIT Hyderabad
 
AMARC Summary Description
AMARC Summary Description AMARC Summary Description
AMARC Summary Description Daniel Mintz
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Cloud Security Alliance Lviv Chapter
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 

More Related Content

Similar to Bcs april 2013

8 nsta tech talk
8 nsta tech talk 8 nsta tech talk
8 nsta tech talkBen Smith
 
Trustworthy Infrastructure for Personal Data Management
Trustworthy Infrastructure for Personal Data ManagementTrustworthy Infrastructure for Personal Data Management
Trustworthy Infrastructure for Personal Data ManagementIoannis Krontiris
 
Towards online math exams
Towards online math examsTowards online math exams
Towards online math examsMart Laanpere
 
Ejrcicio Presentación mapas conceptuales L Liberal
Ejrcicio Presentación mapas conceptuales L LiberalEjrcicio Presentación mapas conceptuales L Liberal
Ejrcicio Presentación mapas conceptuales L Liberalliberall
 
Digital inslusion summit 2016
Digital inslusion summit 2016Digital inslusion summit 2016
Digital inslusion summit 2016kcharvoz
 
Technology in Teaching, Research & Admin’: Some Quick Wins & Data Protection
Technology in Teaching, Research & Admin’: Some Quick Wins & Data ProtectionTechnology in Teaching, Research & Admin’: Some Quick Wins & Data Protection
Technology in Teaching, Research & Admin’: Some Quick Wins & Data ProtectionSimon Bignell
 
Advanc ed illinois online network 2013
Advanc ed illinois online network 2013Advanc ed illinois online network 2013
Advanc ed illinois online network 2013Scott Johnson
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prustyamarprusty
 
Integration data models, Learning Layers project meeting in Bremen
Integration data models, Learning Layers project meeting in BremenIntegration data models, Learning Layers project meeting in Bremen
Integration data models, Learning Layers project meeting in BremenVladimir Tomberg
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamMohammed Adam
 
Package Tracking Systems Are Not Just for Packages Anymore
Package Tracking Systems Are Not Just for Packages Anymore Package Tracking Systems Are Not Just for Packages Anymore
Package Tracking Systems Are Not Just for Packages Anymore SCLogic
 
SURFconext / OpenConext - De Cloudservice Integrator voor Hoger Onderwijs en ...
SURFconext / OpenConext - De Cloudservice Integrator voor Hoger Onderwijs en ...SURFconext / OpenConext - De Cloudservice Integrator voor Hoger Onderwijs en ...
SURFconext / OpenConext - De Cloudservice Integrator voor Hoger Onderwijs en ...SURFconext
 
Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical SystemsBob Marcus
 
Bkbiet intro
Bkbiet introBkbiet intro
Bkbiet intromihirio
 
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with training
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with trainingASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with training
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with trainingAPNIC
 
Privacy. Winter School on “Topics in Digital Trust”. IIT Bombay
Privacy. Winter School on “Topics in Digital Trust”. IIT BombayPrivacy. Winter School on “Topics in Digital Trust”. IIT Bombay
Privacy. Winter School on “Topics in Digital Trust”. IIT BombayIIIT Hyderabad
 
AMARC Summary Description
AMARC Summary Description AMARC Summary Description
AMARC Summary Description Daniel Mintz
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Cloud Security Alliance Lviv Chapter
 

Similar to Bcs april 2013 (20)

LTB Demo - Healthcare Evaluation
LTB Demo - Healthcare EvaluationLTB Demo - Healthcare Evaluation
LTB Demo - Healthcare Evaluation
 
8 nsta tech talk
8 nsta tech talk 8 nsta tech talk
8 nsta tech talk
 
Trustworthy Infrastructure for Personal Data Management
Trustworthy Infrastructure for Personal Data ManagementTrustworthy Infrastructure for Personal Data Management
Trustworthy Infrastructure for Personal Data Management
 
Towards online math exams
Towards online math examsTowards online math exams
Towards online math exams
 
Ejrcicio Presentación mapas conceptuales L Liberal
Ejrcicio Presentación mapas conceptuales L LiberalEjrcicio Presentación mapas conceptuales L Liberal
Ejrcicio Presentación mapas conceptuales L Liberal
 
Digital inslusion summit 2016
Digital inslusion summit 2016Digital inslusion summit 2016
Digital inslusion summit 2016
 
Technology in Teaching, Research & Admin’: Some Quick Wins & Data Protection
Technology in Teaching, Research & Admin’: Some Quick Wins & Data ProtectionTechnology in Teaching, Research & Admin’: Some Quick Wins & Data Protection
Technology in Teaching, Research & Admin’: Some Quick Wins & Data Protection
 
Advanc ed illinois online network 2013
Advanc ed illinois online network 2013Advanc ed illinois online network 2013
Advanc ed illinois online network 2013
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prusty
 
Integration data models, Learning Layers project meeting in Bremen
Integration data models, Learning Layers project meeting in BremenIntegration data models, Learning Layers project meeting in Bremen
Integration data models, Learning Layers project meeting in Bremen
 
Emerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar PrustyEmerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar Prusty
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
 
Package Tracking Systems Are Not Just for Packages Anymore
Package Tracking Systems Are Not Just for Packages Anymore Package Tracking Systems Are Not Just for Packages Anymore
Package Tracking Systems Are Not Just for Packages Anymore
 
SURFconext / OpenConext - De Cloudservice Integrator voor Hoger Onderwijs en ...
SURFconext / OpenConext - De Cloudservice Integrator voor Hoger Onderwijs en ...SURFconext / OpenConext - De Cloudservice Integrator voor Hoger Onderwijs en ...
SURFconext / OpenConext - De Cloudservice Integrator voor Hoger Onderwijs en ...
 
Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical Systems
 
Bkbiet intro
Bkbiet introBkbiet intro
Bkbiet intro
 
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with training
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with trainingASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with training
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with training
 
Privacy. Winter School on “Topics in Digital Trust”. IIT Bombay
Privacy. Winter School on “Topics in Digital Trust”. IIT BombayPrivacy. Winter School on “Topics in Digital Trust”. IIT Bombay
Privacy. Winter School on “Topics in Digital Trust”. IIT Bombay
 
AMARC Summary Description
AMARC Summary Description AMARC Summary Description
AMARC Summary Description
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 

Recently uploaded (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 

Bcs april 2013

  • 1. (Web) Security All in the mind(?) BCS Talk April 2013
  • 2. 23/04/13 BCS - April 20132 Who, me? • Clinton Ingrams • CSC – Cyber Security Centre, DMU – Teaching CS since 1986 – Love PHP
  • 3. 23/04/13 BCS - April 20133 • The problems • What, if anything, can be done?
  • 4. 23/04/13 BCS - April 20134 Famous Hacks • LinkedIn • eHarmony
  • 5. 23/04/13 BCS - April 20135 Problem 1 – the Wetware • Gullible people – Don't understand/care about security • Social Engineering http://www.madsecurity.com/portfolio/social-engineering/
  • 6. 23/04/13 BCS - April 20136 Problems 2 – crappy Web Apps • Web application issues – OWASP top 10 • Errors in business logic – Ebay – TV news service – bitcoins
  • 7. 23/04/13 BCS - April 20137 • Web sites are easy to build • Web applications are also easy – PHP – very easy to learn • (could make it harder)
  • 8. 23/04/13 BCS - April 20138 • WAMP or XAMPP make the AMP stack to install & configure • Wordpress, Drupal & Joomla make it easy... – but reliant on the developers
  • 9. 23/04/13 BCS - April 20139 Common hacks • SQLi, XSS, Command Line Injection – SEO attacks • Clickjacking, CSRFing, Cross-site History Manipulation • Hacks are “easy” with automated toolkits – Backtrack & Samurai – Metasploit – SQLMap
  • 10. 23/04/13 BCS - April 201310 Problem 3 – Smart ... • Buildings • Towns & Cities
  • 11. 23/04/13 BCS - April 201311 Problem 3 – Smart ... • Medical –Pacemakers –Diagnosic equipment –Data set manipulation
  • 12. 23/04/13 BCS - April 201312 Problem 3 – Smart ... • Utilities –SCADA problems • Supervisory Control and Data Acquisition • Industrial Control Systems –Stuxnet
  • 13. 23/04/13 BCS - April 201313 Problem 3 – Smart ... • Transport –Traffic Control systems –Hugo Teso • Hacked aircraft systems with an Andoid app
  • 14. 23/04/13 BCS - April 201314 Solutions
  • 15. 23/04/13 BCS - April 201315 • Government • Organisations – Voluntary – Business – News • Education
  • 16. 23/04/13 BCS - April 201316 Government • Cyber Security Fusion Cell • The “Dad's Army” of cyber security specialists
  • 17. 23/04/13 BCS - April 201317 Vulnerability Assessments • 4 layers – Scans – Automated toolkits – Penetration tests – Physical probing • See Tiger Team videos
  • 18. 23/04/13 BCS - April 201318 Education (education, education) • Teaching: – MSc/BSc in Computer Security & Forensic Computing • Training – Collaborate with commercial trainers • Research
  • 19. 23/04/13 BCS - April 201319 Teaching Web App development • Architecture • OOP • Frameworks & CMS
  • 20. 23/04/13 BCS - April 201320 Teaching - security • Web App Architecture • Monitoring – Iptables – Snort • Penetration testing – Toolkits – Deliberately vulnerable web apps • DVWA • Mutillidae • WebGoat
  • 21. 23/04/13 BCS - April 201321 Research • Vehicle Forensics – Cyber MOT • Collaborations with legal experts, cyber psychologists, historians & linguists • Read more at: http://www.dmu.ac.uk/research/research- faculties-and-institutes/technology/cyber- security-centre/research.aspx
  • 22. 23/04/13 BCS - April 201322 TSI • Trustworthy Software Initiative “A public-private partnership for enhancing the overall software and systems culture, with the objective that all software should become designed, implemented and maintained in a trustworthy manner.”
  • 23. 23/04/13 BCS - April 201323 Risks • Trust disappears as the web becomes a more dangerous place for business, education and entertainment
  • 24. 23/04/13 BCS - April 201324 Reading • http://www.theiet.org/ • http://www.theregister.co.uk/ • https://www.owasp.org/ • http://www.webappsec.org/ • http://samurai.inguardians.com/ • http://plaintextoffenders.com/ • http://www.trutv.com/video/tiger- team/tiger-team-101-1-of-4.html