Software Security Study Group Report 

Week 3

This week started with a brief summary of the previous week by glancing through its slides and questions. We first studied and finished cryptography’s subjects and then the software security.

 

Cryptography

We have reviewed;

  • Single message and multiple message secrecy and problems with same key encryption

  • CPA (Chosen PlainText Attacks) and their security with pseudo random functions

  • Secrecy and the implementation of one-time padding with random numbers

https://www.coursera.org/learn/cryptography/lecture/B6HMM/the-pseudo-one-time-pad

 

New topics;

https://www.coursera.org/learn/cryptography/lecture/34ORc/security-against-chosen-ciphertext-attack

http://drona.csa.iisc.ernet.in/~arpita/Cryptography15/Scribe3A.pdf http://drona.csa.iisc.ernet.in/~arpita/Cryptography15/Scribe4C.pdf

  • Arbitrary length messages and Padding oracle attacks

https://www.coursera.org/learn/cryptography/lecture/3MYyu/padding-oracle-attacks

  • Pseudorandom functions and block ciphering

https://www.coursera.org/learn/cryptography/lecture/us7Qf/cpa-secure-encryption-from-prfs-block-ciphers

 

Software Security

We reviewed ROP (Returned Oriented Programming) and three defense models (https:// www.coursera.org/learn/software-security/lecture/vjGZA/return-oriented-programming-rop)

  • To make stack/heap non-executable

  • To use ASLR (Address Space Layout Randomization)

  • Not to use libc codes entirely

https://www.cs.columbia.edu/~angelos/Papers/theses/vpappas_thesis.pdf

The topic of the week 3 was the Web Security, which basically consists of (https://www.coursera.org/learn/software-security/home/week/3)

  • SQL injection

  • Session Hijacking

  • Cross-site request forgery (CSRF) and Cross-site scripting (XSS)

  • Tools for executing discussed attacks (Like sqlmap)

We reviewed some basic structure of the Web then discussed similarities between SQL injection and the memory overflow attacks, which are in turn formed on the same logic: to run our own code in the place of data while the program expects input data.


We spent the rest of the day to solve CTF questions from the previous week (https://www.pwndiary.com/write-ups/backdoorctf2017-just-do-it- write-up-pwn250/) and to hack Samed’s server (http://cildir.gq/exploit/). Some programs we used: gdb, edb, r2, RopGadget, pwntools and IdaPro.

See you next week!