Doctor of Philosophy, The Ohio State University, 2024, English

This dissertation explores the contrast between the Athenian and metic rhetorical paradigms through the lens of the hacker. Arguing the dominant Athenian rhetorical paradigm is marked by public, persuasive, often-disembodied rhetorics in pursuit of epistemic truths, I argue the metic paradigm focuses on stealthy, deceptive, embodied rhetoric in pursuit of advantages over adversaries. Noting how today's digital rhetorical situation is largely adversarial, this dissertation points to the hacker as an exemplar of metic rhetorics. Through three case studies, each focusing on a different type of computer hack, this dissertation explores how the hacker subjectivity is produced and describes its beneficial lines of flight, discusses the interplay of metaphor and physicality in digital activism and cyberwar, and shows how metic rhetorical practices can be leveraged to create a safer and more just world and thus improve personal and organizational cybersecurity.

Committee: John Jones (Committee Chair); Ben McCorkle (Committee Member); Jonathan Buehl (Committee Member) Subjects: Information Technology; Rhetoric

BA, Oberlin College, 2021, Computer Science

This paper explores the frequency at which SQL/PHP posts on the website Stackoverflow.com contain code susceptible to SQL Injection, a common database vulnerability. Specifically, we analyze whether other users give notice of the vulnerability or provide an answer that is secure. The majority of questions analyzed were vulnerable to SQL Injection and were not corrected in their answers or brought to the attention of the original poster. To mitigate this, we present a machine learning bot which analyzes the poster's code and alerts them of potential injection vulnerabilities, if necessary.

Committee: Cynthia Bagier Taylor (Advisor) Subjects: Computer Science

Master of Science in Mathematics, Youngstown State University, 2009, Department of Mathematics and Statistics

Websites are the most convenient way to present and disseminate information to the maximum number of people in the world. The web browsers are the means to render the information on web page, the basic building blocks of a website, and web programming is the basic structure (architecture) of each web page.The thesis on "Web Design, Development and Security" is a complete analysis of website design and development. Web sites should be able to present abundant information to a visitor in well organized manner. In addition, there must be a reliable transfer of secure information between server and client. There exist other major factors such as user friendliness, layout, simplicity, ease of rendering in the browser and so on that are closely related with the quality of website. This thesis will elaborate on a number of issues that are related with web design and development. These principles will be illustrated and demonstrated in the design of some websites that I have designed so far.

Committee: John Sullins PhD (Advisor); Graciela Perera PhD (Committee Member); Jamal Tartir PhD (Committee Member) Subjects: Computer Science

MS, Kent State University, 2007, College of Arts and Sciences / Department of Computer Science

The dynamic nature of web applications makes them vulnerable to application-level attacks. In SQL injection attack, the attacker targets the web application database using a front end of the web application, by passing malicious code in the user input. The Attacker provides some user input which is different from the intended one. SQL injection attack allows the attacker to break three basic concepts of information security: confidentiality, integrity and availability of information. We present an architectur which employs static and runtime analysis of code to check such attacks. Our technique builds a static model of the SQL statements present in the application code using an SQL parser written in java. These models are stored in XML format. During runtime,the same parser is used to build models of the SQL statements containing the user input. The static and runtime statements are converted to XML DOM format and compared to check for SQL injection attack. We also introduce a data type checking system, which retrieves the data type of the columns in the database table and uses this information to prevent data type mismatches, which cannot be detected by the compiler. These kinds of data mismatch are often used by attackers to get information about the underlying database schema, to aid them in planning attacks.

Committee: Dr. Michael Rothestein (Advisor) Subjects: Computer Science