Evolution of Software Security and Hacking

Evolution of Software Security and Hacking
Slide Note
Embed
Share

The history of software security and hacking dates back to the Enigma Machine in the 1930s, with advancements leading to modern web-based attacks like DoS and SQL Slammers in the early 2000s. Explore the evolution of web technologies and the emergence of new exploits targeting users directly.

  • Software Security
  • Hacking History
  • Web Evolution
  • Cyber Attacks
  • Exploitation
mtar
mtar Follow

Uploaded on Mar 04, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. HISTORY OF SOFTWARE SECURITY AND HACKING Based mainly on the book Web Application Security: Exploitation and Countermeasures for Modern Web Applications by Andrew Hoffman (2020)

  2. HACKING Hacking? the gaining of unauthorized access to data in a system or computer (Oxford Languages) Q: Is this a complete definition of hacking? Hacking is the act of identifying and then exploiting weaknesses in a computer system or network, usually to gain unauthorized access to personal or organizational data. Hacking is not always a malicious activity, but the term has mostly negative connotations due to its association with cybercrime. (https://www.kaspersky.com/resource-center/definitions/what-is-hacking) 2

  3. HISTORY OF HACKING 1930s: the Enigma Machine 1940s: Automated Enigma Code Cracking The Bombe : A bombe was an electric-powered mechanical device that attempted to automatically reverse engineer the position of mechanical rotors in an Enigma machine based on mechanical analysis of messages sent from such machines. 1950s: Telephone Phreaking 1960s: Anti-Phreaking Technology 1980s: Computer Hacking - Computer virus (1983, Fred Cohen) - Computer Worm (1988, Robert Morris) 3

  4. WEB EVOLUTION 1990s: The HTTP protocol 1995: Netscape Navigator (web browser) 2000s: from static HTML pages to the dynamic and interactive Web - dynamic? Client-side scripts, browser plug-ins, Java applets, - Interactive? User-generated data, interactions between users - The Web has evolved from a document distribution/sharing platform (in early 1990s) to an application distribution platform (late 1990s and after). - Users can access mission-critical functionality over the web. - Military communications, Bank transactions, - Web 2.0 enabled blogs, wikis, media sharing sites, - In addition to the servers and the networks, web users have become a prime target of attacks. 4

  5. HACKING ON THE WEB early 2000s: DoS attacks shut down major web sites (Yahoo, Amazon, eBay, ) 2002: Microsoft s ActiveX plug-in vulnerability remote file uploads and downloads invoked by a malicious website ~2003: SQL Slammers made the Internet unavailable in may countries. Mid 2000s: Phishing websites Cross-Site Scripting (XSS) vulnerabilities allowed a hacker s code to run in a user s browser session inside of a legitimate website. 5

  6. HACKING ON THE WEB (CONT.) New types of exploits emerged that take advantage of the user rather than the network or server. Attacks often scale by distribution through email, social media, or instant messaging. Some hackers even build up legitimate networks of real websites to promote a single malicious website. Oftentimes, malicious code is hidden behind a legitimate-looking interface. (Phishing) Browser plug-ins are frequently caught stealing data. Sometimes hackers even find ways to run their own code on websites they do not own. 6

  7. SECURING WEB APPLICATIONS Traditional standalone applications have become web applications. Hackers today are primarily targeting users and data that can be accessed via web browsers. Issues to be addressed? Browser (in)security o The web browser has become a universal platform on which users access applications. Protocol security o From HTTP to HTTP over SSL (HTTPS) Application security o Hacking often exploits bugs in an application s code. o A web application can have hundreds of open source dependencies, integrations with other websites, and multiple databases of various types, and be served from more than one web server in more than one location. 7

  8. SECURING WEB APPLICATIONS (CONT.) Browser (in)security A web browser is used by a single user. However, A web page on a web server is shared/retrieved by multiple users. Loading a web page often involves running a script. What the user sees in a single page may contain contents from multiple servers. Data generated by a user is sent back to the web server. Same Origin Policy (SOP): isolation between websites with different origins Under the policy, a web browser permits scripts contained in a first web page to access data in a second web page, but only if both web pages have the same origin. (Wikipedia) Content Security Policy (CSP) allows the developer of a website to specify various levels of security, such as whether scripts should be able to execute inline (in the HTML). ?? 8

  9. SECURING WEB APPLICATIONS (CONT.) Web applications security Today s web applications are much larger and more complex than their predecessors. As a hacker can now focus on breaking into web applications by exploiting logic bugs in the application code. Often these bugs result as a side effect of advanced user interaction featured within the web application. The hackers of the past decade focused much of their time on breaking into servers, networks, and browsers; the modern hacker spends most of their time breaking into web applications by exploiting vulnerabilities present in code. 9

  10. SUMMARY Modern web applications are enhanced by new features, which bring new surface area for attackers to exploit. Each new technology comes with its own unique attack surface and vulnerabilities. The increasing complexity of web-based information systems also increases the attack surface. As a security professional, one must know both offensive and defensive security techniques. Stay up to date on the latest new technologies. Develop security-related critical thinking and problem solving skills. 10

Related


Man-in-the-Middle Attacks and Network Security Threats

Man-in-the-Middle Attacks and Network Security Threats

crash
Software Processes and Models

Software Processes and Models

fatima
Software Measurement and Metrics in Software Engineering

Software Measurement and Metrics in Software Engineering

asmodeus
Ethical Hacking Essential Knowledge

Ethical Hacking Essential Knowledge

Ranjitha1
Protecting Your Work Environment from Hacking Threats

Protecting Your Work Environment from Hacking Threats

taly_760
Unveiling Google Hacking Techniques

Unveiling Google Hacking Techniques

aren_ra
Security Threats and Countermeasures

Security Threats and Countermeasures

grob_aid
Strategies for Growth Hacking in Child Welfare Tech Entrepreneurship

Strategies for Growth Hacking in Child Welfare Tech Entrepreneurship

afede
Ethical Hacking_ Principles, Practices, and Significance

Ethical Hacking_ Principles, Practices, and Significance

Hammad
Factors Influencing Adoption of Security Tools in Software Development

Factors Influencing Adoption of Security Tools in Software Development

thackery
Software Construction and Evolution in CSSE 375: Overview

Software Construction and Evolution in CSSE 375: Overview

djul
CSSE 375: Software Construction and Evolution - Course Overview and Final Exam Preview

CSSE 375: Software Construction and Evolution - Course Overview and Final Exam Preview

emanuele_n
Rules and Practices for Software Evolution Support

Rules and Practices for Software Evolution Support

eder513
Ethical Hacking: Understanding the Different Types of Hackers

Ethical Hacking: Understanding the Different Types of Hackers

jarn504
Software Evolution: Managing Change and Evolution in Organizational Systems

Software Evolution: Managing Change and Evolution in Organizational Systems

zhou_mo
Hacking: Types, Hackers, and Ethics

Hacking: Types, Hackers, and Ethics

barakat_m
The Essence of Software Development Process

The Essence of Software Development Process

katiely
Software Engineering and Development Processes

Software Engineering and Development Processes

benici
Innovative Security Solutions: Gaetano Perrone Tutor Simon Pietro Romano

Innovative Security Solutions: Gaetano Perrone Tutor Simon Pietro Romano

kald_4
Security Testing and Architecture

Security Testing and Architecture

nataleaei
Cross-Site Scripting (XSS) Attacks and Prevention Measures

Cross-Site Scripting (XSS) Attacks and Prevention Measures

miry_318
Data Breach Causes in Education

Data Breach Causes in Education

astell

More Related Content