TEACHING SECURE ECOMMERCE THROUGH BUILDING REAL-WORLD SITES Ryan

Зарегистрируйтесь, чтобы просмотреть полный документ!

РЕГИСТРАЦИЯ

TEACHING SECURE ECOMMERCE THROUGH BUILDING REAL-WORLD SITES Ryan Garlick

CSCE 4560 / 5560 – SPRING 2013 Cross listed course 21 undergrads 13 graduate students

COURSE CONTENT All content presented via real-world examples of working sites Google Analytics Amazon feeds SSL certificate Domain / DNS php. My. Admin Cart software FTP Project Management – MS Project / Pivotal Tracker

PREP WORK / CHEATING I had access to existing e-commerce sites for examples ACM students for t-shirts, running the UG site Drone project in a directed study dovetailed with the Grad site Asked the students if anyone had ideas… § Some good ones – Farmer’s Food Delivery

DETAILS Students pick the site I bought the SSL certificate / domain / hosting § Totals around $100 for the year If it gets up and running, students to implement it?

METHODOLOGIES Here’s our problem, now let’s learn the tools we need to solve it. Ex: Bitcoin Everything is results based – students choose the tools to get there

TEAMS First day… pick a team Security Payment Database / Backup Business Graphics Products / Cart And… A Project Manager

STUDENTS DECIDE I had to break a few ties, but in general students picked their group. Student choose a site § And a cart platform

THE PROJECT MANAGER Choose carefully. A good PM makes or breaks the team. Pull them aside early and visit with them about: § Management techniques – make me the bad guy § Effective delegation

THE PM If your group is fragmenting, or not getting anything done, he or she will be held responsible.

EVALUATION Presentations by each team What I stress: “Show me what you did on the site”. OK if it’s not visible on the front end, but you need to do something on the site, not just “research” During the showdown, points are awarded to a team for inflicting harm on the other team’s site. § Undergrads get a 2 x modifier

THE SHOWDOWN Application layer only – no LOIC to DDOS Only things that someone outside the class would have access to Social engineering is allowed Encouraged to look for cart / SQL weaknesses Nothing destructive until the last day Database / Backup team responsible for restoring

TOPICS XSS, SQL Injection Inner workings of Shopping Carts / Sessions SSL and Payment Gateways SEO, Google Analytics SQL and how it relates to the Cart / PHP Payment - must implement Bitcoin Graphics Templates for each cart Team Management

SITES Undergrads www. cse. unt. edu/projects/ecommerce/ Grads Drone. Cam. tv

RESULTS SO FAR Anecdotally more enthusiasm Security teams are really getting into it § When you tell them their grade depends on defending the site and bringing the other team down Usual group project problems § The do-nothings and the fragmenters Essentially plagiarism-proof

CAVEATS Vet your Project Manager Some students took it too seriously, wouldn’t give passwords to their team members who needed them for fear of security leaks Try to cull the do-nothings early Have fun

Скачать презентацию TEACHING SECURE ECOMMERCE THROUGH BUILDING REAL-WORLD SITES Ryan

6853d371fe240383a4bd6df9e70f201f.ppt

Количество слайдов: 16