Experience the Dark Side
Authentic, technical professional development 04.0:Finally, I put all my learning materials about technical professional development online at Grove account; this account costs $15/semester and allows you to use script languages, such as perl or php. You can also set up Database with Grove (no additional cost). The problem is you have to work with telnet and command line (I found it difficult and inconvenient).
My plan for presentation, I shall call it “Experience the Dark Side.”
In short, I’ll let all you guys work on the materials, learn the possible attacks, and finally try attacking, tweaking my site (at grove http://grove.ufl.edu/~vasa/).
There are two popular attacks that I have learned and will discuss about in class.
Cross Site Scripting (XSS): this vulnerability involves sending a script from one to another HTML page. Unfortunately, user might unknowingly pull such script to their site. This weakness seems to cause problem in RSS and atom feeding since user might retrieve malicious script from feed providers.
SQL injection: Structured Query Language (SQL) is a language to manipulate relational database and it’s possible that hacker might use it to retrieve sensitive information. I set up pseudo records and channel that you can attack, retrieve sensitive records.
This is a self-paced lesson; if some of you have time during thanks giving or if you want your kids to experience the dark side, please don’t be hesitate to jump in.
Comments are welcome.
posted by พ่อบ้านเล่างานวิจัย @ 1:19 PM
1 Comments:
Hi Vasa. I look forward to trying to hacking your site. I wonder what kind of sensitive records I can get ahold of...
Mary
Post a Comment
<< Home