Attack Case Study Presentations

Topics

Topics for student-led presentation on attack case studies:

  1. Select and present 3 noteworthy XSS Vulns and associated attacks from National Vulnerability Database (NVD) -- https://web.nvd.nist.gov/view/vuln/search
  2. Select and Present 3 noteworthy SQL injection vulns and associated attacks from NVD [Sharmin]
  3. Select and Present 3 noteworthy CSRF injection vulns and associated attacks from NVD
  4. KRACK attacks [Matt]
  5. Any other noteworthy attacks relevant to web security
  6. Mobile Payments -- How do ApplePay and AndroidPay work? What attacks, if any, are there, and how do they work?
  7. Chip and PIN is broken
  8. EMV API attacks
  9. Other attacks on EMV beyond those discussed in class
  10. Discuss several real-world bitcoin thefts. Explain technically what was exploited by criminals to succeed.
  11. Discuss how Ethereum works, emphasizing how it differs from Bitcoin in its design
  12. Reidentification in Bitcoin
  13. Discuss real-world attacks on Bitcoin (distinct from coin thefts) or other cryptocurrencies. [Sway]
  14. Any other topic you propose and clear with me.

Guidelines

The case study presentations should take approximately 20 minutes, plus up to 5 minutes for Q&A. The purpose of the presentation is to explain to your classmates how particular technologies and/or attacks work. You can assume that your audience is already aware of any related material covered in class.

In addition to giving the presentation, you are expected to prepare slides and turn in a digital copy to me by email at least one hour prior to class on the day of the presentation. Slides will be made available to your classmates and posted online on the course website.

Please include on the last slide a list of reference(s) for futher reading.

Grading

Here is a breakdown of how the presentations are graded:

Schedule