The A-to-Z of CyberSecurity as a Kid Understands It

Similar documents

Web application testing

Application Intrusion Detection

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Thick Client Application Security

ensuring security the way how we do it

Magento Security and Vulnerabilities. Roman Stepanov

Members of the UK cyber security forum. Soteria Health Check. A Cyber Security Health Check for SAP systems

Course Content: Session 1. Ethics & Hacking

Where every interaction matters.

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

What is Web Security? Motivation

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications

CSE343/443 Lehigh University Fall Course Overview. Presenter: Yinzhi Cao Lehigh University

Abstract. Introduction. Section I. What is Denial of Service Attack?

CYBERTRON NETWORK SOLUTIONS

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Content Teaching Academy at James Madison University

Detailed Description about course module wise:

Web App Security Audit Services

Web Applications The Hacker s New Target

CompTIA Security+ (Exam SY0-410)

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

CRYPTUS DIPLOMA IN IT SECURITY

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

Web Application Penetration Testing

CSCI 454/554 Computer and Network Security. Instructor: Dr. Kun Sun

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant

Threat Modeling/ Security Testing. Tarun Banga, Adobe 1. Agenda

Overview of computer and communications security

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

A Systems Engineering Approach to Developing Cyber Security Professionals

TAKING SECURITY TESTING TO THE NEXT LEVEL 5 MAY 2014 STAN HEGT

Computer Security. Introduction to. Michael T. Goodrich Department of Computer Science University of California, Irvine. Roberto Tamassia PEARSON

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008

WHITEPAPER. Nessus Exploit Integration

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Network Threats and Vulnerabilities. Ed Crowley

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

Passing PCI Compliance How to Address the Application Security Mandates

Microsoft Security Development Lifecycle for IT. Rob Labbé Application Consulting and Engineering Services

SECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning

COB 302 Management Information System (Lesson 8)

What is Really Needed to Secure the Internet of Things?

Bank Hacking Live! Ofer Maor CTO, Hacktics Ltd. ATC-4, 12 Jun 2006, 4:30PM

Vulnerability Assessment and Penetration Testing

KEN VAN WYK. Fundamentals of Secure Coding and how to break Software MARCH 19-23, 2007 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)

OWASP and OWASP Top 10 (2007 Update) OWASP. The OWASP Foundation. Dave Wichers. The OWASP Foundation. OWASP Conferences Chair

OWASP Top Ten Tools and Tactics

Client Side Filter Enhancement using Web Proxy

Loophole+ with Ethical Hacking and Penetration Testing

Security Goals Services

Security Products Development. Leon Juranic

EECS 588: Computer and Network Security. Introduction January 14, 2014

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework

Penetration Testing Service. By Comsec Information Security Consulting

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

COSC 472 Network Security

External Supplier Control Requirements

CS5008: Internet Computing

INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph I MCA

Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

資通安全產品研發與驗證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭博仁教授 ) 景文科技大學資訊工程系

Kerem Kocaer 2010/04/14

FORBIDDEN - Ethical Hacking Workshop Duration

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

CNT4406/5412 Network Security Introduction

ASP.NET MVC Secure Coding 4-Day hands on Course. Course Syllabus

Executable Integrity Verification

Ed Ferrara, MSIA, CISSP Fox School of Business

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Adobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661

Cyber R &D Research Roundtable

Adobe Systems Incorporated

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Columbia University Web Security Standards and Practices. Objective and Scope

Secrets of Vulnerability Scanning: Nessus, Nmap and More. Ron Bowes - Researcher, Tenable Network Security

2,000 Websites Later Which Web Programming Languages are Most Secure?

Simple Steps to Securing Your SSL VPN

Compter Networks Chapter 9: Network Security

Frequent Denial of Service Attacks

Application Security Testing. Erez Metula (CISSP), Founder Application Security Expert

Hacking Intranet Websites from the Outside (Take 2) Fun With & Without JavaScript Malware

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

NWEN405: Security Engineering

Mobile Application Threat Analysis

Information Security. Training

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Security Certifications. Presentatie SecCert 101 Jordy Kersten MSc., ISC2 Ass., CEH, OSCP

Transcription:

The A-to-Z of CyberSecurity as a Kid Understands It May 28th, 2015 Reuben Paul 1

Agenda Introduction CyberSecurity Alphabets (A to Z) Demonstration Conclusion

Who am I? Reuben Abishai Paul Personal Twitter Handle @RAPst4r 9 years old Harmony School of Science, Austin 3

Prudent Games CEO Learn while they Play! 4

CyberSecurity Journey - Atlanta - Houston (ISC)2 Security Congress Hou.Sec.Con Kids CyberWorld Create A Safe & Secure good hackers? really kids make for Why Keynote - Sept 2014 October 2014 BSides - Austin Hack In The Box HaxPo - Amsterdam Security Cyber The A-to-Z of NG GroundZero InfoSec Summit - -Delhi Kentucky - CyberSecurity DerbyCon May 2015 March 2015 Developing r00t-kidz: Future of CyberSecurity of Babes Mouth From thethe InfoSec 2014 Sept2014 Debut -Nov

Other Fun Facts Americas Most Beautiful Baby (2007) Americas Youngest Shaolin Do KungFu Blackbelt (2013) DISTCO Contest Winner (2014, 2015) USA Gymnastics State Champion (Rings 2015) 6

Agenda Introduction CyberSecurity Alphabets (A to Z) Demonstration Conclusion

abc CyberSecurity Alphabets What are Alphabets? Security Concept Basic Building Blocks Kids Learn as Their Foundation Defensive Concept Offensive Concept

A Authentication Verifying Identity Are you really who you say you are? 1 How many factors do you see? Three Factors What you Know What you Have Who you Are 2 9

B Buffer Overflow Overflow of Memory Input Length > Buffer Size Return Address Overwritten Malicious Code Execution 1337 31 Robin St. Neverland, TX 10

C Cross Site Request Forgery (CRSF) Presents Guards invitation gives kid to an guard entry to pass get into Candy party. User Logs Into Website (Bank) Gets a Session Established The Hacker Sends a Phishing Email With Malicious Link (Code) Code Rides on Top of User Session Tricks kid with Does not ticket YEAH, Wants to use It s his have Entry ticket Time Candy! to Party get Ticket! candy for him Request is Forged 11

D Denial of Service (DoS) Software/System Unavailable Interruptions 12

E Encryption/Decryption Data Conversion Plain-text Cipher-text Algorithm Key Secret 13

F Fuzzing Security Testing Exploitable or Not Random (or) Pseduo- Random Test inputs (fuzz) 14

G Greybox Testing Security Testing Partial or Limited knowledge Blackbox Whitebox Greybox 15

H Hashing Input converted using a Algorithm Fixed Sized Hash Input Algorithm Irreversible Hash 16

I Injection Input is treated as a command No input validation Lego Mega Bloks 17

J Java Applet Attack Creates Malicious Java Applet User Prompted Run time permission granted when run 18

K Keylogging Disclosure atatcks Keystrokes Scanned Dumped Source: Us@Us 19

L Logic Bomb Malcode (or) Mallogic Certain Conditions or Time is met 20

M Man in the Middle (MITM) Impersonates Gateway/Router as Client Client as Router Communication goes through the hacker 21

N Non-Repudiation Repudiation == Deny Non-Repudiation == Cannot Deny Logging & Auditing 22

O One-Time Pad Protection Against Bruteforce Attacks Unique Value Used Once Before Expires 23

P Phishing Lure/Bait & Trick Reveal Information Social Engineering 24

Q Quarry (Targets) Companies Countries Children 25

R Rootkits What is a R00tK1t? Computer Program Remote Control of System Good vs. Bad 26

S Social Engineering What is Social Engineering? Trick Someone Get what you want Who are the Best Social Engineers? 27

T Tor What is Tor? or At least The Onion Router Use Tor Protect from Network Traffic Surveillance Browse Anonymously Location hidden 28

U UDP Flood Attack Guarantee? DoS Attack Lots of UDP Packets Network Congestion NAPSTER RAPSt4R 29

V Virus Computer Program Attaches to Host Harmful 30

W Whitehat Use Skills for Good Hackers With Ethics Skilled in Dark Arts (BlackHat) 31

X XSS (Cross-Site Scripting) Injected Code Executed as Script longhornskidsclub.com 32

Y You People Weakest Link Cyber Education is Key Next Generation - Kids 33

Z Zero-Day Vulnerability Ohday, -ve day The Power of Zero Defenders Unaware 0 = no value Attackers Advantage (X) 0 = One (Usually) Launched on Day That Software (Software) 0-day = Owned Came Out 34

Agenda Introduction Cybersecurity Alphabets (A to Z) Demonstration Conclusion

nuf said - Demonstration Let s BEEF up (XSS) Playing the HackCraft game

Agenda Introduction Cybersecurity Alphabets (A to Z) Demonstration Conclusion

CyberShaolin Teach Kids/Adults about Cyber Security Dangers & Defenses Get Involved Volunteer Donate http://www.cybershaolin.org/get-involved/ 38

Closing Thoughts Thank you Be Educated and Be Educators of CyberSecurity - especially to kids Contact Information reuben@prudentgames.com reuben@cybershaolin.org @prudentgames @RAPst4r @cybershaolin 39