Basics of Software and Security

Software & SecurityPiTechnologies

www.pitechnologies.net

PiTechnologies is an Egyptian company

PiTechnologies is specialized in:

Mobile Applications Development

Web Applications Development

Security Services

Professional Training Services

About PiTechnologies


Agenda

Software Technical Point of View

Basic Security Concepts

Security is a must


Technical Point of View


Programming Concepts



Code Life Cycle

Source Codes Compiler Object

Files Linker Exe File

Compiler Based

Run



Code Life Cycle

Source Codes

Interpreter

Interpreter Based

Run



Source Code

It is human readable code written on a normal text file



Compiler

It is the program that transfers the human like code into a machine code

Compiler targets certain machine (processor architecture)

Input is source file, output is object file



Linker

It is a program that gathers all the object files (compiler output) into a single exe file

Gathering object files into a single exe file is called static linking, while linking object file with an external lib is called dynamic linking



EXE file

It is the final product (runnable file) in the compiler based languages



Compiler Example

GCC

GNU C Compiler



Interpreter

It is an application that runs the source code without compiling

A programming language is either interpreter based or compiler based



Interpreter Example

Python

Perl

Shell scripting

PHP



Compiler VS Interpreter

Which is better ?

Wrong Question



UsageCompiler Interpreter

Size Large Projects Small Projects

Reuse High reusability Low reusability

Output Application Script

Functions Multi Function Single Function



Portability Concept



Why Java ?

Portability



Portability

It means that you can run the same executable file on different platforms

Operating System + Processor Architecture



Illustration

Platform 1Platform 2

Bin 2 Bin 1



Illustration

Platform 1Platform 2

Bin 2 Bin 1

Bin 0

JVM

JVM

Bin 0

JVM

JVM



Benefits

We will change only one app for each new platform, the JVM

We don’t need to change all the apps for each new platform



Security is a Must


Laptops Phones Employees

Secure the following …


Security Concepts


CIA Triangle


Confidentiality

Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and

proprietary information


Integrity

Guarding against improper information modification or destruction, including

ensuring information nonrepudiation and authenticity


Availability

Ensuring timely and reliable access to and use of information


Common Attacks


Phishing Session HiJacking

Password Reuse Sniffing

1 2

3 4


Phishing


Session HiJacking

S E R V E R

Client

Username + Password + remember me

Cookie

Cookie


Session HijackingS E R V E R

Attacker

Victim Machine

Text + JavaScript

XSSText + JavaScript

Text: Display JS: Run

Cook

ie


Password Reuse

Q?Do you reuse your password

for many sites ?


Don’t Do this !


Sniffing

Local Network

Who ?Public/Cafe/Free Wifi

CookiesUnencrypted Traffic


Security Facts


Do you know ..


100 Billion $ Cost of Cyber Crimes / Year

100,000,000,000


556 Million Victims / Year of Cyber Crimes

~ 18 Victim / Second

556,000,000


216,000 FB Accounts hacked / Year

~ 600 Account / Day

216,000


36 % of Cyber attacks target Companies’ networks

and websites

36 %


Does not sound serious yet ..


Think of ..


Losing all business/personal

data

1


A competitor getting an access to your

computer

2


Employees getting access to confidential

documents

3


A virus halts your office/home computers

for a week

4


A customer see your website/blog/Facebook page down, or hacked

5


Some one is reading and sending messages from

your inbox

6


It is not an easy job for an attacker to do the previous issues, however Don’t worry much ..

YOUHelp him doing this


Do you want to know how you are helping the

attacker ?


Finally


Learn .. Think .. Code ..


Change Passwords .. Dont trust Public Networks ..

Stay Secure ..


Easy to Remember Hard to Guess

• word site number

• ahmedfb21@!

• aHMeDFB21@!

• zHMdDRG21@!

!

• Pass for gmail: using gm can be: zHMdDTJ21@!

ahmedfb2121

use shift with second 21

use shift with non vowel letters

use the key below the vowel letter in the keyboard

use the key above the letter in the keyboard for the site letters f,b


Thanks for listening :)[email protected] skype: ahmedyossef.21

facebook.com/PiTechnologies.page

mailto:[email protected]

http://facebook.com/ahmedyossef.21

Basics of Software and Security

Software

Transcript of Basics of Software and Security