6005-CEM Security

Introduction

6005-CEM Security

Home
Module Information
Module Information
- Module Guide
- About these Docs
Assesment
Assesment
Week 1 Introduction
Week 1 Introduction
- Materials
  Materials
- Online Lecture
  Online Lecture
  - Lecture
  - Task
- On Campus
  On Campus
  - Part1
- Extra
  Extra
  - BFF Part 1
Week 2 Legal Factors
Week 2 Legal Factors
- Materials
  Materials
- Online Lecture
  Online Lecture
  - Lecture
  - Task
- On Campus
  On Campus
  - Lab Session
Week 3 Secure Design and Infrastructure
Week 3 Secure Design and Infrastructure
- Materials
  Materials
- Online Lectures
  Online Lectures
  - Lecture
- On Campus
  On Campus
  - Lab Session 1
Week 4 On Campus Lab
Week 4 Cryptography
Week 4 Cryptography
- Materials
  Materials
- Online Lectures
  Online Lectures
  - Lecture
- On Campus Lab Session
  On Campus Lab Session
  - Using Hashes
Week 5 Cryptography
Week 5 Cryptography
- Materials
  Materials
- On Campus Lab Session
  On Campus Lab Session
  - Chat Client
Week 6 Common Vulnerblitlites and Audit
Week 6 Common Vulnerblitlites and Audit
- Materials
  Materials
  - Introduction Introduction
    Table of contents
    
    Lab
  - OWASP top 10
  - Classifying Vulns
  - Audit: Methods
  - Audit: Eyeballing
  - Audit: Automation
Week 7 HTTP and SQL Injection
Week 7 HTTP and SQL Injection
- Materials
  Materials
  - Introduction
  - Recap
    Recap
    
    HTTP
    
    Requests
  - Tools To Automate Requests
  - Storing State in HTTP
  - SQL And Injection
  - SQL Injection
  - Database Enumeration
  - Blind SQL Injecton
- Live Lab Session
  Live Lab Session
Week 8 Shells and XSS
Week 8 Shells and XSS
- Materials
  Materials
- Live Lab Session
  Live Lab Session
  - Lab Task
Week 9 RCE
Week 9 RCE
- Materials
  Materials
- Lab Tasks
Week 10 Deserialisation and NoSQL
Week 10 Deserialisation and NoSQL
- Materials
  Materials
- Activities
Week 11 Overflows
Week 11 Overflows
- Materials
  Materials
- Extra
  Extra
  - Detailed Stack Walkthrough
- Activities
  Activities
  - Overflows Lab
Tools and Cheatsheets
Tools and Cheatsheets

Web Vulnerabilities

In this week we will start to look at web site vulnerabilities.

We will cover two main themes

Can we Classify vulnerabilities
How do we look for vulnerabilities in our code.

Why the Web

While many of you will go on to write traditional desktop software, there is no escaping the fact that we are likely to have an "Online" version of our software.

However, while desktop software has a limited "attack surface" (ie we need to be on the machine it is running on), web applications by their nature are accesable to everyone, meaning the chance that a flaw will be discovered or exploited is much greater.

Additionally, many of the flaws described in classification systems like OWASP are equally applicable to the more traditional desktop applications.

Lab

Reconnaissance