Rajendra Kachhwaha, Jodhpur, India.

Lecture Notes

Basic Notes

1. Lecture on Basics of Security Download
2. Address Calculation in 1D/2D Array, Dynamic Memory Allocation. Download
3. Macro Substitution, Typedef in C Language Download
4. Union in C Language Download


1. Security Architecture, Security Attacks, Security Services. Download
2-3. Model for Network Security, Basic terms used in Cryptography, Symmetric Cipher Model, Substitution Techniques, Transpositions Techniques. Download
4. Block Cipher and Stream Ciphers, Component of Modern Block Cipher, Feistel Cipher Structure, Data Encryption Standard (DES). Download
5. Numerical Problems on:Caesar Cipher, Monoalphabetic Cipher, Playfair Cipher, Hill Cipher, One-Time Pad, Vigenere Cipher, Rail fence Cipher. Download
6. Triple DES, Block Cipher Modes, Finite Fields. Download
7. Advanced Encryption Standard (AES). Download
8. AES: Encryption Process, Key Expansion. Download
9. Set, Ring, Modular Arithmetic, Euclidean Algorithm (GCD). Download
10. Finite Field, Polynimial over a Field, Residue Class. Download
11. IDEA, RC5, Blowfish, Number Theory, Euler Totient Function, Chinese Remainder Theorem (CRT), Asymmetric Encryption. Download
12. RSA: Algorithm, Numberical Example. Key Management, Diffie Hellman Key Exchange: Algorithm, Example. Download
13. Elgamal Cryptosystem: Algorithm, Numberical. Message Authentication, Hash Function.Download
14. Digital Signature, Zero Knowledge Protocol, Side Channel Attacks. Download
15. Three-Pass Protocol, Shamir three-pass protocol.Download
16. Block Ciphers: Lucifer, GOST, 3 Way, Crab.Download
17. Gost Digital Signature Scheme.Download
18. Elliptic Curve Cryptographic Algorithm.Download
19. IBM Common Cryptographic Architecture.Download
20. MD5, Secure Hash Algorithm (SHA).Download

Web Application Security

1. What is a Web Application & its different types, Web Functionality, Description of HTTP. Download
2. What Do We Mean By Security, What is a Web Application Security, Approach to Security. Download
3. Threat Modeling. Download
4. Top Ten Vulnerability: Cross-site Scripting, SQL Injection. Download
5. Top Ten Vulnerability:Buffer Overflow, Broken Authentication and Session Management, Insecure Direct Object References, Security Misconfiguration, Sensitive Data Exposure. Download
6. Top Ten Vulnerability:Missing Function Level Access Control, Cross-Site Request Forgery, Using Components with Known Vulnerabilities, Unvalidated Redirects and Forwards, Blacklist & Whitelist Validation. Download
7. Bypassing Client-Side Controls. Download
8. Access Control Overview, Authentication Fundamentals, Web application Authentication, Attacking Authentication. Download
9. Attacking Authentication, Securing Authentication. Download
10. Authorization, Session Management, Securing Session Management. Download
11. Basic of CAPTCHA, Example of CAPTCHA, How to create CAPTCHA. Download
12. Browser Security Principles: Same Origin Policy (SOP), Exception to the same origin policy. Download
13. AJAX: What is AJAX, Why & When use AJAX, What is an AJAX Web Application Model, Working of AJAX Web Application Model, AJAX Engine, XMLHttpRequest Object. Download
14. Web Server Architecture: What is Web Server, Common features of a Web Server, Market Share, Apache HTTP Server. Download
15. Web Server Architecture: Web Server: Internet Information Services, Internet Information Services: Versions, Features of IIS, Attacks on a Web Server. Download
16. Browser Security Principles: Cross Site Scripting (XSS), Types of XSS, XSS Defense. Download
17. Browser Security Principles: Cross Site Request Forgery (CSRF), CSRF Example, CSRF Defense.Download
18. Attacking Data Source: Basics, Bypassing a Login, Injecting into SQL (Insert, Update, Union). Download
19. Attacking Data Source: Get the database details of the victim, Preventing SQL Injection: Perform Input Validation, Enforce least privilege, Use Parametrized Queries, Use Stored Procedures. Download
20. More Attacks with SQL Injection: Extended Stored Procedures, Example. Canonicalization Attacks: Definition, Directory Traversal Vulnerability. Download
21. Web Services: Basic, Example, Basic of SOAP, WSDL, UDDI. More Example. Download
22. Web Services: More Details of Web Service Components, Web Services Threats, Web Services Hacking, Web Services Hardening. Download
23. A Web Application Hacking Methodology, Finding Vulnerabilities in Source Code. Download

Cloud Computing Security

1. What is Virtualization, What is VMWare ESX and ESXi, ESX Architecture and Security Features, Security and Virtual Machines. Download
2. What is Virtualized Networking, What is Virtualized Storage, What is Guest OS Images, What is Virtualization Security. Download
3. What is Virtualization Security, What is Hypervisor Security. Download
4. Virtualization System Vulnerability, Virtualization System-Specific Attacks. Download
5. Example Configuration Issues, Hyperjacking, Virtualization System Public Exploits. Download
6. Attacking Hypervisors. Download
7. Data Life Cycle Stages, Data Asset Security & Technologies. Download
8. Data Privacy Acts & Legislation, Data Discovery (eDiscovery), Sensitive Data Classification. Download
9. Personally identifiable information, 2 Emerging Data Protection Technologies. Download
10. Data Loss Prevention in Cloud Computing (Prepared By: Shivraj Choudhary) Download