@import url("http://www.blogger.com/css/blog_controls.css"); @import url("http://www.blogger.com/dyn-css/authorization.css?blogID=8706105"); Hardik Shah - Trying to be with the Technology
Networks

Thursday, September 01, 2005

Threats and Threat Modelling - MAQSoftware, Mumbai

Yesterday I did a small 60 minutes session on Threats and Thread Modelling at MAQSoftware. I spoke on three points:

1. SQL Injections
2. XSS Attacks
3. Session Hijacking

SQL injection included the ways in which a programmer makes common mistakes, by not hashing or encrypting a password, and how a hacker would take advantage of this and make SQL Injected attacks. These attacks are basically attacks which are done over a database.

XSS included how a 'script' tag is used to spoof the user to store his cookies over an attackers machines. Also tried and explained how would a Hacker hijack a session with the help of stored cookies.

Overall was a nice expericnce. And for the first time ever, I just did demos - no presentation at all.

3 Comments:

Anonymous Anonymous said...

The session unveiled few but important loop holes for hacking a system. Overall, a great experience.

3:43 AM  
Anonymous Anonymous said...

The session was very good.

3:50 AM  
Anonymous Anonymous said...

Can you explain me about SQL injection ..I'm working with ASP.NET and SQL. so i hope it would help me a lot to prevent my appln been attacked. If possible send me ppt, example or any links for the same.. THanks. cyberiafreak@gmail.com

7:58 AM  

Post a Comment

<< Home

Google
 
Web hardiks.blogspot.com