Sec23-01-Updated.pdf

Course Overview

Part 1: Web security

• Browsers, building robust websites

Part 2: Software security

• Securing apps, OS, access control

Part 3: Mobile security

Trusting Trust

Ken Thompson's article on trusting trust

• Can we truly trust anyone's software?

Sample Attacks

1. IP address and bandwidth stealing

Goal: Look like a random Internet user

• Spam
• DoS
• Click fraud

1. Steal user credentials and inject ads
2. Ransomware

• WannaCry

1. Spread to isolated systems