In this lecture I learn about Program Security. This topic covers about vulnerabilities, Safeguard to Program threat and Pillar to Software Security. In vulnerabilities cover about Secure Program, Malicious Code and Top 10 Web application vulnerabilities.
Secure Program - An assessment of security can also be influenced by someone’s general perspective on software quality
Malicious Code - Malicious Code is a new kind of threat which cannot be blocked by anti-virus software alone. In contrast to viruses (which require a user to execute a program in order to cause damage), malicious code is an auto-executable application. It can take the form of Java Applets, ActiveX controls, plug-ins, pushed content, scripting languages, or a number of new programming languages designed to enhance Web pages and email.
Top 10 Web application vulnerabilities
(1)Cross site scripting
(2) Injection flaws
(3)Malicious file execution
(4)Insecure direct object reference
(5)Cross site request forgery
(6)Information leakage and improper error handling
(7)Broken authentication and session management
(8)Insecure crypto storage
(9)Insecure communication
(10)Failure to restrict URL access
LAB 4 (4 August 2009)
In this lab I learn about Cryptography Extended. I must know what is Symmetric and
Asymmetric Cryptography. Also know about Caesar Cipher and Vigeneré Cipher for
Symmetric Cryptography. And lastly RSA algorithm for Asymmetric Cryptography.
Symmetric Cryptography
Symmetric cryptography is a an outgrowth of classical cryptography.All classical cryptosystem are secret key systems.Most of them can be seen as block ciphers, if not, stream ciphers.
Caesar Cipher
Also known as a Caesar shift cipher or shift cipher, is one of the simplest methods of encryption, although it can be easily broken. It is a substitution cipher in which each letter in the plaintext is replaced by the letter some fixed number of positions further down the alphabet
Vigeneré Cipher
Asymmetric Cryptography
Asymmetric cryptography or public-key cryptography is cryptography in which a pair of keys is used to encrypt and decrypt a message so that it arrives securely. Initially, a network user receives a public and private key pair from a certificate authority. Any other user who wants to send an encrypted message can get the intended recipient's public key from a public directory. They use this key to encrypt the message, and they send it to the recipient. When the recipient gets the message, they decrypt it with their private key, which no one else should have access to.
No comments:
Post a Comment