COMS20012

Lecture 3 - Cryptography and Web Security

The material is subdivided in small videos.

Please, watch the videos and go through the reading material in your own time.

Also remember to work on the accompanying exercises sheet

Video Links Reading Material
A gentle introduction to Cryptography video (45min) (sorry about the bad audio. I bought a new mic, but it was worse!) pdf Text Book Chapter 1– sections 3.1, 3.2, 3.4, 3.5
A gentle introduction to Web Terminology video (32min) pdf Text Book Chapter 7– sections 1.1
Web Security Part 1 video (22min) pdf Text Book Chapter 7– sections 1.4, 2.1, 2.2, 2.3
Web Security Part 2 (XSS, CSRF) video (27min) pdf Text Book Chapter 7– sections 2.6, 2.7
Web Security Part 3 (SQLi) video (17min) pdf Text Book Chapter 7– section 3.3

Last week survey results

The results from last week survey are available.

Q&A

Note: Due to some setting issues, we realized that when Sanjay was explaining the input Sanitization example, the video did not capture his on-screen writing. It only captured his voice describing the example, which makes it hard to understand what was being pointed out. So, here is the example, he was talking about: It was a real example from MS sanitizing inputs for its IIS server. The idea was to remove the string <script> entirely whenever it appears in some specific user input. This will prevent malicious user from inserting javascript. As usual, the mitigation was bypassed by using the following string <scri<script>pt>. As you can see, on receiving this string, sanitizer removes substring <script>, which results in concating the remaining parts thereby generating the intended string <script>.