Threats and Threat Modelling - MAQSoftware, Mumbai
Yesterday I did a small 60 minutes session on Threats and Thread Modelling at MAQSoftware. I spoke on three points:
1. SQL Injections
2. XSS Attacks
3. Session Hijacking
SQL injection included the ways in which a programmer makes common mistakes, by not hashing or encrypting a password, and how a hacker would take advantage of this and make SQL Injected attacks. These attacks are basically attacks which are done over a database.
XSS included how a 'script' tag is used to spoof the user to store his cookies over an attackers machines. Also tried and explained how would a Hacker hijack a session with the help of stored cookies.
Overall was a nice expericnce. And for the first time ever, I just did demos - no presentation at all.
1. SQL Injections
2. XSS Attacks
3. Session Hijacking
SQL injection included the ways in which a programmer makes common mistakes, by not hashing or encrypting a password, and how a hacker would take advantage of this and make SQL Injected attacks. These attacks are basically attacks which are done over a database.
XSS included how a 'script' tag is used to spoof the user to store his cookies over an attackers machines. Also tried and explained how would a Hacker hijack a session with the help of stored cookies.
Overall was a nice expericnce. And for the first time ever, I just did demos - no presentation at all.
posted by Hardik Shah at 3:18 AM
3 Comments:
The session unveiled few but important loop holes for hacking a system. Overall, a great experience.
The session was very good.
Can you explain me about SQL injection ..I'm working with ASP.NET and SQL. so i hope it would help me a lot to prevent my appln been attacked. If possible send me ppt, example or any links for the same.. THanks. cyberiafreak@gmail.com
Post a Comment
<< Home