Attack Case Study Presentations
Topics
Topics for student-led presentation on attack case studies:
- Select and present 3 noteworthy XSS Vulns and associated attacks from National Vulnerability Database (NVD) -- https://web.nvd.nist.gov/view/vuln/search
- Select and Present 3 noteworthy SQL injection vulns and associated attacks from NVD [Sharmin]
- Select and Present 3 noteworthy CSRF injection vulns and associated attacks from NVD
- KRACK attacks [Matt]
- Any other noteworthy attacks relevant to web security
- Mobile Payments -- How do ApplePay and AndroidPay work? What attacks, if any, are there, and how do they work?
- Chip and PIN is broken
- EMV API attacks
- Other attacks on EMV beyond those discussed in class
- Discuss several real-world bitcoin thefts. Explain technically what was exploited by criminals to succeed.
- Discuss how Ethereum works, emphasizing how it differs from Bitcoin in its design
- Reidentification in Bitcoin
- Discuss real-world attacks on Bitcoin (distinct from coin thefts) or other cryptocurrencies. [Sway]
- Any other topic you propose and clear with me.
Guidelines
The case study presentations should take approximately 20 minutes, plus up to 5 minutes for Q&A. The purpose of the presentation is to explain to your classmates how particular technologies and/or attacks work. You can assume that your audience is already aware of any related material covered in class.
In addition to giving the presentation, you are expected to prepare slides and turn in a digital copy to me by email at least one hour prior to class on the day of the presentation. Slides will be made available to your classmates and posted online on the course website.
Please include on the last slide a list of reference(s) for futher reading.
Grading
Here is a breakdown of how the presentations are graded:
- Content (50%): clarity of attack description, appropriate level of detail provided, accuracy of content, comprehensiveness of content, quality of presentation in slides
- Presentation manner (25%): eye contact, elocution, demeanor, pace
- Structure (15%): logical structure of slides (motivation, introduction, description, conclusion)
- References (5%): are they provided and appropriate?
- On time (5%): are the slides emailed to me one hour before class?
Schedule
- April 10: Jeremiah Benes, Sharmin Jahan, Matt Sirkis
- April 12: Geoffrey Simpson, Sway Wu, Muwei Zheng
- April 17: Nathan Williams, Arghya Mukherjee, Shuonan Niu
- April 19: Rujit Raval