BYU logo Computer Science
CS 465 Introduction to Security and Privacy

Final Prep

Topics to study:

  • Certificate management and use cases
    • Explain what how website certificates work to a fellow CS student
    • Given what you know about the web’s trust model, how would an attacker be able to forge a certificate for a popular website? How does Certificate Transparency help with this scenario?
    • How does S/MIME provide secure email?
  • Web and browser security
    • What does TLS accomplish with respect to cryptographic operations?
    • What is the Same Origin Policy?
    • How does Cross-Site Request Forgery (CSRF) work?
    • How does a Cross-Site Scripting (XSS) attack work?
    • How does a SQL injection attack work?
    • What is a phishing attack? What are some useful defenses?
  • Firewalls and tunnels
    • How does a packet-filtering firewall work?
    • How can firewalls be used to provide defense in depth?
    • How does a VPN work?
  • Intrusion detection and network-based attacks
    • Compare signature-based intrusion detection systems and anomaly-based systems
    • What ethical guidelines should you follow if you are conducting penetration testing?
    • How does a DNS cache poisoning attack work?
    • How does an ARP attack work?
  • Privacy
    • What does the privacy calculus framework say about how people make privacy decisions?
    • What is the privacy paradox? What are some plausible explanations that explain it?
    • How does the contextual integrity framework shed light on privacy violations?