CHARGUS

Charlotte Geek Union of Student

ABOUT PAGE
Forum

Nov 25 /17 - Web Security

New Members

This time, we have more new members in our CHARGUS team, they are:

  • Will, in CDS, Charlotte, Freshman
  • Jack, Will’s friend, in Virginia Tech, a programmer
  • Mr. Chamberlain, teacher in CCDS, cool man
  • Kris, Bill’s host brother, did LEGO robot, in PDS, Charlotte

There are some new members did not show up at this meeting…

  • Joey, in CCDS, Charlotte, Freshman, tech guy
  • Sunday, in Charlotte Catholic, Junior, FIRST GIRL MEMBER

"CHARGUS Meeting"

Left to right: Joseph, Will, Jack, Mr. Chamberlain, Bill, Rocky Front: Kris

Meeting Summary

This “Hacking Saturday”, we mainly talked about Web Security, Object-oriented Programming, and some other small topics.

Web Security

Web security is the biggest part of this meeting, we mainly talked about:

  • SQL Injection
  • XSS, Cross-site Scripting
  • MIM, Man In the Middle Attack

SQL Injection

We mentioned the concept of escaping (e.g. escape from the comment box, escape from the virtual machine etc.), and Jack showed us a example of SQL Injection for password inputbox:

‘ OR 1=1 –

Basically, escaped from the string type, made a true statement and commented all codes after. Then you can by pass the password.
SQL Injection can also cause much more serious problems to the data base.

XSS

For XSS, this is a wider concept than SQL Injection, and more serious problem, but similar. It escapes from a comment box or something else, inject a harmful code in your website.

It is still a big problem, and Bill showed a possible XSS point on Tencent’s product: QQ.

MIM

Namely, Man in the middle. Once you connected to a wifi, you can listen to all connections between the device and the AP. You can capture the package and modify it then resend it to the target.

It can redirect the URL you were trying to visit, modify the text on the website that you are visiting and it can get your password and other information if it is transfered as plain text.

2 good solutions to prevent the MIM is: SLL and VPN

Object-oriented Programming

We analyse the object-oriented programming language: basically treat every single element in the codes as an object.

Bill created an link to the Linux system: Linux system treat every single thing as a file. There’s actually a similarity.

Java and C++ are 2 of most popular object-oriented programming languages.

Other Topics

We also talked about some other small topics:

Programming Language vs Natural Language

Programming language also have a grammar, but it’s more universal, and most of their “sentences” are only statements or command.

It has a fixed structure of the grammar in most programming language, not like the natural language.

Windows Defect

  • Regitry: the main fact to low down the speed
  • exe file: not secured way for application package

Fuchsia OS and Chromium OS

2 Google projects, creating a new type of system, run between PC and phones.

Fuchsia is based on a completely new kernel: Zircon

Python Programming Defects and Adcantage

  • Advantage: Easy to learn, easy to use
  • Defect: Dose not offer a complete concept of programming for new learners

Join US!

Are you interested with our community?
Are you interested with programming?
Do you want to make more friends?

Just Join US!

E-mail: coder-bts@chargus.site
Visit About Page to get more information

Coder-BTS

Start learning coding by myself when I was 8-years-old. Do C/C++/Linux developing, also doing WEB developing.

Comments