Prof. Amir Herzberg, TA: Hemi Leibowitz, BIU, Spring term 2017

This is a course in secure networking (`ethical hacking'). Pre-req's: Internet protocols (89-350, intro to networking) and applied cryptography, including TLS (e.g., from 89-690, intro to cyber security). 

Lectures: 

 21.3 Intro, models, ARP-Poisoning (2017)  28.3 NetSec Basics: Scan, Firewalls (2017)  4.4  DoS 1: intro and server-DoS (2017)  18.4  DoS 2: amplification and other bandwidth DoS attacks (2017)
25.4   DoS 2 (Continued) (2017)  9.5  TCP/IP Security (2017)  16.5  RoutingSec (2017)  23.5 More RoutingSec (2017)
 6.6      DNS (in)security (1 foil/page) , 6fpp (2017)  13.6 WebSec (1) : injection attacks (1foil/page) , 6fpp (2017) 20.6 WebSec(2): Sessions and Cross-Site Security (1fpp), 6fpp (2017) 27.6 Email, phishing & spam (1fpp, 6fpp)

Exam covers everything in the foils or in the lectures. To prepare, please use my repository of questions and solutions (to be updated). Good luck!!

Old stuff in Hebrew:     קישור ישיר לאוסף שאלות ממוינות לפי נושאים: שאלות הכנה - פידיאף  וורד - שאלות הכנה  אוסף בחינות ושאלות   - הקלטת הרצאותהוספו מספר בחינות ופתרונות של יוסף ארביב (מתוקן)  ושחר גלזנר 

See also Amit Klein's HTTP response splitting presentation on , and two links Amit recommended: "HTTP Response Smuggling" discusses some techniques to bypass anti-HTTP_Response_Splitting protections, and "meanwhile, on the other side of the web server"is a short write-up shedding light on the security issues that reside in the path between the web server and the client. Many thanks, Amit!!

In our experimental work, we use CREATE or DeterLab