SlideShare a Scribd company logo

19BCP072_Presentation_Final.pdf

K
KunjJoshi14

19BCP072_Kunj_Joshi

Small Business & Entrepreneurship
1 of 30
Download to read offline
13 May 2023 1 Mentored by: Mr. Dhairya Shah Presented by: Kunj Joshi Roll No.: 19BCP072 Major/Comprehensive Project Interim Presentation-1 on Automated Security Tool with GUI for Websites
OUTLINE ❑Abstract ❑Industry Introduction ❑Project Overview ❑Objectives ❑Project Stages & Current Stage ❑ Methodology ❑Conclusion 13 May 2023 2
ABSTRACT ➢ Security is an important aspect in any website deployment in today’s age. An insecure website can lead to various attacks and losses on behalf of company, such as financial losses, data losses etc. to name a few. It is very important for a company to reinforce its website with latest methodologies and security measures to stop such losses and attacks from happening. Many security measures can be checked upon using manual methods, but several security measures can be automated. The tool being created, takes up eight such security measures and automates them using Python. The tool is available in both: GUI and CLI format. The eight modules covered include: SQL Injection detection, Network Analysis, Keyloggers, Malware Detection, Data Loss Prevention, SSL Certificate Analysis, Data Protection and Website Phishing Detection. All these security measures when strictly imposed, can either prevent an attack or lessen the damages caused by a cyberattack. The tool uses different aspects of Computer Science such as OOPS concepts, Machine Learning, Data Science, Networking, Logging and File Management to implement each and every aspect in the least time complexity possible. The tool also introduces to two new algorithms, created by the user for Hashing and Encryption of data and also analyses the strength of current security features implemented in a system. 13 May 2023 3
INDUSTRY INTRODUCTION ➢ Founded in 2012, VeriFast Technologies is the leader in ASIC Verification Training and Consulting. Our training programs are designed for entry-level to seasoned engineers, and they are great for individuals and teams. Our training programs and consulting expertise is in ASIC Verification with an intense focus on SystemVerilog and UVM. Our clients range from semiconductor giants to startups. ➢ The internal division of the technical team is done into two parts: Hardware Team and Software Team. The Software team is responsible for managing all web related, OS related and Network related queries. The Software Team is led by Mr. Dhairya Shah, who completed his Bachelors in Technology in Computer Science in 2013. He has been working with VeriFast Technologies since 2015. The other team members include Mr. Prayag Bhanderi who completed his Bachelors in Technology in Computer Engineering and Communications in year 2020 and Mr. Yash Pamnani who completed their Bachelors in Technology in Information Technology in year 2020. ➢ The creation of an automated Security Tool with GUI and CLI functionalities has been a relatively new idea and new implementations are being considered everyday. More security aspects can also be implemented in the future. VeriFast Technologies is also focused on Training young enthusiasts for the field of Cybersecurity and spreading Awareness through Campaigns and Hosted Talks. 4
PROJECT OVERVIEW ➢ The Project is currently under development phase. It is focused on implementing 8 Modules of Security Aspects and each Module development is considered as a Development Phase of the Project. The Modules are as follows: 1) SQL Injection Detection 2) Network Analysis 3) Malware Detection using Machine Learning 4) Keylogger 5) Data Loss Prevention 6) Website Phishing Detection using Machine Learning 7) SSL Certification Analysis 8) Data Protection 13 May 2023 5
OBJECTIVES ➢ The objectives of the project are the combined objectives of each module. Currently, the project is focused on producing these ten objectives, based on the modules being worked upon: 1) Detecting SQL Injection with conformity in a Login Page, having fields such as Username and Password. 2) Producing a data dump of a network connection between a device and another device/ hosted website. 3) Detecting whether a file or a program is malicious or not by using the file’s metadata, permissions, storage capacities, hash etc. in Machine Learning Algorithms. 4) Deploying a Keylogger in a device to record and analyze keystrokes used by the device 5) Creating a safe and secure Backup of all the data at timely intervals to lessen the damage in case of a Cyberattack 6) Detection of leaked data relating to the industry, such as mobile numbers, emails, passwords etc. 13 May 2023 6
OBJECTIVES(CONTD…) 7) Detecting a Malicious website based on its URL contents and Webpage contents using Machine Learning techniques 8) Analyzing a website’s security standards by its SSL Information and creating alert technology to renew the SSL Certificates before its expiry date 9) Creating a safe and secure data transmission method using Encryption and Decryption technology. It also introduces a new Encryption algorithm, currently under development 10) Creating a safe and secure data storage using Hashing technology. It also introduces to a new Hashing algorithm, currently under development. 7
PROJECT STAGES & CURRENT STAGE ➢As discussed earlier, each module is being independently considered as one development phase, hence creating eight different development phases. There are submodules in many modules as well, which are considered as subphases of development. ➢Currently, 2 phases of the development have been completed and the third phase of development is currently under progress. The modules of SQL Injection Detection and Network Analysis have been implemented. ➢Work on Malware Detection is under progress. 13 May 2023 8
METHODOLOGY ➢The methodology of the work is simple. Each module is implemented independently and then all the modules are integrated as one huge project. The programming language used is Python and Flask. Web Development Languages such as HTML and CSS are also extensively used. 13 May 2023 9
THE LANDING PAGE OF TOOL 13 May 2023 10
METHODOLOGY (CONTD…) The first module implemented was SQL Injection Detection. It used a Bruteforce Approach by brute forcing the Username and Password, with a Panel Bypass dataset (provided by the company). 11
THE RESULT OF SQL INJECTION DETECTOR 12
METHODOLOGY (CONTD…) The second module implemented was Network Analysis. It had two submodules: Network Scan And Network Capture. Network Scan works on IP Addresses and finds open ports and services in the address. 13
NETWORK SCAN OUTPUT 14
METHODOLOGY (CONTD…) The second submodule of Network Analysis is Network Capture which works on URLs. It intercepts a URL Request and captures the Network Dump in a JSON format. The JSON is then parsed to produce the output details. 15
NETWORK CAPTURE OUTPUT 16
WEBSITE PHISHING DETECTION • Website phishing refers to the act of creating fraudulent websites that mimic legitimate ones to deceive users and obtain their sensitive information, such as login credentials, credit card details, or personal data. Phishing websites are designed to appear authentic, often using similar logos, layouts, and URLs to trick unsuspecting individuals into entering their confidential information. • Phishing attacks typically involve sending deceptive emails or messages that prompt users to visit the phishing website. These messages often mimic official communication from trusted sources, such as banks, online services, or social media platforms. Once users land on the phishing website, they may be prompted to provide their login credentials or other sensitive information, which is then captured by the attackers. • Website phishing can have severe consequences, including identity theft, financial loss, and unauthorized access to personal accounts. To protect against phishing attacks, users should be cautious when clicking on links in emails or messages, verify the authenticity of websites by checking for secure connections (https://), and avoid providing sensitive information on suspicious or unfamiliar websites. • Additionally, organizations can implement security measures such as anti-phishing filters, user education and awareness programs, and multi-factor authentication to mitigate the risks associated with website phishing. Regular monitoring and prompt takedown of reported phishing websites are also essential to minimize the impact on users. 17
WEBSITE PHISHING OUTPUT 18
KEYLOGGER • A keylogger is a type of software or hardware device that records the keystrokes typed on a computer or mobile device. It is designed to capture and log all keyboard inputs, including passwords, usernames, messages, and other sensitive information. Keyloggers can be either legitimate or malicious, depending on their intended use. • Legitimate Use: • In certain scenarios, keyloggers can serve legitimate purposes, such as: • 1. Monitoring employee activity: Some organizations use keyloggers to monitor employee computer usage for security, productivity, or compliance purposes. This may be done to ensure that employees are not engaging in unauthorized activities or to detect potential security breaches. • 2. Parental control: Keyloggers can be used by parents to monitor their children's online activities, ensuring their safety and protecting them from potential threats or inappropriate content. • 3. Law enforcement and investigations: Keyloggers may be utilized by law enforcement agencies or in investigations to gather evidence or track suspicious activities. 19
KEYLOGGER OUTPUT 20
DATA LEAK PREVENTION: AUTOMATED BACKUP • Automated backup refers to the process of automatically creating and storing copies of data or files at regular intervals without requiring manual intervention. It is an essential practice to ensure data protection, minimize the risk of data loss, and facilitate data recovery in the event of system failures, accidental deletion, or other unforeseen incidents. • Automated backup systems employ specialized software or tools that schedule and perform backups according to predefined settings. These settings can include the frequency of backups, the specific files or directories to be backed up, and the destination where the backup copies will be stored, such as external hard drives, network drives, cloud storage, or remote servers. • To implement automated backup, it is important to choose appropriate backup software or tools that align with your specific requirements. Consider factors such as backup frequency, storage capacity, security features, and ease of use. Regular monitoring of the backup process and periodic testing of data restoration procedures are also recommended to ensure the integrity and effectiveness of the backup system. 21
AUTOMATED BACKUP OUTPUT 22
DATA LEAK DETECTION: PASSWORD LEAK • Detecting password leaks involves monitoring and identifying instances where user passwords have been compromised or exposed. Here are some methods and best practices for detecting password leaks: • 1. Data breach notifications: Stay informed about data breaches and security incidents through reputable sources. Organizations that experience breaches often provide notifications to affected users. Keep an eye on these notifications and take appropriate action if your account information is compromised. • 2. Password breach databases: Check online databases or services that aggregate and index leaked passwords from various data breaches. These databases allow you to search if your password has been exposed. Examples include Have I Been Pwned (https://haveibeenpwned.com/) and similar services. • 3. Two-factor authentication (2FA): Enable 2FA for your online accounts whenever possible. This adds an extra layer of security by requiring a second form of authentication, such as a unique code sent to your mobile device, in addition to your password. If someone attempts to use your password without the second factor, access will be denied. 23
PASSWORD LEAK DETECTION OUTPUT 24
SSL CERTIFICATION ANALYSIS • Analysis of SSL certification involves evaluating the security and trustworthiness of a website's SSL (Secure Sockets Layer) certificate. Here are key aspects to consider during an SSL certificate analysis: • 1. Certificate Authority (CA): • 2. Certificate validity • 3. Certificate type • 4. Encryption strength • 5. Certificate chain • 6. Trust indicators • 7. Certificate revocation • 8. Mixed content • 9. Vulnerability scanning • By thoroughly analyzing these aspects of an SSL certificate, you can assess the security and reliability of a website's encrypted connection and ensure a safer browsing experience for users. 25
SSL ANALYSIS OUTPUT 26
CRYPTOGRAPHY AND HASHING • Cryptography and hashing are two important concepts in the field of computer security and data protection. While they both involve the transformation of data, they serve different purposes and have distinct applications. • Cryptography: • Cryptography is the practice of securing communication and data by converting it into a form that is unreadable to unauthorized individuals. It involves the use of encryption algorithms and keys to encode and decode information. The primary goals of cryptography are confidentiality, integrity, authentication, and non-repudiation. • Encryption: Encryption is the process of converting plain, readable data (plaintext) into an unreadable form (ciphertext) using an encryption algorithm and a unique encryption key. The ciphertext can only be decrypted back into plaintext by someone possessing the correct decryption key. Encryption ensures that even if an unauthorized person gains access to the encrypted data, they will not be able to understand its content. • Hashing is a one-way process that converts data of any size into a fixed-size string of characters, called a hash value or digest. Hash functions are designed to be fast and efficient, producing unique hash values for different inputs. The primary purpose of hashing is to verify data integrity and securely store passwords. • In summary, cryptography is used to protect data during transmission or storage, ensuring confidentiality and integrity, while hashing is used for data integrity verification and password storage. Both cryptography and hashing play crucial roles in securing information and maintaining privacy in various applications and systems. 27
CRYPTOGRAPHY OUTPUT 28
CONCLUSION ➢Security is an important aspect in today’s world. To avoid losses, industries must abide to Cybersecurity practices. Having an automated tool which can produce efficient results in Cybersecurity aspects is a necessity. This tool will be able to help the industry by avoiding data loss and securing data. The tool will upgrade the cybersecurity features in a company’s repo to latest cybersecurity practices. The tool can be used to detect and patch vulnerabilities or analyze weak points in a website. Hence, this tool can revolutionize the Cybersecurity Automation Sector as well. 13 May 2023 29
Thank you ! 30

Recommended

3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdfBelayet Hossain
 
OFFTECH TOOL AND END URL FINDER
OFFTECH TOOL AND END URL FINDEROFFTECH TOOL AND END URL FINDER
OFFTECH TOOL AND END URL FINDERIRJET Journal
 
Product security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsProduct security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsLabSharegroup
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityHome
 
u10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji Jacobu10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji JacobBeji Jacob
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET Journal
 
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...IRJET Journal
 

Recommended

3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdfBelayet Hossain
 
OFFTECH TOOL AND END URL FINDER
OFFTECH TOOL AND END URL FINDEROFFTECH TOOL AND END URL FINDER
OFFTECH TOOL AND END URL FINDERIRJET Journal
 
Product security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsProduct security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsLabSharegroup
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityHome
 
u10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji Jacobu10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji JacobBeji Jacob
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET Journal
 
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...IRJET Journal
 
Cloud_security.pptx
Cloud_security.pptxCloud_security.pptx
Cloud_security.pptxSofiyaKhan49
 
C01461422
C01461422C01461422
C01461422IOSR Journals
 
Emerging Trends in Web App Security.docx
Emerging Trends in Web App Security.docxEmerging Trends in Web App Security.docx
Emerging Trends in Web App Security.docxkoushikichakraborty3
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.pptKaukau9
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity SlidesJim Kaplan CIA CFE
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...TrustArc
 
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET Journal
 
INSECURE Magazine - 35
INSECURE Magazine - 35INSECURE Magazine - 35
INSECURE Magazine - 35Felipe Prado
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesZakaria SMAHI
 
Check Point: Securing Web 2.0
Check Point: Securing Web 2.0 Check Point: Securing Web 2.0
Check Point: Securing Web 2.0 Group of company MUK
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-PracticesOctogence
 
Research Paper
Research PaperResearch Paper
Research PaperDavid Chaponniere
 
Phishing Detection using Decision Tree Model
Phishing Detection using Decision Tree ModelPhishing Detection using Decision Tree Model
Phishing Detection using Decision Tree ModelIRJET Journal
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Michael Hidalgo
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Cloud Security Alliance Lviv Chapter
 
GitHub: Secure Software Development for Financial Services
GitHub: Secure Software Development for Financial ServicesGitHub: Secure Software Development for Financial Services
GitHub: Secure Software Development for Financial ServicesDebbie A. Everson
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
Data Storage Issues in Cloud Computing
Data Storage Issues in Cloud ComputingData Storage Issues in Cloud Computing
Data Storage Issues in Cloud Computingijtsrd
 
Keyloggers A Malicious Attack
Keyloggers A Malicious AttackKeyloggers A Malicious Attack
Keyloggers A Malicious Attackijtsrd
 
CATALOGO MF 650 COMPLETO COM PEÇAS DE TRANSMISSAO
CATALOGO MF 650 COMPLETO COM PEÇAS DE TRANSMISSAOCATALOGO MF 650 COMPLETO COM PEÇAS DE TRANSMISSAO
CATALOGO MF 650 COMPLETO COM PEÇAS DE TRANSMISSAOTMTerraplanagem
 
Viet Nam Inclusive Business Accreditation System
Viet Nam Inclusive Business Accreditation SystemViet Nam Inclusive Business Accreditation System
Viet Nam Inclusive Business Accreditation SystemTri Dung, Tran
 

More Related Content

Similar to 19BCP072_Presentation_Final.pdf

Cloud_security.pptx
Cloud_security.pptxCloud_security.pptx
Cloud_security.pptxSofiyaKhan49
 
Emerging Trends in Web App Security.docx
Emerging Trends in Web App Security.docxEmerging Trends in Web App Security.docx
Emerging Trends in Web App Security.docxkoushikichakraborty3
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.pptKaukau9
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...TrustArc
 
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET Journal
 
INSECURE Magazine - 35
INSECURE Magazine - 35INSECURE Magazine - 35
INSECURE Magazine - 35Felipe Prado
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesZakaria SMAHI
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-PracticesOctogence
 
Phishing Detection using Decision Tree Model
Phishing Detection using Decision Tree ModelPhishing Detection using Decision Tree Model
Phishing Detection using Decision Tree ModelIRJET Journal
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Michael Hidalgo
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Cloud Security Alliance Lviv Chapter
 
GitHub: Secure Software Development for Financial Services
GitHub: Secure Software Development for Financial ServicesGitHub: Secure Software Development for Financial Services
GitHub: Secure Software Development for Financial ServicesDebbie A. Everson
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
Data Storage Issues in Cloud Computing
Data Storage Issues in Cloud ComputingData Storage Issues in Cloud Computing
Data Storage Issues in Cloud Computingijtsrd
 
Keyloggers A Malicious Attack
Keyloggers A Malicious AttackKeyloggers A Malicious Attack
Keyloggers A Malicious Attackijtsrd
 

Similar to 19BCP072_Presentation_Final.pdf (20)

Cloud_security.pptx
Cloud_security.pptxCloud_security.pptx
Cloud_security.pptx
 
C01461422
C01461422C01461422
C01461422
 
Emerging Trends in Web App Security.docx
Emerging Trends in Web App Security.docxEmerging Trends in Web App Security.docx
Emerging Trends in Web App Security.docx
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
 
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
 
INSECURE Magazine - 35
INSECURE Magazine - 35INSECURE Magazine - 35
INSECURE Magazine - 35
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
Check Point: Securing Web 2.0
Check Point: Securing Web 2.0 Check Point: Securing Web 2.0
Check Point: Securing Web 2.0
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-Practices
 
Research Paper
Research PaperResearch Paper
Research Paper
 
Phishing Detection using Decision Tree Model
Phishing Detection using Decision Tree ModelPhishing Detection using Decision Tree Model
Phishing Detection using Decision Tree Model
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
 
GitHub: Secure Software Development for Financial Services
GitHub: Secure Software Development for Financial ServicesGitHub: Secure Software Development for Financial Services
GitHub: Secure Software Development for Financial Services
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
 
Data Storage Issues in Cloud Computing
Data Storage Issues in Cloud ComputingData Storage Issues in Cloud Computing
Data Storage Issues in Cloud Computing
 
Keyloggers A Malicious Attack
Keyloggers A Malicious AttackKeyloggers A Malicious Attack
Keyloggers A Malicious Attack
 

Recently uploaded

CATALOGO MF 650 COMPLETO COM PEÇAS DE TRANSMISSAO
CATALOGO MF 650 COMPLETO COM PEÇAS DE TRANSMISSAOCATALOGO MF 650 COMPLETO COM PEÇAS DE TRANSMISSAO
CATALOGO MF 650 COMPLETO COM PEÇAS DE TRANSMISSAOTMTerraplanagem
 
Viet Nam Inclusive Business Accreditation System
Viet Nam Inclusive Business Accreditation SystemViet Nam Inclusive Business Accreditation System
Viet Nam Inclusive Business Accreditation SystemTri Dung, Tran
 
Call Girls At-( Nearby )-Bhikaji Cama Place, Delhi | ⑧③77⓿⑧76⓿7
Call Girls At-( Nearby )-Bhikaji Cama Place, Delhi | ⑧③77⓿⑧76⓿7Call Girls At-( Nearby )-Bhikaji Cama Place, Delhi | ⑧③77⓿⑧76⓿7
Call Girls At-( Nearby )-Bhikaji Cama Place, Delhi | ⑧③77⓿⑧76⓿7dollysharma2066
 
Model Call Girl in Bawana Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Bawana Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Bawana Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Bawana Delhi reach out to us at 🔝8264348440🔝soniya singh
 
(8264348440) 🔝 Call Girls In Safdarjung Enclave 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Safdarjung Enclave 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Safdarjung Enclave 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Safdarjung Enclave 🔝 Delhi NCRsoniya singh
 
(8264348440) 🔝 Call Girls In Green Park 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Green Park 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Green Park 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Green Park 🔝 Delhi NCRsoniya singh
 
办昆士兰大学UQ毕业证书/成绩单GPA修改 - 留学买假毕业证
办昆士兰大学UQ毕业证书/成绩单GPA修改 - 留学买假毕业证办昆士兰大学UQ毕业证书/成绩单GPA修改 - 留学买假毕业证
办昆士兰大学UQ毕业证书/成绩单GPA修改 - 留学买假毕业证0622mpom
 
Delhi Munirka 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex call girl
Delhi Munirka 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex call girlDelhi Munirka 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex call girl
Delhi Munirka 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex call girlsoniya singh
 
Call Girls in Tilak Nagar (DELHI-) 8377877756 Call Girls Service
Call Girls in Tilak Nagar (DELHI-) 8377877756 Call Girls ServiceCall Girls in Tilak Nagar (DELHI-) 8377877756 Call Girls Service
Call Girls in Tilak Nagar (DELHI-) 8377877756 Call Girls Servicedollysharma2066
 
Smart Traffic Management System presentation
Smart Traffic Management System presentationSmart Traffic Management System presentation
Smart Traffic Management System presentationFareeyaFaisal
 
Gurgaon Rajiv Chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...
Gurgaon Rajiv Chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...Gurgaon Rajiv Chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...
Gurgaon Rajiv Chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...soniya singh
 
(8264348440) 🔝 Call Girls In Babarpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Babarpur 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Babarpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Babarpur 🔝 Delhi NCRsoniya singh
 
Entrepreneur street first Edition is now out
Entrepreneur street first Edition is now outEntrepreneur street first Edition is now out
Entrepreneur street first Edition is now outentrepreneur street
 
Guwahati Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Guwahati Call Girls 7001305949 WhatsApp Number 24x7 Best ServicesGuwahati Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Guwahati Call Girls 7001305949 WhatsApp Number 24x7 Best Servicesnajka9823
 
About Entrepreneur ELON MUSK .pptx...
About Entrepreneur ELON MUSK .pptx...About Entrepreneur ELON MUSK .pptx...
About Entrepreneur ELON MUSK .pptx...lahiruherath654
 
(8264348440) 🔝 Call Girls In Sriniwaspuri 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Sriniwaspuri 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Sriniwaspuri 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Sriniwaspuri 🔝 Delhi NCRsoniya singh
 
NEON LIGHT CITY pitch deck for AR PC GAME
NEON LIGHT CITY pitch deck for AR PC GAMENEON LIGHT CITY pitch deck for AR PC GAME
NEON LIGHT CITY pitch deck for AR PC GAMEtess51
 

Recently uploaded (20)

CATALOGO MF 650 COMPLETO COM PEÇAS DE TRANSMISSAO
CATALOGO MF 650 COMPLETO COM PEÇAS DE TRANSMISSAOCATALOGO MF 650 COMPLETO COM PEÇAS DE TRANSMISSAO
CATALOGO MF 650 COMPLETO COM PEÇAS DE TRANSMISSAO
 
Viet Nam Inclusive Business Accreditation System
Viet Nam Inclusive Business Accreditation SystemViet Nam Inclusive Business Accreditation System
Viet Nam Inclusive Business Accreditation System
 
Call Girls At-( Nearby )-Bhikaji Cama Place, Delhi | ⑧③77⓿⑧76⓿7
Call Girls At-( Nearby )-Bhikaji Cama Place, Delhi | ⑧③77⓿⑧76⓿7Call Girls At-( Nearby )-Bhikaji Cama Place, Delhi | ⑧③77⓿⑧76⓿7
Call Girls At-( Nearby )-Bhikaji Cama Place, Delhi | ⑧③77⓿⑧76⓿7
 
Model Call Girl in Bawana Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Bawana Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Bawana Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Bawana Delhi reach out to us at 🔝8264348440🔝
 
(8264348440) 🔝 Call Girls In Safdarjung Enclave 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Safdarjung Enclave 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Safdarjung Enclave 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Safdarjung Enclave 🔝 Delhi NCR
 
Pakistani Jumeirah Call Girls # +971559085003 # Pakistani Call Girls In Jumei...
Pakistani Jumeirah Call Girls # +971559085003 # Pakistani Call Girls In Jumei...Pakistani Jumeirah Call Girls # +971559085003 # Pakistani Call Girls In Jumei...
Pakistani Jumeirah Call Girls # +971559085003 # Pakistani Call Girls In Jumei...
 
(8264348440) 🔝 Call Girls In Green Park 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Green Park 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Green Park 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Green Park 🔝 Delhi NCR
 
办昆士兰大学UQ毕业证书/成绩单GPA修改 - 留学买假毕业证
办昆士兰大学UQ毕业证书/成绩单GPA修改 - 留学买假毕业证办昆士兰大学UQ毕业证书/成绩单GPA修改 - 留学买假毕业证
办昆士兰大学UQ毕业证书/成绩单GPA修改 - 留学买假毕业证
 
Delhi Munirka 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex call girl
Delhi Munirka 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex call girlDelhi Munirka 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex call girl
Delhi Munirka 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex call girl
 
Hot Sexy call girls in Rajouri Garden🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rajouri Garden🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rajouri Garden🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rajouri Garden🔝 9953056974 🔝 Delhi escort Service
 
Call Girls in Tilak Nagar (DELHI-) 8377877756 Call Girls Service
Call Girls in Tilak Nagar (DELHI-) 8377877756 Call Girls ServiceCall Girls in Tilak Nagar (DELHI-) 8377877756 Call Girls Service
Call Girls in Tilak Nagar (DELHI-) 8377877756 Call Girls Service
 
Smart Traffic Management System presentation
Smart Traffic Management System presentationSmart Traffic Management System presentation
Smart Traffic Management System presentation
 
Gurgaon Rajiv Chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...
Gurgaon Rajiv Chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...Gurgaon Rajiv Chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...
Gurgaon Rajiv Chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...
 
(8264348440) 🔝 Call Girls In Babarpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Babarpur 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Babarpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Babarpur 🔝 Delhi NCR
 
Entrepreneur street first Edition is now out
Entrepreneur street first Edition is now outEntrepreneur street first Edition is now out
Entrepreneur street first Edition is now out
 
young call girls in kailash Nagar, 🔝 9953056974 🔝 escort Service
young call girls in kailash Nagar, 🔝 9953056974 🔝 escort Serviceyoung call girls in kailash Nagar, 🔝 9953056974 🔝 escort Service
young call girls in kailash Nagar, 🔝 9953056974 🔝 escort Service
 
Guwahati Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Guwahati Call Girls 7001305949 WhatsApp Number 24x7 Best ServicesGuwahati Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Guwahati Call Girls 7001305949 WhatsApp Number 24x7 Best Services
 
About Entrepreneur ELON MUSK .pptx...
About Entrepreneur ELON MUSK .pptx...About Entrepreneur ELON MUSK .pptx...
About Entrepreneur ELON MUSK .pptx...
 
(8264348440) 🔝 Call Girls In Sriniwaspuri 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Sriniwaspuri 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Sriniwaspuri 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Sriniwaspuri 🔝 Delhi NCR
 
NEON LIGHT CITY pitch deck for AR PC GAME
NEON LIGHT CITY pitch deck for AR PC GAMENEON LIGHT CITY pitch deck for AR PC GAME
NEON LIGHT CITY pitch deck for AR PC GAME
 

19BCP072_Presentation_Final.pdf

  • 1. 13 May 2023 1 Mentored by: Mr. Dhairya Shah Presented by: Kunj Joshi Roll No.: 19BCP072 Major/Comprehensive Project Interim Presentation-1 on Automated Security Tool with GUI for Websites
  • 2. OUTLINE ❑Abstract ❑Industry Introduction ❑Project Overview ❑Objectives ❑Project Stages & Current Stage ❑ Methodology ❑Conclusion 13 May 2023 2
  • 3. ABSTRACT ➢ Security is an important aspect in any website deployment in today’s age. An insecure website can lead to various attacks and losses on behalf of company, such as financial losses, data losses etc. to name a few. It is very important for a company to reinforce its website with latest methodologies and security measures to stop such losses and attacks from happening. Many security measures can be checked upon using manual methods, but several security measures can be automated. The tool being created, takes up eight such security measures and automates them using Python. The tool is available in both: GUI and CLI format. The eight modules covered include: SQL Injection detection, Network Analysis, Keyloggers, Malware Detection, Data Loss Prevention, SSL Certificate Analysis, Data Protection and Website Phishing Detection. All these security measures when strictly imposed, can either prevent an attack or lessen the damages caused by a cyberattack. The tool uses different aspects of Computer Science such as OOPS concepts, Machine Learning, Data Science, Networking, Logging and File Management to implement each and every aspect in the least time complexity possible. The tool also introduces to two new algorithms, created by the user for Hashing and Encryption of data and also analyses the strength of current security features implemented in a system. 13 May 2023 3
  • 4. INDUSTRY INTRODUCTION ➢ Founded in 2012, VeriFast Technologies is the leader in ASIC Verification Training and Consulting. Our training programs are designed for entry-level to seasoned engineers, and they are great for individuals and teams. Our training programs and consulting expertise is in ASIC Verification with an intense focus on SystemVerilog and UVM. Our clients range from semiconductor giants to startups. ➢ The internal division of the technical team is done into two parts: Hardware Team and Software Team. The Software team is responsible for managing all web related, OS related and Network related queries. The Software Team is led by Mr. Dhairya Shah, who completed his Bachelors in Technology in Computer Science in 2013. He has been working with VeriFast Technologies since 2015. The other team members include Mr. Prayag Bhanderi who completed his Bachelors in Technology in Computer Engineering and Communications in year 2020 and Mr. Yash Pamnani who completed their Bachelors in Technology in Information Technology in year 2020. ➢ The creation of an automated Security Tool with GUI and CLI functionalities has been a relatively new idea and new implementations are being considered everyday. More security aspects can also be implemented in the future. VeriFast Technologies is also focused on Training young enthusiasts for the field of Cybersecurity and spreading Awareness through Campaigns and Hosted Talks. 4
  • 5. PROJECT OVERVIEW ➢ The Project is currently under development phase. It is focused on implementing 8 Modules of Security Aspects and each Module development is considered as a Development Phase of the Project. The Modules are as follows: 1) SQL Injection Detection 2) Network Analysis 3) Malware Detection using Machine Learning 4) Keylogger 5) Data Loss Prevention 6) Website Phishing Detection using Machine Learning 7) SSL Certification Analysis 8) Data Protection 13 May 2023 5
  • 6. OBJECTIVES ➢ The objectives of the project are the combined objectives of each module. Currently, the project is focused on producing these ten objectives, based on the modules being worked upon: 1) Detecting SQL Injection with conformity in a Login Page, having fields such as Username and Password. 2) Producing a data dump of a network connection between a device and another device/ hosted website. 3) Detecting whether a file or a program is malicious or not by using the file’s metadata, permissions, storage capacities, hash etc. in Machine Learning Algorithms. 4) Deploying a Keylogger in a device to record and analyze keystrokes used by the device 5) Creating a safe and secure Backup of all the data at timely intervals to lessen the damage in case of a Cyberattack 6) Detection of leaked data relating to the industry, such as mobile numbers, emails, passwords etc. 13 May 2023 6
  • 7. OBJECTIVES(CONTD…) 7) Detecting a Malicious website based on its URL contents and Webpage contents using Machine Learning techniques 8) Analyzing a website’s security standards by its SSL Information and creating alert technology to renew the SSL Certificates before its expiry date 9) Creating a safe and secure data transmission method using Encryption and Decryption technology. It also introduces a new Encryption algorithm, currently under development 10) Creating a safe and secure data storage using Hashing technology. It also introduces to a new Hashing algorithm, currently under development. 7
  • 8. PROJECT STAGES & CURRENT STAGE ➢As discussed earlier, each module is being independently considered as one development phase, hence creating eight different development phases. There are submodules in many modules as well, which are considered as subphases of development. ➢Currently, 2 phases of the development have been completed and the third phase of development is currently under progress. The modules of SQL Injection Detection and Network Analysis have been implemented. ➢Work on Malware Detection is under progress. 13 May 2023 8
  • 9. METHODOLOGY ➢The methodology of the work is simple. Each module is implemented independently and then all the modules are integrated as one huge project. The programming language used is Python and Flask. Web Development Languages such as HTML and CSS are also extensively used. 13 May 2023 9
  • 10. THE LANDING PAGE OF TOOL 13 May 2023 10
  • 11. METHODOLOGY (CONTD…) The first module implemented was SQL Injection Detection. It used a Bruteforce Approach by brute forcing the Username and Password, with a Panel Bypass dataset (provided by the company). 11
  • 12. THE RESULT OF SQL INJECTION DETECTOR 12
  • 13. METHODOLOGY (CONTD…) The second module implemented was Network Analysis. It had two submodules: Network Scan And Network Capture. Network Scan works on IP Addresses and finds open ports and services in the address. 13
  • 15. METHODOLOGY (CONTD…) The second submodule of Network Analysis is Network Capture which works on URLs. It intercepts a URL Request and captures the Network Dump in a JSON format. The JSON is then parsed to produce the output details. 15
  • 17. WEBSITE PHISHING DETECTION • Website phishing refers to the act of creating fraudulent websites that mimic legitimate ones to deceive users and obtain their sensitive information, such as login credentials, credit card details, or personal data. Phishing websites are designed to appear authentic, often using similar logos, layouts, and URLs to trick unsuspecting individuals into entering their confidential information. • Phishing attacks typically involve sending deceptive emails or messages that prompt users to visit the phishing website. These messages often mimic official communication from trusted sources, such as banks, online services, or social media platforms. Once users land on the phishing website, they may be prompted to provide their login credentials or other sensitive information, which is then captured by the attackers. • Website phishing can have severe consequences, including identity theft, financial loss, and unauthorized access to personal accounts. To protect against phishing attacks, users should be cautious when clicking on links in emails or messages, verify the authenticity of websites by checking for secure connections (https://), and avoid providing sensitive information on suspicious or unfamiliar websites. • Additionally, organizations can implement security measures such as anti-phishing filters, user education and awareness programs, and multi-factor authentication to mitigate the risks associated with website phishing. Regular monitoring and prompt takedown of reported phishing websites are also essential to minimize the impact on users. 17
  • 19. KEYLOGGER • A keylogger is a type of software or hardware device that records the keystrokes typed on a computer or mobile device. It is designed to capture and log all keyboard inputs, including passwords, usernames, messages, and other sensitive information. Keyloggers can be either legitimate or malicious, depending on their intended use. • Legitimate Use: • In certain scenarios, keyloggers can serve legitimate purposes, such as: • 1. Monitoring employee activity: Some organizations use keyloggers to monitor employee computer usage for security, productivity, or compliance purposes. This may be done to ensure that employees are not engaging in unauthorized activities or to detect potential security breaches. • 2. Parental control: Keyloggers can be used by parents to monitor their children's online activities, ensuring their safety and protecting them from potential threats or inappropriate content. • 3. Law enforcement and investigations: Keyloggers may be utilized by law enforcement agencies or in investigations to gather evidence or track suspicious activities. 19
  • 21. DATA LEAK PREVENTION: AUTOMATED BACKUP • Automated backup refers to the process of automatically creating and storing copies of data or files at regular intervals without requiring manual intervention. It is an essential practice to ensure data protection, minimize the risk of data loss, and facilitate data recovery in the event of system failures, accidental deletion, or other unforeseen incidents. • Automated backup systems employ specialized software or tools that schedule and perform backups according to predefined settings. These settings can include the frequency of backups, the specific files or directories to be backed up, and the destination where the backup copies will be stored, such as external hard drives, network drives, cloud storage, or remote servers. • To implement automated backup, it is important to choose appropriate backup software or tools that align with your specific requirements. Consider factors such as backup frequency, storage capacity, security features, and ease of use. Regular monitoring of the backup process and periodic testing of data restoration procedures are also recommended to ensure the integrity and effectiveness of the backup system. 21
  • 23. DATA LEAK DETECTION: PASSWORD LEAK • Detecting password leaks involves monitoring and identifying instances where user passwords have been compromised or exposed. Here are some methods and best practices for detecting password leaks: • 1. Data breach notifications: Stay informed about data breaches and security incidents through reputable sources. Organizations that experience breaches often provide notifications to affected users. Keep an eye on these notifications and take appropriate action if your account information is compromised. • 2. Password breach databases: Check online databases or services that aggregate and index leaked passwords from various data breaches. These databases allow you to search if your password has been exposed. Examples include Have I Been Pwned (https://haveibeenpwned.com/) and similar services. • 3. Two-factor authentication (2FA): Enable 2FA for your online accounts whenever possible. This adds an extra layer of security by requiring a second form of authentication, such as a unique code sent to your mobile device, in addition to your password. If someone attempts to use your password without the second factor, access will be denied. 23
  • 25. SSL CERTIFICATION ANALYSIS • Analysis of SSL certification involves evaluating the security and trustworthiness of a website's SSL (Secure Sockets Layer) certificate. Here are key aspects to consider during an SSL certificate analysis: • 1. Certificate Authority (CA): • 2. Certificate validity • 3. Certificate type • 4. Encryption strength • 5. Certificate chain • 6. Trust indicators • 7. Certificate revocation • 8. Mixed content • 9. Vulnerability scanning • By thoroughly analyzing these aspects of an SSL certificate, you can assess the security and reliability of a website's encrypted connection and ensure a safer browsing experience for users. 25
  • 27. CRYPTOGRAPHY AND HASHING • Cryptography and hashing are two important concepts in the field of computer security and data protection. While they both involve the transformation of data, they serve different purposes and have distinct applications. • Cryptography: • Cryptography is the practice of securing communication and data by converting it into a form that is unreadable to unauthorized individuals. It involves the use of encryption algorithms and keys to encode and decode information. The primary goals of cryptography are confidentiality, integrity, authentication, and non-repudiation. • Encryption: Encryption is the process of converting plain, readable data (plaintext) into an unreadable form (ciphertext) using an encryption algorithm and a unique encryption key. The ciphertext can only be decrypted back into plaintext by someone possessing the correct decryption key. Encryption ensures that even if an unauthorized person gains access to the encrypted data, they will not be able to understand its content. • Hashing is a one-way process that converts data of any size into a fixed-size string of characters, called a hash value or digest. Hash functions are designed to be fast and efficient, producing unique hash values for different inputs. The primary purpose of hashing is to verify data integrity and securely store passwords. • In summary, cryptography is used to protect data during transmission or storage, ensuring confidentiality and integrity, while hashing is used for data integrity verification and password storage. Both cryptography and hashing play crucial roles in securing information and maintaining privacy in various applications and systems. 27
  • 29. CONCLUSION ➢Security is an important aspect in today’s world. To avoid losses, industries must abide to Cybersecurity practices. Having an automated tool which can produce efficient results in Cybersecurity aspects is a necessity. This tool will be able to help the industry by avoiding data loss and securing data. The tool will upgrade the cybersecurity features in a company’s repo to latest cybersecurity practices. The tool can be used to detect and patch vulnerabilities or analyze weak points in a website. Hence, this tool can revolutionize the Cybersecurity Automation Sector as well. 13 May 2023 29