Nov 25 /17 - Web Security
This time, we have more new members in our CHARGUS team, they are:
- Will, in CDS, Charlotte, Freshman
- Jack, Will’s friend, in Virginia Tech, a programmer
- Mr. Chamberlain, teacher in CCDS, cool man
- Kris, Bill’s host brother, did LEGO robot, in PDS, Charlotte
There are some new members did not show up at this meeting…
- Joey, in CCDS, Charlotte, Freshman, tech guy
- Sunday, in Charlotte Catholic, Junior, FIRST GIRL MEMBER
Left to right: Joseph, Will, Jack, Mr. Chamberlain, Bill, Rocky Front: Kris
This “Hacking Saturday”, we mainly talked about Web Security, Object-oriented Programming, and some other small topics.
Web security is the biggest part of this meeting, we mainly talked about:
- SQL Injection
- XSS, Cross-site Scripting
- MIM, Man In the Middle Attack
We mentioned the concept of escaping (e.g. escape from the comment box, escape from the virtual machine etc.), and Jack showed us a example of SQL Injection for password inputbox:
‘ OR 1=1 –
Basically, escaped from the string type, made a true statement and commented all codes after. Then you can by pass the password.
SQL Injection can also cause much more serious problems to the data base.
For XSS, this is a wider concept than SQL Injection, and more serious problem, but similar. It escapes from a comment box or something else, inject a harmful code in your website.
It is still a big problem, and Bill showed a possible XSS point on Tencent’s product: QQ.
Namely, Man in the middle. Once you connected to a wifi, you can listen to all connections between the device and the AP. You can capture the package and modify it then resend it to the target.
It can redirect the URL you were trying to visit, modify the text on the website that you are visiting and it can get your password and other information if it is transfered as plain text.
2 good solutions to prevent the MIM is: SLL and VPN
We analyse the object-oriented programming language: basically treat every single element in the codes as an object.
Bill created an link to the Linux system: Linux system treat every single thing as a file. There’s actually a similarity.
Java and C++ are 2 of most popular object-oriented programming languages.
We also talked about some other small topics:
Programming Language vs Natural Language
Programming language also have a grammar, but it’s more universal, and most of their “sentences” are only statements or command.
It has a fixed structure of the grammar in most programming language, not like the natural language.
- Regitry: the main fact to low down the speed
- exe file: not secured way for application package
Fuchsia OS and Chromium OS
2 Google projects, creating a new type of system, run between PC and phones.
Fuchsia is based on a completely new kernel: Zircon
Python Programming Defects and Adcantage
- Advantage: Easy to learn, easy to use
- Defect: Dose not offer a complete concept of programming for new learners
Are you interested with our community?
Are you interested with programming?
Do you want to make more friends?
Just Join US!
Visit About Page to get more information