Post on 24-Apr-2015
description
Software & SecurityPiTechnologies
www.pitechnologies.net
PiTechnologies is an Egyptian company
PiTechnologies is specialized in:
Mobile Applications Development
Web Applications Development
Security Services
Professional Training Services
About PiTechnologies
www.pitechnologies.net
Agenda
Software Technical Point of View
Basic Security Concepts
Security is a must
www.pitechnologies.net
Technical Point of View
www.pitechnologies.net
Programming Concepts
www.pitechnologies.net
www.pitechnologies.net
Code Life Cycle
Source Codes Compiler Object
Files Linker Exe File
Compiler Based
Run
www.pitechnologies.net
www.pitechnologies.net
Code Life Cycle
Source Codes
Interpreter
Interpreter Based
Run
www.pitechnologies.net
www.pitechnologies.net
Source Code
It is human readable code written on a normal text file
www.pitechnologies.net
www.pitechnologies.net
Compiler
It is the program that transfers the human like code into a machine code
Compiler targets certain machine (processor architecture)
Input is source file, output is object file
www.pitechnologies.net
www.pitechnologies.net
Linker
It is a program that gathers all the object files (compiler output) into a single exe file
Gathering object files into a single exe file is called static linking, while linking object file with an external lib is called dynamic linking
www.pitechnologies.net
www.pitechnologies.net
EXE file
It is the final product (runnable file) in the compiler based languages
www.pitechnologies.net
www.pitechnologies.net
Compiler Example
GCC
GNU C Compiler
www.pitechnologies.net
www.pitechnologies.net
Interpreter
It is an application that runs the source code without compiling
A programming language is either interpreter based or compiler based
www.pitechnologies.net
www.pitechnologies.net
Interpreter Example
Python
Perl
Shell scripting
PHP
www.pitechnologies.net
www.pitechnologies.net
Compiler VS Interpreter
Which is better ?
Wrong Question
www.pitechnologies.net
www.pitechnologies.net
UsageCompiler Interpreter
Size Large Projects Small Projects
Reuse High reusability Low reusability
Output Application Script
Functions Multi Function Single Function
www.pitechnologies.net
www.pitechnologies.net
Portability Concept
www.pitechnologies.net
www.pitechnologies.net
Why Java ?
Portability
www.pitechnologies.net
www.pitechnologies.net
Portability
It means that you can run the same executable file on different platforms
Operating System + Processor Architecture
www.pitechnologies.net
www.pitechnologies.net
Illustration
Platform 1Platform 2
Bin 2 Bin 1
www.pitechnologies.net
www.pitechnologies.net
Illustration
Platform 1Platform 2
Bin 2 Bin 1
Bin 0
JVM
JVM
Bin 0
JVM
JVM
www.pitechnologies.net
www.pitechnologies.net
Benefits
We will change only one app for each new platform, the JVM
We don’t need to change all the apps for each new platform
www.pitechnologies.net
www.pitechnologies.net
Security is a Must
www.pitechnologies.net
Laptops Phones Employees
Secure the following …
www.pitechnologies.net
Security Concepts
www.pitechnologies.net
CIA Triangle
www.pitechnologies.net
Confidentiality
Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and
proprietary information
www.pitechnologies.net
Integrity
Guarding against improper information modification or destruction, including
ensuring information nonrepudiation and authenticity
www.pitechnologies.net
Availability
Ensuring timely and reliable access to and use of information
www.pitechnologies.net
Common Attacks
www.pitechnologies.net
Phishing Session HiJacking
Password Reuse Sniffing
1 2
3 4
www.pitechnologies.net
Phishing
www.pitechnologies.net
Session HiJacking
S E R V E R
Client
Username + Password + remember me
Cookie
Cookie
www.pitechnologies.net
Session HijackingS E R V E R
Attacker
Victim Machine
Text + JavaScript
XSSText + JavaScript
Text: Display JS: Run
Cook
ie
www.pitechnologies.net
Password Reuse
Q?Do you reuse your password
for many sites ?
www.pitechnologies.net
Don’t Do this !
www.pitechnologies.net
Sniffing
Local Network
Who ?Public/Cafe/Free Wifi
CookiesUnencrypted Traffic
www.pitechnologies.net
Security Facts
www.pitechnologies.net
Do you know ..
www.pitechnologies.net
100 Billion $ Cost of Cyber Crimes / Year
100,000,000,000
www.pitechnologies.net
556 Million Victims / Year of Cyber Crimes
~ 18 Victim / Second
556,000,000
www.pitechnologies.net
216,000 FB Accounts hacked / Year
~ 600 Account / Day
216,000
www.pitechnologies.net
36 % of Cyber attacks target Companies’ networks
and websites
36 %
www.pitechnologies.net
Does not sound serious yet ..
www.pitechnologies.net
Think of ..
www.pitechnologies.net
Losing all business/personal
data
1
www.pitechnologies.net
A competitor getting an access to your
computer
2
www.pitechnologies.net
Employees getting access to confidential
documents
3
www.pitechnologies.net
A virus halts your office/home computers
for a week
4
www.pitechnologies.net
A customer see your website/blog/Facebook page down, or hacked
5
www.pitechnologies.net
Some one is reading and sending messages from
your inbox
6
www.pitechnologies.net
It is not an easy job for an attacker to do the previous issues, however Don’t worry much ..
YOUHelp him doing this
www.pitechnologies.net
Do you want to know how you are helping the
attacker ?
www.pitechnologies.net
Finally
www.pitechnologies.net
Learn .. Think .. Code ..
www.pitechnologies.net
Change Passwords .. Dont trust Public Networks ..
Stay Secure ..
www.pitechnologies.net
Easy to Remember Hard to Guess
• word site number
• ahmedfb21@!
• aHMeDFB21@!
• zHMdDRG21@!
!
• Pass for gmail: using gm can be: zHMdDTJ21@!
ahmedfb2121
use shift with second 21
use shift with non vowel letters
use the key below the vowel letter in the keyboard
use the key above the letter in the keyboard for the site letters f,b
www.pitechnologies.net
Thanks for listening :)ayossef@pitechnologies.net skype: ahmedyossef.21
facebook.com/PiTechnologies.page