It is a computer program/software designed to detect and prevent any kind of
malware or viruses from damaging or corrupting the system (PC, Laptop, Tablet,
Malicious Software commonly known as malware is a code/computer
program/script that can harm a computer or any smart electronic device and can
perform theft of digital data. Therefore, antivirus detect and prevent the
malicious program a.k.a malware from installing and getting executed in the
Antivirus products normally work by detecting , quarantining and deleting
malicious code, in-order to prevent the execution in the system. Modern antivirus
products update themselves automatically, to provide protection against the latest
malwares or viruses.
Some commonly known antivirus product brands are Quick Heal, Kaspersky and
Norton. But there are other antivirus product brands in the market. Normally the
choice of antivirus product brand depends on the cost, usage and many more
SAST typically stands for Static Application Security Testing.
Normally this approach is used in Source Code Review Scope or White Box
Here in SAST we manually review the source code of the software in-order to
detect vulnerabilities in the software.
Some known SAST tools are Bandit, MobSF, SonarQube, Veracode and many more.
DAST typically stands for Dynamic Application Security Testing.
Normally this approach is used in dynamic analysis of the traffic where we try to
manipulate the headers and numerous parameters in-order to assess the
vulnerability and it’s impact.
DAST approach is used in Black-Box and Grey-Box Penetration Testing.
Some known DAST tools are Acunetix web vulnerability scanner, Burpsuite, Owasp-
ZAP, Nikto, and many more.
“C” stands for Confidentiality:- It means that the data remaining the
state of static or dynamic must be secured and no other user can access
the sensitive data.
“I” stands for Integrity:- It means that no modification should be done to
the data via malicious threat actor and the genuinity of the data must be
maintained throughout the process.
“A” stands for Availability:- It means that the service provided must be
up and running and also the information should be consistently and
readily accessible for authorized parties.
Any deviation done from the CIA triad results in the security issue of the
asset and expose it into the surface of the malicious threat/actors.
Passive Reconnaisance is the approach to gain information about the target
without actively engaging with the system.
Passive Reconnaisance is not noisy and the information depends on the publicly
available information and use of sniffing tools.
Some know tools for passive reconnaissance are Wireshark, Ettercap , Tshark ,
OSINT tools , Google dorks , Shodan and many more…
Active Reconnaisance is the approach to gain information about the target with
actively engaging with the system.
Active Reconnaisance is noisy and therefore there is a chance for the traffic to get
detected, therefore respective measures should be taken for not getting detecting
especially during red team engagements.
Sone know tools for active reconnaissance are Nmap, Zenmap , SQLmap , Nikto ,
SSTImap and many more..
Shell is normally an interaction interface program that makes possible for the
application or the system to interact with the operating system kernel.
Reverse shell is intended for malicious purpose where an adversary after
exploiting the vulnerability in a system uploads a reverse shell to interact
with the target system in-order to perform post exploitation engagement.
The persistency in a target system depends on the reverse shell stability. The
more the reverse shell is stable the more there is persistency to access the
There are various types of reverse shell. They are Bash reverse shell, PHP
reverse shell, Java reverse shell, Python reverse shell, Perl reverse shell,
Netcat reverse shell and many more.
Reverse shell can be coded/programmed using any programming language.
End Point Detection And Response (EDR)
EDR stands for “End Point Detection And Response”.
It is a security tool that focuses on detecting and mitigating suspicious
activity on devices and hosts.
The value of EDR is the ability to detect advanced threats that may not have
a recorded behavioral pattern or malware signature.
Some known EDR product brands are Crowdstrike, Cisco, Fortinet and many
Configuration review is the scope where a consultant/security researcher do
secure review over the configuration done to the network and perimeter
Configuration review is carried out referring the two benchmarks namely CIS
benchmarks and STIG benchmarks.
Configuration review is an essential scope for infrastructure security where
secure configuration leads to secure network/infrastructure architecture.
Some know tools to perform configuration review are Nessus, Nipper and
But it is always best to manually perform the configuration review either
through the provided config files or taking the remote of the system.
Vulnerability Assessment (VA)
VA stands for “Vulnerability Assessment”.
It is an approach or method to assess the vulnerabilities present in the
infrastructure or in the application.
It comes from two words:- Vulnerability + Assessment
Here in this method we use VA scanner tools to check what vulnerabilities are
present in the infrastructure or in the application.
Some know VA Tools present in the market are Nessus, Qualys, Acunetix,
Nikto, OWASPZAP, Open VAS and many more.
However, there are many commercial tools and opensource tools available, it
mainly depends upon the scope and budget of testing.
Penetration Testing (PT)
PT stands for “Penetration Testing”.
Penetration Testing method/approach means exploiting the vulnerability found in
the application or in the infrastructure.
Penetration Testing also notifies whether the vulnerability results found in the VA
scanner tool is actually false positive or not.
There are mainly two types of penetration testing namely Infrastructure
security/penetration testing and Application security/penetration testing.
In Infrastructure security/penetration testing we have Network penetration
testing, Scada/OT security assessment, Hardware hacking and many more.
Application security/penetration testing covers Web application pentesting, Mobile
application pentesting, API pentesting, Thick client pentesting, Devsecops, Cloud
Scope of penetration testing is White Box, Black Box and Grey Box.
Critical Infrastructure Security
Critical Infrastructure security is now an added scope into the security field
where mainly the critical infrastructures like power plant, oil/gas factories,
nuclear plant, water treatment plant, etc.. especially the core sectors are
getting their operations computerized.
So mainly, this security sector is being given the term “critical” as any
malicious vector can take down the plant or can result in the loss of life.
Here mainly the availability issue of CIA triad plays the major role.