CSE 115. Introduction to Computer Science I
|
|
- Camron Stephens
- 5 years ago
- Views:
Transcription
1 CSE 115 Introduction to Computer Science I
2 Road map Review HTML injection SQL injection
3 Persisting data Central Processing Unit CPU Random Access Memory RAM persistent storage (e.g. file or database)
4 Persisting data text file - stream of characters CSV file - fields separated by comma database - can support highly efficient operations on data
5 SQLite import sqlite3 conn = sqlite3.connect('atest.db') cur = conn.cursor() do things to database conn.commit() conn.close()
6 Changes to add_song def add_song(song): #{"song_id": song_id, "title": title, "artist": artist} if songnotvalid(song) or songidalreadyexists(song['song_id']) return with open(songs_filename, "a") as file: writer = csv.writer(file) writer.writerow([song['song_id'], song['title'], song['artist']]) def insertsong(song): cur.execute('insert INTO songs VALUES (?,?,?)', (song['song_id'], song['title'], song['artist'])) Now we can migrate from CSV to SQLite
7 Changes to add_song def add_song(song): #{"song_id": song_id, "title": title, "artist": artist} if songnotvalid(song) or songidalreadyexists(song['song_id']) return insertsong(song) conn.commit() def insertsong(song): cur.execute('insert INTO songs VALUES (?,?,?)', (song['song_id'], song['title'], song['artist'])) Define insertsong function to construct SQL command.
8 Changes to ratings.py def rate_song(song_rating): #{"song_id": song_id, "rating": rating} if ratingnotvalid(rating) or not songidalreadyexists(rating['song_id']): return with open(ratings_filename, "a") as file: writer = csv.writer(file) writer.writerow([song_rating['song_id'], song_rating['rating']]) Migrate from CSV to SQLite
9 Changes to ratings.py def rate_song(song_rating): #{"song_id": song_id, "rating": rating} if ratingnotvalid(rating) or not songidalreadyexists(rating['song_id']): return insertrating(rating) conn.commit() def insertrating(rating): cur.execute('insert INTO ratings VALUES (?,?)', (rating['song_id'], rating['rating'])) Migrate from CSV to SQLite
10 Road map Review HTML injection SQL injection
11 HTML injection User can type any text into a text field. If that text is incorporated into the HTML rendered by the browser, then a user could 'inject' HTML. In the application, see what happens when this text is entered as both an "Unsafe review" and a "Safe review": <b>some bold text</b>
12 HTML injection User can type any text into a text field. What about this scary but in effect harmless HTML: <button onclick="alert('you\'ve been hacked!!');">click This</button>
13 HTML injection User can type any text into a text field. How about this more nefarious HTML? <!--
14 HTML injection User can type any text into a text field. Or some HTML which makes the browser redirect to a different site.
15 HTML injection User can type any text into a text field. Or this HTML which makes the browser redirect to a different site: <META HTTP-EQUIV="refresh" CONTENT="1;url=
16 HTML injection prevention User can type any text into a text field. Don't incorporate directly. Use an HTML escape mechanism which allows us to distinguish data from program. Characters like are encoded as < > & " < > & "
17 HTML injection prevention In our ratings.py code: re = rating['review'] re = html.escape(re)
18 Road map Review HTML injection SQL injection
19 SQL injection User can type any text into a text field. The application has a search feature that allows a user to retrieve all the songs by a particular artist. Suppose the user enters Boston in the search box - what do we expect to see?
20 SQL injection User can type any text into a text field. The application has a search feature that allows a user to retrieve all the songs by a particular artist. Suppose the user enters Boston in the search box - we'll see a listing of the songs by the artist Boston: More than a feeling - Boston Something about you - Boston
21 SQL injection User can type any text into a text field. If that text is incorporated into the SQL executed by our database engine, bad things can happen. ' OR '1'='1' starts a comment in SQL causes rest of SQL in command to be ignored
22 SQL injection The SQL command DROP TABLE somename removes the table whose name is somename, as in DROP TABLE songs or DROP TABLE ratings
23 SQL injection What would this do if we typed it into our search field? Boston'; DROP TABLE songs; -- ; separates commands in SQL
24 SQL injection It turns out nothing, because the execute function does not permit multiple commands.
25
26 SQL injection prevention As a function with safe substitution def insert(title, director, year): cur.execute('insert INTO movies VALUES (?,?,?)', (title, director, year)) '?' is a placeholder that is used for safe replacement: parameter substitution. Usually your SQL operations will need to use values from Python variables. You shouldn t assemble your query using Python s string operations because doing so is insecure; it makes your program vulnerable to an SQL injection attack (see for humorous example of what can go wrong). Instead, use the DB-API s parameter substitution. Put? as a placeholder wherever you want to use a value, and then provide a tuple of values as the second argument to the cursor s execute() method.
CSE 115. Introduction to Computer Science I
CSE 115 Introduction to Computer Science I Road map Review (sorting) Persisting data Databases Sorting Given a sequence of values that can be ordered, sorting involves rearranging these values so they
More informationSQL I: Introduction. Relational Databases. Attribute. Tuple. Relation
1 SQL I: Introduction Lab Objective: Being able to store and manipulate large data sets quickly is a fundamental part of data science. The SQL language is the classic database management system for working
More informationTraffic violations revisited
Traffic violations revisited November 9, 2017 In this lab, you will once again extract data about traffic violations from a CSV file, but this time you will use SQLite. First, download the following files
More informationDatabases in Python. MySQL, SQLite. Accessing persistent storage (Relational databases) from Python code
Databases in Python MySQL, SQLite Accessing persistent storage (Relational databases) from Python code Goal Making some data 'persistent' When application restarts When computer restarts Manage big amounts
More informationCS108 Lecture 19: The Python DBAPI
CS108 Lecture 19: The Python DBAPI Sqlite3 database Running SQL and reading results in Python Aaron Stevens 6 March 2013 What You ll Learn Today Review: SQL Review: the Python tuple sequence. How does
More informationWeb Security: Vulnerabilities & Attacks
Computer Security Course. Song Dawn Web Security: Vulnerabilities & Attacks Cross-site Scripting What is Cross-site Scripting (XSS)? Vulnerability in web application that enables attackers to inject client-side
More informationCSE 115. Introduction to Computer Science I
CSE 115 Introduction to Computer Science I Client Sends requests to server at "/" first Web Page my content
More informationHOW TO FLASK. And a very short intro to web development and databases
HOW TO FLASK And a very short intro to web development and databases FLASK Flask is a web application framework written in Python. Created by an international Python community called Pocco. Based on 2
More informationpostgresql postgresql in Flask in 15 or so slides 37 slides
postgresql postgresql in Flask in 15 or so slides 37 slides but first Principle of Least Privilege A user (or process) should have the lowest level of privilege required in order to perform his/her assigned
More informationCSE 115. Introduction to Computer Science I
CSE 115 Introduction to Computer Science I Road map Review Linear vs Binary Search Selection vs Merge Sort Defining Custom Sorts Empirical Demo Music Rating App User Browser Navigates to the app's URL
More informationCIS 192: Lecture 11 Databases (SQLite3)
CIS 192: Lecture 11 Databases (SQLite3) Lili Dworkin University of Pennsylvania In-Class Quiz app = Flask( main ) @app.route('/') def home():... app.run() 1. type(app.run) 2. type(app.route( / )) Hint:
More informationLABORATORY OF DATA SCIENCE. Data Access: Relational Data Bases. Data Science and Business Informatics Degree
LABORATORY OF DATA SCIENCE Data Access: Relational Data Bases Data Science and Business Informatics Degree RDBMS data access 2 Protocols and API ODBC, OLE DB, ADO, ADO.NET, JDBC Python DBAPI with ODBC
More informationCSE 115. Introduction to Computer Science I
CSE 115 Introduction to Computer Science I Road map Review Limitations of front-end sites Web servers Examples Review
More informationNCSS: Databases and SQL
NCSS: Databases and SQL Tim Dawborn Lecture 2, January, 2017 Python/sqlite3 DB Design API JOINs 2 Outline 1 Connecting to an SQLite database using Python 2 What is a good database design? 3 A nice API
More informationNET 311 INFORMATION SECURITY
NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS)
More informationWeb Security IV: Cross-Site Attacks
1 Web Security IV: Cross-Site Attacks Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab3 New terminator: http://www.cs.ucr.edu/~csong/sec/17/l/new_terminator Bonus for solving the old one
More informationEmbedded SQL. csc343, Introduction to Databases Renée J. Miller and Fatemeh Nargesian and Sina Meraji Winter 2018
Embedded SQL csc343, Introduction to Databases Renée J. Miller and Fatemeh Nargesian and Sina Meraji Winter 2018 Problems with using interactive SQL Standard SQL is not Turing-complete. E.g., Two profs
More informationCS50 Quiz Review. November 13, 2017
CS50 Quiz Review November 13, 2017 Info http://docs.cs50.net/2017/fall/quiz/about.html 48-hour window in which to take the quiz. You should require much less than that; expect an appropriately-scaled down
More informationL6 Application Programming. Thibault Sellam Fall 2018
L6 Application Programming Thibault Sellam Fall 2018 Topics Interfacing with applications Database APIs (DBAPIS) Cursors SQL!= Programming Language Not a general purpose programming language Tailored for
More informationWeb Security: Vulnerabilities & Attacks
Computer Security Course. Web Security: Vulnerabilities & Attacks Type 2 Type 1 Type 0 Three Types of XSS Type 2: Persistent or Stored The attack vector is stored at the server Type 1: Reflected The attack
More informationLECTURE 21. Database Interfaces
LECTURE 21 Database Interfaces DATABASES Commonly, Python applications will need to access a database of some sort. As you can imagine, not only is this easy to do in Python but there is a ton of support
More informationDatabases. Course October 23, 2018 Carsten Witt
Databases Course 02807 October 23, 2018 Carsten Witt Databases Database = an organized collection of data, stored and accessed electronically (Wikipedia) Different principles for organization of data:
More informationLABORATORY OF DATA SCIENCE. Data Access: Relational Data Bases. Data Science and Business Informatics Degree
LABORATORY OF DATA SCIENCE Data Access: Relational Data Bases Data Science and Business Informatics Degree RDBMS data access 2 Protocols and API ODBC, OLE DB, ADO, ADO.NET, JDBC Python DBAPI with ODBC
More informationSQL: Programming. Introduction to Databases CompSci 316 Fall 2017
SQL: Programming Introduction to Databases CompSci 316 Fall 2017 2 Announcements (Thu., Oct. 12) Project milestone #1 due tonight Only one member per team needs to submit Remember members.txt Midterm is
More informationIntroduction to Information Systems
Table of Contents 1... 2 1.1 Introduction... 2 1.2 Architecture of Information systems... 2 1.3 Classification of Data Models... 4 1.4 Relational Data Model (Overview)... 8 1.5 Conclusion... 12 1 1.1 Introduction
More informationOrder Central Requirements 08/04/2009
Order Central Requirements 08/04/2009 Contents: Contents:... 1 Table of Figures:... 1 Order Central Architecture... 2 Database:... 2 :... 3 Server:... 3 Browsers:... 3 Minimum Recommended Setup:... 4 Optimum
More informationI n p u t. This time. Security. Software. sanitization ); drop table slides. Continuing with. Getting insane with. New attacks and countermeasures:
This time Continuing with Software Security Getting insane with I n p u t sanitization ); drop table slides New attacks and countermeasures: SQL injection Background on web architectures A very basic web
More informationClojure Web Security. FrOSCon Joy Clark & Simon Kölsch
Clojure Web Security FrOSCon 2016 Joy Clark & Simon Kölsch Clojure Crash Course (println "Hello Sankt Augustin!") Lisp + JVM Functional programming language Simple programming model Immutable Data Structures
More information7401ICT eservice Technology. (Some of) the actual examination questions will be more precise than these.
SAMPLE EXAMINATION QUESTIONS (Some of) the actual examination questions will be more precise than these. Basic terms and concepts Define, compare and discuss the following terms and concepts: a. HTML,
More informationCS 161 Computer Security
Raluca Ada Popa Spring 2018 CS 161 Computer Security Discussion 9 Week of March 19, 2018 Question 1 Warmup: SOP (15 min) The Same Origin Policy (SOP) helps browsers maintain a sandboxed model by preventing
More informationIntroduction to pysqlite
Introduction to pysqlite A crash course to accessing SQLite from within your Python programs. Based on pysqlite 2.0. SQLite basics SQLite is embedded, there is no server Each SQLite database is stored
More informationEmbedded SQL. csc343, Introduction to Databases Diane Horton with examples from Ullman and Widom Fall 2014
Embedded SQL csc343, Introduction to Databases Diane Horton with examples from Ullman and Widom Fall 2014 Problems with using interactive SQL Standard SQL is not Turing-complete. E.g., Two profs are colleagues
More informationDiscussion CSE 224. Week 4
Discussion CSE 224 Week 4 Midterm The midterm will cover - 1. Topics discussed in lecture 2. Research papers from the homeworks 3. Textbook readings from Unit 1 and Unit 2 HW 3&4 Clarifications 1. The
More informationPrepared Statement. Always be prepared
Prepared Statement Always be prepared The problem with ordinary Statement The ordinary Statement was open to SQL injections if fed malicious data. What would the proper response to that be? Filter all
More informationWeb Application Vulnerabilities: OWASP Top 10 Revisited
Pattern Recognition and Applications Lab Web Application Vulnerabilities: OWASP Top 10 Revisited Igino Corona igino.corona AT diee.unica.it Computer Security April 5th, 2018 Department of Electrical and
More informationAlan Nichol Co-founder and CTO, Rasa
BUILDING CHATBOTS IN PYTHON Virtual assistants and accessing data Alan Nichol Co-founder and CTO, Rasa Virtual assistants Common chatbot use cases: Scheduling a meeting Bookling a flight Searching for
More informationCS 161 Computer Security
Nick Weaver Fall 2018 CS 161 Computer Security Homework 3 Due: Friday, 19 October 2018, at 11:59pm Instructions. This homework is due Friday, 19 October 2018, at 11:59pm. No late homeworks will be accepted
More informationWeb Application Threats and Remediation. Terry Labach, IST Security Team
Web Application Threats and Remediation Terry Labach, IST Security Team IST Security Team The problem While we use frewalls and other means to prevent attackers from access to our networks, we encourage
More informationWeb insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.
Web Security Web Programming Uta Priss ZELL, Ostfalia University 2013 Web Programming Web Security Slide 1/25 Outline Web insecurity Security strategies General security Listing of server-side risks Language
More informationdjango-secure Documentation
django-secure Documentation Release 0.1.2 Carl Meyer and contributors January 23, 2016 Contents 1 Quickstart 3 1.1 Dependencies............................................... 3 1.2 Installation................................................
More informationBOOSTING THE SECURITY OF YOUR ANGULAR 2 APPLICATION
BOOSTING THE SECURITY OF YOUR ANGULAR 2 APPLICATION Philippe De Ryck NG-BE Conference, December 9 th 2016 https://www.websec.be ABOUT ME PHILIPPE DE RYCK My goal is to help you build secure web applications
More informationAdvanced Web Technology 10) XSS, CSRF and SQL Injection
Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 1 Table of Contents Cross Site Request Forgery - CSRF Presentation
More informationApplication vulnerabilities and defences
Application vulnerabilities and defences In this lecture We examine the following : SQL injection XSS CSRF SQL injection SQL injection is a basic attack used to either gain unauthorized access to a database
More informationAvoiding Web Application Flaws In Embedded Devices. Jake Edge LWN.net URL for slides:
Avoiding Web Application Flaws In Embedded Devices Jake Edge LWN.net jake@lwn.net URL for slides: http://lwn.net/talks/elce2008 Overview Examples embedded devices gone bad Brief introduction to HTTP Authentication
More informationNon-interactive SQL. EECS Introduction to Database Management Systems
Non-interactive SQL EECS3421 - Introduction to Database Management Systems Using a Database Interactive SQL: Statements typed in from terminal; DBMS outputs to screen. Interactive SQL is inadequate in
More informationWeb Security, Part 1 (as usual, thanks to Dave Wagner and Vern Paxson)
Web Security, Part 1 (as usual, thanks to Dave Wagner and Vern Paxson) Web Server Threats What can happen? Compromise Defacement Gateway to attacking clients Disclosure (not mutually exclusive) And what
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationBinary Protector: Intrusion Detection in Multitier Web Applications
Binary Protector: Intrusion Detection in Multitier Web Applications C. Venkatesh 1 D.Nagaraju 2 T.Sunil Kumar Reddy 3 1 P.G Scholar, CSE Dept, Sir Vishveshwariah Institute of Science and Technology 2 Assistant
More informationPYTHON. Values and Variables
December 13 2017 Naveen Sagayaselvaraj PYTHON Values and Variables Overview Integer Values Variables and Assignment Identifiers Floating-point Types User Input The eval Function Controlling the print Function
More informationDEFENSIVE PROGRAMMING. Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology
DEFENSIVE PROGRAMMING Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology Traditional Programming When writing a program, programmers typically
More informationCSE : Python Programming
CSE 399-004: Python Programming Lecture 08: Graphical User Interfaces with wxpython March 12, 2005 http://www.seas.upenn.edu/~cse39904/ Plan for today and next time Today: wxpython (part 1) Aside: Arguments
More informationAnnouncements. Multi-column Keys. Multi-column Keys (3) Multi-column Keys. Multi-column Keys (2) Introduction to Data Management CSE 414
Introduction to Data Management CSE 414 Announcements Reminder: first web quiz due Sunday Lecture 3: More SQL (including most of Ch. 6.1-6.2) CSE 414 - Spring 2017 1 CSE 414 - Spring 2017 2 Multi-column
More informationUNIVERSITY OF TORONTO SCARBOROUGH. December 2017 EXAMINATIONS. CSCA20H3 Duration 3 hours. Examination Aids: Instructor: Bretscher
PLEASE HAND IN UNIVERSITY OF TORONTO SCARBOROUGH December 2017 EXAMINATIONS CSCA20H3 Duration 3 hours PLEASE HAND IN Examination Aids: None Student Number: Last (Family) Name(s): First (Given) Name(s):
More informationGo Secure Coding Practices
Go Secure Coding Practices Introductions Sulhaedir IT Security Analyst at Tokopedia sulhaedir05@gmail.com Outline What is secure coding? Advantage of secure coding For Pentester For Developer / Programmer
More informationAnnouncements. Multi-column Keys. Multi-column Keys. Multi-column Keys (3) Multi-column Keys (2) Introduction to Data Management CSE 414
Introduction to Data Management CSE 414 Lecture 3: More SQL (including most of Ch. 6.1-6.2) Announcements WQ2 will be posted tomorrow and due on Oct. 17, 11pm HW2 will be posted tomorrow and due on Oct.
More informationSecurity Course. WebGoat Lab sessions
Security Course WebGoat Lab sessions WebGoat Lab sessions overview Initial Setup Tamper Data Web Goat Lab Session 4 Access Control, session information stealing Lab Session 2 HTTP Basics Sniffing Parameter
More informationUsing SQLite in ArcGIS Python Scripts
Using SQLite in ArcGIS Python Scripts Leslie H. Morgan, Ph.D. Leslie.Morgan@GISNuts.com What is SQLite? The most widely deployed database engine worldwide. Transactional SQL database. Implements most of
More informationDeveloping Informix Applications in Python
Developing Informix Applications in Python Carsten Haese Unique Systems, Inc. Informix Forum 2006 Washington, DC December 8-9, 2006 Overview Python Features InformixDB Features Installing InformixDB Interactive
More informationWEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
More informationWELCOME. APEX Security Primer. About Enkitec. About the Presenter. ! Oracle Platinum Partner! Established in 2004
WELCOME APEX Security Primer Scott Spendolini Executive Director!1!2 About the Presenter About Enkitec! Scott Spendolini! Oracle Platinum Partner! scott.spendolini@enkitec.com! Established in 2004! @sspendol!
More informationP2_L12 Web Security Page 1
P2_L12 Web Security Page 1 Reference: Computer Security by Stallings and Brown, Chapter (not specified) The web is an extension of our computing environment, because most of our daily tasks involve interaction
More informationWentworth Institute of Technology COMP570 Database Applications Fall 2014 Derbinsky. SQL Programming. Lecture 8. SQL Programming
Lecture 8 1 Outline Context General Approaches Typical Programming Sequence Examples 2 Database Design and Implementation Process Normalization 3 SQL via API Embedded SQL SQLJ General Approaches DB Programming
More informationWeb Application Security GVSAGE Theater
Web Application Security GVSAGE Theater B2B Tech Expo Oct 29, 2003 Durkee Consulting www.rd1.net 1 Ralph Durkee SANS Certified Mentor/Instructor SANS GSEC, GCIH, GGSC Network Security and Software Development
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 4 Week of February 13, 2017 Question 1 Clickjacking (5 min) Watch the following video: https://www.youtube.com/watch?v=sw8ch-m3n8m Question 2 Session
More information15-388/688 - Practical Data Science: Relational Data. J. Zico Kolter Carnegie Mellon University Spring 2018
15-388/688 - Practical Data Science: Relational Data J. Zico Kolter Carnegie Mellon University Spring 2018 1 Announcements Piazza etiquette: Changing organization of threads to be easier to search (starting
More informationMariaDB ColumnStore PySpark API Usage Documentation. Release d1ab30. MariaDB Corporation
MariaDB ColumnStore PySpark API Usage Documentation Release 1.2.3-3d1ab30 MariaDB Corporation Mar 07, 2019 CONTENTS 1 Licensing 1 1.1 Documentation Content......................................... 1 1.2
More informationSQL: Programming. Introduction to Databases CompSci 316 Fall 2018
SQL: Programming Introduction to Databases CompSci 316 Fall 2018 2 Announcements (Thu., Oct. 11) Dean Khary McGhee, Office of Student Conduct, speaks about the Duke Community Standard Project milestone
More informationGenerating String Attack Inputs Using Constrained Symbolic Execution. presented by Kinga Dobolyi
Generating String Attack Inputs Using Constrained Symbolic Execution presented by Kinga Dobolyi What is a String Attack? Web applications are 3 tiered Vulnerabilities in the application layer Buffer overruns,
More informationWeb Attacks, con t. CS 161: Computer Security. Prof. Vern Paxson. TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin
Web Attacks, con t CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ February 24, 2011 Announcements Guest lecture
More informationA Haskell and Information Flow Control Approach to Safe Execution of Untrusted Web Applications
A Haskell and Information Flow Control Approach to Safe Execution of Untrusted Web Applications Deian Stefan Stanford University April 11, 2011 Joint work with David Mazières, Alejandro Russo, Daniel B.
More informationCOMP9321 Web Application Engineering
COMP9321 Web Application Engineering Semester 2, 2017 Dr. Amin Beheshti Service Oriented Computing Group, CSE, UNSW Australia Week 9 http://webapps.cse.unsw.edu.au/webcms2/course/index.php?cid=2465 1 Assignment
More informationAN EVALUATION OF THE GOOGLE CHROME EXTENSION SECURITY ARCHITECTURE
AN EVALUATION OF THE GOOGLE CHROME EXTENSION SECURITY ARCHITECTURE Nicholas Carlini, Adrienne Porter Felt, David Wagner University of California, Berkeley CHROME EXTENSIONS CHROME EXTENSIONS servers servers
More informationBringing the Semantic Web closer to reality PostgreSQL as RDF Graph Database
Bringing the Semantic Web closer to reality Jimmy Angelakos EDINA, University of Edinburgh FOSDEM 04-05/02/2017 or how to export your data to someone who's expecting RDF Jimmy Angelakos EDINA, University
More informationParse String at Web Client
Parse String at Web Client Last updated: 2013-02-18 Contents The Sample Problem... 1 Create a Parse Method... 2 Use String Variable... 2 Split user input... 3 Get Number of Words... 5 Merge Array into
More informationTransactions for web developers
Transactions for web developers Aymeric Augustin - @aymericaugustin DjangoCon Europe - May 17th, 2013 1 Transaction management tools are often made to seem like a black art. Christophe Pettus (2011) Life
More informationInjection vulnerabilities: command injection and SQL injection
Injection vulnerabilities: command injection and SQL injection Questões de Segurança em Engenharia de Software (QSES) Departamento de Ciência de Computadores Faculdade de Ciências da Universidade do Porto
More informationNow go to bash and type the command ls to list files. The unix command unzip <filename> unzips a file.
wrangling data unix terminal and filesystem Grab data-examples.zip from top of lecture 4 notes and upload to main directory on c9.io. (No need to unzip yet.) Now go to bash and type the command ls to list
More informationGraphQL. Concepts & Challenges. - I m Robert Mosolgo - Work from home Ruby developer - From Charlottesville VA - For GitHub
GraphQL Concepts & Challenges - I m Robert Mosolgo - Work from home Ruby developer - From Charlottesville VA - For GitHub Rails API WHY - You have your Rails app, why bother with an API? - You have clients.
More informationChapters 10 & 11 PHP AND MYSQL
Chapters 10 & 11 PHP AND MYSQL Getting Started The database for a Web app would be created before accessing it from the web. Complete the design and create the tables independently. Use phpmyadmin, for
More informationMusic Video Redundancy and Half-Life in YouTube
Old Dominion University ODU Digital Commons Computer Science Presentations Computer Science 9-26-2011 Music Video Redundancy and Half-Life in YouTube Matthias Prellwitz Michael L. Nelson Old Dominion University,
More informationA1 (Part 2): Injection SQL Injection
A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a password manager is a good idea! SQL injection is ironic SQL injection is funny Firewall Firewall Accounts
More informationThe security of Mozilla Firefox s Extensions. Kristjan Krips
The security of Mozilla Firefox s Extensions Kristjan Krips Topics Introduction The extension model How could extensions be used for attacks - website defacement - phishing attacks - cross site scripting
More informationIntroduction 13. Feedback Downloading the sample files Problem resolution Typographical Conventions Used In This Book...
Contents Introduction 13 Feedback... 13 Downloading the sample files... 13 Problem resolution... 13 Typographical Conventions Used In This Book... 14 Putting the Smart Method to Work 16 Visual Studio version
More informationSYMFONY2 WEB FRAMEWORK
1 5828 Foundations of Software Engineering Spring 2012 SYMFONY2 WEB FRAMEWORK By Mazin Hakeem Khaled Alanezi 2 Agenda Introduction What is a Framework? Why Use a Framework? What is Symfony2? Symfony2 from
More informationCS 361S - Network Security and Privacy Spring Homework #2
CS 361S - Network Security and Privacy Spring 2014 Homework #2 Due: 11am CDT (in class), April 17, 2014 YOUR NAME: Collaboration policy No collaboration is permitted on this assignment. Any cheating (e.g.,
More informationCSC326 Persistent Programming i. CSC326 Persistent Programming
i CSC326 Persistent Programming ii REVISION HISTORY NUMBER DATE DESCRIPTION NAME 1.0 2011-09 JZ iii Contents 1 Agenda 1 2 Persistent Programming 1 3 File 1 4 File names and Path 2 5 Catching Exception
More informationThe Specification Xml Failed To Validate Against The Schema Whitespace
The Specification Xml Failed To Validate Against The Schema Whitespace go-xsd - A package that loads XML Schema Definition (XSD) files. Its *makepkg* tool generates a Go package with struct type-defs to
More informationTRANSFER MANAGER 2017
TRANSFER MANAGER 2017 LAST UPDATED: JULY 2017 System enhancements are located in Resolved system issues are located in WHAT S IMPROVED? BEFORE YOU BEGIN WEB SERVICE The Transfer Manager 2017 Web Service
More informationSecure Parameter Filter (SPF) (AKA Protecting Vulnerable Applications with IIS7) Justin Clarke, Andrew Carey Nairn
Secure Parameter Filter (SPF) (AKA Protecting Vulnerable Applications with IIS7) Justin Clarke, Andrew Carey Nairn Our Observations The same old code-level problems Input Validation, Parameter Manipulation,
More informationCNIT 129S: Securing Web Applications. Ch 12: Attacking Users: Cross-Site Scripting (XSS) Part 2
CNIT 129S: Securing Web Applications Ch 12: Attacking Users: Cross-Site Scripting (XSS) Part 2 Finding and Exploiting XSS Vunerabilities Basic Approach Inject this string into every parameter on every
More informationREST in a Nutshell: A Mini Guide for Python Developers
REST in a Nutshell: A Mini Guide for Python Developers REST is essentially a set of useful conventions for structuring a web API. By "web API", I mean an API that you interact with over HTTP - making requests
More informationWeb Security: Vulnerabilities & Attacks
Computer Security Course. Song Dawn Web Security: Vulnerabilities & Attacks Slide credit: John Mitchell Dawn Song Security User Interface Dawn Song Safe to type your password? SAFEBANK Bank of the Safe
More informationIntroduction to Data Management CSE 414
Introduction to Data Management CSE 414 Lecture 3: More SQL (including most of Ch. 6.1-6.2) Overload: https://goo.gl/forms/2pfbteexg5l7wdc12 CSE 414 - Fall 2017 1 Announcements WQ2 will be posted tomorrow
More informationRESTful Services. Distributed Enabling Platform
RESTful Services 1 https://dev.twitter.com/docs/api 2 http://developer.linkedin.com/apis 3 http://docs.aws.amazon.com/amazons3/latest/api/apirest.html 4 Web Architectural Components 1. Identification:
More informationSQL Deluxe 2.0 User Guide
Page 1 Introduction... 3 Installation... 3 Upgrading an existing installation... 3 Licensing... 3 Standard Edition... 3 Enterprise Edition... 3 Enterprise Edition w/ Source... 4 Module Settings... 4 Force
More informationeb Security Software Studio
eb Security Software Studio yslin@datalab 1 OWASP Top 10 Security Risks in 2017 Rank Name 1 Injection 2 Broken Authentication and Session Management 3 Cross-Site Scripting (XSS) 4 Broken Access Control
More informationExceptions & a Taste of Declarative Programming in SQL
Exceptions & a Taste of Declarative Programming in SQL David E. Culler CS8 Computational Structures in Data Science http://inst.eecs.berkeley.edu/~cs88 Lecture 12 April 18, 2016 Computational Concepts
More informationClient Side Injection on Web Applications
Client Side Injection on Web Applications Author: Milad Khoshdel Blog: https://blog.regux.com Email: miladkhoshdel@gmail.com 1 P a g e Contents INTRODUCTION... 3 HTML Injection Vulnerability... 4 How to
More information20.5. urllib Open arbitrary resources by URL
1 of 9 01/25/2012 11:19 AM 20.5. urllib Open arbitrary resources by URL Note: The urllib module has been split into parts and renamed in Python 3.0 to urllib.request, urllib.parse, and urllib.error. The
More informationWeb Security. Attacks on Servers 11/6/2017 1
Web Security Attacks on Servers 11/6/2017 1 Server side Scripting Javascript code is executed on the client side on a user s web browser Server side code is executed on the server side. The server side
More information