CS 5/7403
	Secure Electronic Comerce
	University of Tulsa, Spring 2016
	Instructor: Tyler Moore
	Home	Course Info	Schedule	Resources

Attack Case Study Presentations

Topics

Topics for student-led presentation on attack case studies:

1. Select and present 3 noteworthy XSS Vulns from National Vulnerability Database (NVD) -- https://web.nvd.nist.gov/view/vuln/search
2. Select and Present 3 noteworthy SQL injection vulns from NVD
3. Select and Present 3 noteworthy CSRF injection vulns from NVD
4. Exposing Private Information by Timing Web Applications
5. ``Heartbleed'' OpenSSL vulnerability. See resources on heartbleed.com and On the Matter of Heartbleed.
6. Chip and PIN is broken
7. EMV API attacks
8. Related data breaches at Target, Home Depot and Sally Beauty. See link 1, link 2, link 3 as starting points.
9. Fraud in Mobile Payments. Discuss early fraud spikes in Apple Pay, plus threats to tokenization link 1 and link 2.
10. Double spending attacks on Bitcoin. See for example this paper.
11. Bitcoin selfish miner attacks. See for example this paper.
12. Discuss several real-world bitcoin thefts. Explain technically what was exploited by criminals to succeed.

Schedule

Topic	Presenter	Date
XSS	Nicole Coppola	February 5
SQL Injection	Alison Maskus	February 10
CSRF	Matt Weeden	February 17
Timing Attacks	Stephen Kleinheider	March 2
Heartbleed	Duc Tran	March 9
Chip and PIN is broken	JT Hamrick	March 21
Data Breaches	Megan Boscarillo	March 30
Fraud in Mobile Payments	Victoria Vinson	April 6
Bitcoin Selfish Mining	Marie Vasek	April 13

Guidelines

The case study presentations should take approximately 20-25 minutes. The purpose of the presentation is to explain to your classmates how a particular attack works. You can assume that your audience is already aware of any related material covered in class.

In addition to giving the presentation, you are expected to prepare slides and turn in a digital copy to me by email at least one hour prior to class on the day of the presentation. Slides will be made available to your classmates and posted online on the course website.

Please include on the last slide a list of reference(s) for futher reading.

Grading

Here is a breakdown of how the presentations are graded:

• Content (50%): clarity of attack description, appropriate level of detail provided, accuracy of content, comprehensiveness of content, quality of presentation in slides
• Presentation manner (25%): eye contact, elocution, demeanor, pace
• Structure (15%): logical structure of slides (motivation, introduction, description, conclusion)
• References (5%): are they provided and appropriate?
• On time (5%): are the slides emailed to me one hour before class?

---