TU Wien:Internet Security VU (Weippl)/Stoffübersicht SS12

Aus VoWi
Zur Navigation springen Zur Suche springen

General

  • Security Threats
  • Methods of attacking


Basic and Advanced TCP/IP

  • OSI Modell
  • Hub vs Switch
  • Layer 2 - Data Link
    • Ethernet / MAC
      • MAC flooding
      • MAC duplicating
    • Sniffing
  • Layer 3 - Network Layer
    • IP
      • Fragmentation
      • Subnetting
      • Fragment override
      • IP Spoofing
    • ARP
      • Cache Poisoning
    • RARP / DHCP
    • ICMP
      • Ping of death
      • Smurf Attack
      • Destination Unreachable
    • Traceroute
  • Layer 4 - Transport Layer
    • UDP
      • Spoofing
      • Hijacking
      • UDP Storm
      • Portscan
    • TCP
      • Seq / Ack
      • Window / Flags
      • Handshake
      • TCP Scanning (SYN / FIN)
      • OS Fingerprinting
      • Spoofing
      • Hijacking
      • Injection
      • DoS (SYN Flooding, Process Table Attack)


Basic and Advanced Web Security

  • HTTP Basics
  • CGI Basics
  • OWASP Top 10
  • SQL Injection
    • First Order Attack (normal injection)
    • Second Order Attack (SQL invoked later in time)
  • Parameter Injection
  • Broken Authentication
    • Session Management
    • Session ID Attacks
  • XSS
    • Delivery Mechanisms (stored vs. reflected)
  • Improper error handling
    • fail-open authentication
  • Insecure Storage
  • DoS Attacks
    • DDoS


Internet Applications

  • Remote Access
  • DNS
    • Spoofing (Reverse Lookup for Authentication)
    • Cache Poisoning
  • FTP
    • Active vs Passive
    • Connection Theft
    • FTP Bounce
  • SMTP
    • Authentication
    • Address Spoofing
    • Spam, Phishing


Buffer Overflows

  • Memory Management
    • Automatic in modern languages like Java, Python, C#
    • Memory Layout
  • Stack, Stack Frames, Function Calls
  • Attack
    • Shellcode
    • Nop sled
  • Defenses
    • Safe functions
    • Non-Executable Stack
    • Write XOR execute
    • Address-Space Layout Randomization


Cryptography

  • Goals (Confidentiality, Integrity, Authentication, Non-Repudiation)
  • Unkeyed primitives
    • Hash functions
      • Preimage resistant
      • 2nd Preimage resistant
      • Collision Resistant
    • real random sequences
  • Symmetric Primitives
    • Block Ciphers
      • Poly-Alphabetic Substition cipher
      • Transposition cipher
      • Product cipher (SPN or Feistel network)
      • Confusion
      • Diffusion
      • Electronic Code Book
      • Block Replay
      • Cipher Block Chaining
    • Stream Ciphers
      • One-Time Pad
    • Pseudo-Random Sequences
  • Public Key Primitives
    • PKI Ciphers
    • Signatures
  • Levels of Security
    • Computational Security
    • Provable Security
    • Uncoditional Security / Perfect Security
  • Cryptanalysis
    • Ciphertext only
    • Known Plaintext
    • Chosen Plaintext
  • Protocols (symmetric)
    • Two-Party
    • Multi-Party
    • Trusted Third-Party
    • Diffie-Hellman-Protocol
    • MITM
  • Protocols (public key)
    • Two-Party
    • Two-Party with KeyServer
    • Digital Signature
    • Authenticating Public Keys
      • Hierarchical
      • Peer-To-Peer


Language Security

  • Language Features
    • Strong data typing
    • Automatic Memory Management
    • Sandboxing
  • Implementation
    • Bytecode Verifier (static and dynamic)
    • VM Security Model
      • Code Source
      • Protection Domain
      • Security Manager
      • Access Controller
    • Loops in Security Model
      • Serialization API
      • Reflection API
  • Attacks
    • Bugs in VM
    • against System Classes
    • against User Code
    • against bytecode verifier
    • against JIT
    • Type confusion attack
    • Class Spoofing
    • Privilege Escalation
    • Inappropriate Scope


Testing

  • Validation vs Verification
  • Types of Testing
    • White-box Testing
    • Black-box testing
    • Static Testing
    • Dynamic testing
    • Automated testing
    • Regression tests
    • Software Fault Injection
  • Testing in Requirements Phase
    • Keep Security in mind
  • Testing in Design Phase
    • Formal verification
    • Model checking
    • Attack Graph
      • Generation by hand
      • Automatic generation
  • Testing in Implementation
    • Detection of known problems
    • Manual auditing
    • Static syntax checker (strcat, ...)
    • Annotation-based systems (code contracts like)
    • Model checking
    • Meta compilation
    • Compiler extensions
    • Runtime-Checking between OS and program
    • Runtime-Checking between libraries and program
  • Testing in Rollout
    • Remove debug code
    • Penetration Testing
      • External
      • Internal assessment
      • application security assessment
      • wireless
      • telephony
      • social engineering


Social Network Security

  • Automated Social Engineering
    • Social phishing
    • Context-aware spam
    • Chatterbots
    • Cross-Profile Cloning
    • Friend-in-the-middle-attacks
  • De-anonymization
    • Browser History
    • Face Recognition
  • Permission and Information gathering of multiple small apps
Abgerufen von „https://vowi.fsinf.at/index.php?title=TU_Wien:Internet_Security_VU_(Weippl)/Stoffübersicht_SS12&oldid=71670