Lecture Notes
Basic Notes
1. Lecture on Basics of Security
Download2. Address Calculation in 1D/2D Array, Dynamic Memory Allocation.
Download3. Macro Substitution, Typedef in C Language
Download4. Union in C Language
Download
Cryptography/I.P.C.S.
1. Security Architecture, Security Attacks, Security Services.
Download2-3. Model for Network Security, Basic terms used in Cryptography, Symmetric Cipher Model, Substitution Techniques, Transpositions Techniques.
Download4. Block Cipher and Stream Ciphers, Component of Modern Block Cipher, Feistel Cipher Structure, Data Encryption Standard (DES).
Download5. Numerical Problems on:Caesar Cipher, Monoalphabetic Cipher, Playfair Cipher, Hill Cipher, One-Time Pad, Vigenere Cipher, Rail fence Cipher.
Download6. Triple DES, Block Cipher Modes, Finite Fields.
Download7. Advanced Encryption Standard (AES).
Download8. AES: Encryption Process, Key Expansion.
Download9. Set, Ring, Modular Arithmetic, Euclidean Algorithm (GCD).
Download10. Finite Field, Polynimial over a Field, Residue Class.
Download11. IDEA, RC5, Blowfish, Number Theory, Euler Totient Function, Chinese Remainder Theorem (CRT), Asymmetric Encryption.
Download12. RSA: Algorithm, Numberical Example. Key Management, Diffie Hellman Key Exchange: Algorithm, Example.
Download13. Elgamal Cryptosystem: Algorithm, Numberical. Message Authentication, Hash Function.
Download14. Digital Signature, Zero Knowledge Protocol, Side Channel Attacks.
Download15. Three-Pass Protocol, Shamir three-pass protocol.
Download16. Block Ciphers: Lucifer, GOST, 3 Way, Crab.
Download17. Gost Digital Signature Scheme.
Download18. Elliptic Curve Cryptographic Algorithm.
Download19. IBM Common Cryptographic Architecture.
Download20. MD5, Secure Hash Algorithm (SHA).
Download
Web Application Security
1. What is a Web Application & its different types, Web Functionality, Description of HTTP.
Download2. What Do We Mean By Security, What is a Web Application Security, Approach to Security.
Download3. Threat Modeling.
Download4. Top Ten Vulnerability: Cross-site Scripting, SQL Injection.
Download5. Top Ten Vulnerability:Buffer Overflow, Broken Authentication and Session Management, Insecure Direct Object References, Security Misconfiguration, Sensitive Data Exposure.
Download6. Top Ten Vulnerability:Missing Function Level Access Control, Cross-Site Request Forgery, Using Components with Known Vulnerabilities, Unvalidated Redirects and Forwards, Blacklist & Whitelist Validation.
Download7. Bypassing Client-Side Controls.
Download8. Access Control Overview, Authentication Fundamentals, Web application Authentication, Attacking Authentication.
Download9. Attacking Authentication, Securing Authentication.
Download10. Authorization, Session Management, Securing Session Management.
Download11. Basic of CAPTCHA, Example of CAPTCHA, How to create CAPTCHA.
Download12. Browser Security Principles: Same Origin Policy (SOP), Exception to the same origin policy.
Download13. AJAX: What is AJAX, Why & When use AJAX, What is an AJAX Web Application Model, Working of AJAX Web Application Model, AJAX Engine, XMLHttpRequest Object.
Download14. Web Server Architecture: What is Web Server, Common features of a Web Server, Market Share, Apache HTTP Server.
Download15. Web Server Architecture: Web Server: Internet Information Services, Internet Information Services: Versions, Features of IIS, Attacks on a Web Server.
Download16. Browser Security Principles: Cross Site Scripting (XSS), Types of XSS, XSS Defense.
Download17. Browser Security Principles: Cross Site Request Forgery (CSRF), CSRF Example, CSRF Defense.
Download18. Attacking Data Source: Basics, Bypassing a Login, Injecting into SQL (Insert, Update, Union).
Download19. Attacking Data Source: Get the database details of the victim, Preventing SQL Injection: Perform Input Validation, Enforce least privilege, Use Parametrized Queries, Use Stored Procedures.
Download20. More Attacks with SQL Injection: Extended Stored Procedures, Example. Canonicalization Attacks: Definition, Directory Traversal Vulnerability.
Download21. Web Services: Basic, Example, Basic of SOAP, WSDL, UDDI. More Example.
Download22. Web Services: More Details of Web Service Components, Web Services Threats, Web Services Hacking, Web Services Hardening.
Download23. A Web Application Hacking Methodology, Finding Vulnerabilities in Source Code.
Download
Cloud Computing Security
1. What is Virtualization, What is VMWare ESX and ESXi, ESX Architecture and Security Features, Security and Virtual Machines.
Download2. What is Virtualized Networking, What is Virtualized Storage, What is Guest OS Images, What is Virtualization Security.
Download3. What is Virtualization Security, What is Hypervisor Security.
Download4. Virtualization System Vulnerability, Virtualization System-Specific Attacks.
Download5. Example Configuration Issues, Hyperjacking, Virtualization System Public Exploits.
Download6. Attacking Hypervisors.
Download7. Data Life Cycle Stages, Data Asset Security & Technologies.
Download8. Data Privacy Acts & Legislation, Data Discovery (eDiscovery), Sensitive Data Classification.
Download9. Personally identifiable information, 2 Emerging Data Protection Technologies.
Download10. Data Loss Prevention in Cloud Computing (Prepared By: Shivraj Choudhary)
Download