KJhole.com
Web Sec Downloads

Part I: vulnerabilities and attacks

The first part of this lecture series analyzes vulnerabilities in computer systems and explains some common attacks.

Brute force attacks. Brute force attacks on Internet banks utilizing Norwegian birth numbers and PINs to authenticating users.

Nettbank, del 1 (in Norwegian)
Nettbank, del 2 (in Norwegian)

Vulnerabilities in e-governments. It is shown that e-government sites all over the world were vulnerable to Cross-Site Scripting (XSS) and SQL injection arttacks during 2005.

E-government vulnerabilities

Pharming. We develop an understanding of pharming, explain why systems are vulnerable to pharming attacks, and describe attacks on the Domain Name System (DNS) and wirless home routers.

Pharming

CSRF. The idea behind Cross-Site Request Forgery (CSRF) is explained together with several serious CSRF attacks.

CSRF

DDoS attacks. Comprehensive introduction to Distributed Denial-of-Service (DDoS) attacks.

DDoS

Electronic surveillance and identity theft. We discuss electronic surveillance, consider the usefulness of Closed-Circuit Television (CCTV) systems, and explain why identity theft is a serious and growing problem.

Electronic surveillance and identity theft

Part II: PKI

The second part of the lecture series gives a comprehensive introduction to Public-Key Infrastructures (PKIs). In particular, it is shown how a PKI can be combined with the widely used SSL/TLS protocol.

Part III: risk management

The third part contains an introduction to risk management. Several large examples illustrate the most important steps in the risk management process. The examples consider both technical, judicial, and usability aspects of risk management. In particular, it is explained why the poor usability of SSL/TLS increases risk.