Term Project, Phase 1 Due June 30 Phase 1 Logistics: Feel free to work on this as an individual, or you can form a group of 2 or 3 students to collaborate on this first phase of the project. You’ll turn in a link to your code/tests, a short (5 page max) write-up describing your […]
程序代写代做代考 database chain clock Java Term Project, Phase 1 Due June 30 Read More »
FIT5003 Software Security Software Security In a Nutshell Apostolos Fournaris 1 Software Security Renewed interest “idea of engineering software so that it continues to function correctly under malicious attack” Existing software is riddled with design flaws and implementation bugs “any program, no matter how innocuous it seems, can harbor security holes” 2
FIT5003 SOFTWARE SECURITY www.monash.edu.au Lecture 11 Ethics & Privacy FIT5003 SOFTWARE SECURITY www.monash.edu.au • cybercrime and computer crime • intellectual property issues • privacy • ethical issues Outline LN12 Ethics 3 Cybercrime / Computer Crime • “criminal activity in which computers or computer networks are a tool, a target, or a place of criminal activity”
程序代写代做代考 database algorithm graph FIT5003 SOFTWARE SECURITY Read More »
FIT5003 Software Security Blockchain Security 1 Blockchain Blockchain is not Cryptocurrency 2 Blockchain Blockchain technology is a digital innovation that is poised to significantly alter financial markets within the next few years, within a cryptographic ecosystem that has the potential to also significantly impact trusted computing activities and therefore cybersecurity concerns as a whole. 3
程序代写代做代考 database javascript graph game assembler chain Java FIT5003 Software Security Read More »
FIT5003 Software Security Security Testing 1 Security Testing Security testing != traditional functionality testing Software can be correct without being secure Security bugs are different from traditional bugs. Security testing addresses software failures that have security implications Security testing requires different mind set 2 Security Testing Identify threats using Threat Modeling STRIDE,
程序代写代做代考 c/c++ database assembly graph html dns fuzzing FIT5003 Software Security Read More »
Java Reflection and Keystores FIT5003 Software Security week 5 Faculty of Information Technology, Monash University 1 Security with Java Reflection API Java reflection API is used to examine or modify the behavior of attributes, methods, classes or interfaces at runtime. Through Java reflection, we can manipulate the private members of a class, which can be
程序代写代做代考 database html Java chain Java Reflection and Keystores Read More »
FIT 5003 Software Security Apostolos Fournaris (Lecturer) Apostolos.fournaris@monash.edu Dr. Ron Steinfeld (Chief Examiner) ron.steinfeld@monash.edu Faculty of Information Technology Monash University, Australia 1 Why study Software Security? 2 Why study Software Security? • Target Credit-Card Attacks (Dec. 2013) • 40 Million CC numbers stolen • 90 lawsuits filed against Target • Target spent $61 Million responding
FIT5003 Software Security Java Security I April 2020 1 Java Basics Source code Compiler Class files Libraries ➢ object-oriented ➢ multi-threaded ➢strongly typed ➢exception handling ➢very similar to C/C++, but cleaner and simpler ➢ no more struct and union ➢ no more (stand alone) functions ➢ no more multiple inheritance ➢ no more operator overloading
Threat Model 1 STRIDE approach • Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege Threat Spoofing Tampering Repudiation Information disclosure Denial of service Elevation of privilege Security Property Authentication Integrity Non-repudiation Confidentiality Availability Authorization • To follow STRIDE, you decompose your system into relevant components, analyze each component for susceptibility to
程序代写代做代考 database javascript chain interpreter file system html Java C Threat Model Read More »
FIT5003 Software Security Web Security II 1 Web Security SQL Injection Cross-Site Scripting Cross-Site request forgery Session Management 2 XSS VULNERABILITY Reflected XSS Stored XSS DOM-based XSS 4 XSS VULNERABILITY Session hijacking Unauthorised action Disclosure of personal data Execution of arbitrary commands on users’ computers 3 REFLECTED XSS Web application sometimes employs dynamic page to
程序代写代做代考 database html javascript Java graph FIT5003 Software Security Read More »