SlideShare a Scribd company logo

bhumi verma dentition in mammals -aman.pptxhhdbshdbsbdhsdbhdbhs

Download as PPTX, PDF
S
sarasdivyansh1608

bdjj

Science
1 of 21
Network level security issues Name-Aman Maheshwari Roll No.-2103291 S. No.-19 Course- CSM-603
What is “Security” • Freedom from risk or danger; safety. • Freedom from doubt, anxiety, or fear; confidence. • Something that gives or assures safety, as: 1. A group or department of private guards: Call building security if a visitor acts suspicious. 2. Measures adopted by a government to prevent espionage, sabotage, or attack. 3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant. …etc.
The Most Common Web Attacks • Cross-Site Scripting (XSS) • SQL Injection Attacks • Broken Authentication • Drive-By Download • DDoS (Distributed Denial-of- Service) • MiTM (Man-in-the-Middle) • Fuzzing • Password-Based Attacks
Cross-Site Scripting (XSS) Cross-site scripting (XSS) attacks trick a browser into delivering malicious client-side scripts to the victim's browser, which will automatically execute it once received. This malware can: • Exfiltrate data • Install malware • Redirect the user to a spoofed site
Preventing XSS attacks Preventing XSS attacks is as easy as sanitizing your data inputs. Consider denying special characters or symbols to avoid the injection of code. Unchecked, cross-site scripting attacks can lead to session hijacking, form action hijacking, and server- side request forgery attacks.
SQL Injection Attacks SQL injection attacks are one of the most common web attacks of the past ten years and allow attackers to compromise a server's cookies, web forms, or HTTP posts to manipulate data out of the database. They exploit input fields (like those you'd see in an online form) and inject malicious scripts designed to trick the server into providing unauthorized (and yet not protected) sensitive database information. Preventing SQL injection attacks requires the same stringency for data input and a limited set of functions permissible through SQL commands
Broken Authentication The Verizon 2022 DBIR states that 67% of data breaches result from compromised credentials. Broken authentication – or any sort of illegitimate login–based access – can be executed in many ways: • Brute force • Credential stuffing • Dictionary attacks Preventing broken authentication attacks can be as easy as making a super-secure password or as reliable as switching to tokenized Multi-Factor Authentication (MFA).
Drive-By Download Drive-by downloads occur when a user visits a website and a malicious agent downloads onto the victim's computer automatically. It can happen when the user is downloading something else or upon opening an email, clicking a pop-up window, or merely visiting a page. Since drive-by attacks take advantage of latent security vulnerabilities in apps, browsers, and operating systems, it's important to keep your environment up to date. Limiting the number of web plug-ins and applications you install also reduces your attack surface.
How to prevent malware • Keep your computer and software updated. ... • Use a non-administrator account whenever possible. ... • Think twice before clicking links or downloading anything. ... • Be careful about opening email attachments or images. ... • Don't trust pop-up windows that ask you to download software. ... • Limit your file-sharing.
DDoS (Distributed Denial-of-Service) DDoS attacks aim to overwhelm the target's web server with requests, making the site unavailable for other visitors. A botnet usually creates a vast number of requests, which are distributed among previously infected computers. Also, these types of web attacks are often used together with other methods; the goal of the former is to distract the security systems while exploiting a vulnerability. Protecting your site against a DDoS attack is generally multi-faceted: First, you need to mitigate the peaked traffic by using a Content Delivery Network (CDN), a load balancer, and scalable resources. Secondly, you also need to deploy a Web Application Firewall (WAF) in case the DDoS attack is concealing another cyberattack method, such as an injection or XSS.
MiTM (Man-in-the-Middle) Man-in-the-middle attacks are common among sites that haven't encrypted their data as it travels from the user to the servers (sites using HTTP instead of HTTPS). The perpetrator intercepts the data as it's being transferred between two parties. If the data isn't encrypted, the attacker can easily read personal, login, or other sensitive details that travel between two locations on the Internet. A straightforward way to mitigate the man-in-the-middle attack is to install a Secure Sockets Layer (SSL) certificate on your site. This certificate encrypts all the information between parties, so the attacker won't easily make sense of it. Typically, most modern hosting providers already feature an SSL certificate with their hosting package.
SSL SSL stands for Secure Sockets Layer, and it's a protocol that allows computer systems to communicate safely over the internet. SSL encrypts data sent between a website and a browser, or between two servers, to prevent hackers from seeing or stealing information. SSL also initiates an authentication process between two devices, and digitally signs data to verify that it hasn't been tampered with.
Fuzzing Fuzz testing is a type of web attack that works by initially inputting a large amount of random data (fuzz) into an application to get it to crash. The next step is using a fuzzer software tool to identify the weak spots. If there are any loopholes in the target's security, the attacker can further exploit it. The best way to combat a fuzzing attack is by keeping your security and other applications updated. This is especially true for any security patches that come out with an update that the perpetrators can exploit if you haven't made the update yet.
Password-Based Attacks While these can be part of a 'broken authentication' exploit, they really deserve their own real estate. The list of password-based attacks is varied and wide, including: Credential dumping (stealing your RAM to get to your secrets) Brute force (systematically guessing the correct password) Credential stuffing (using known credentials to log into a series of other accounts) Pass the Hash techniques (stealing a hashed credential and using it to create a new authenticated session) Implementing code signing, enforcing strong password requirements, setting up MFA, and operating on the principle of least privilege will reduce the chance of password-based attacks.
As we conclude our journey through network-level security challenges, let's continue to innovate and collaborate in safeguarding the digital frontier. The future of digital defense is in our hands. Safeguarding the Future
Thanks!

Recommended

cyber security
cyber securitycyber security
cyber security
Naveed Ahmed Siddiqui
 
cryptography .pptx
cryptography .pptxcryptography .pptx
cryptography .pptx
RRamyaDevi
 
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingThe Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
Muhammad FAHAD
 
How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM
AlienVault
 
CYBER SECURITY final ppt-1.pptx
CYBER SECURITY final ppt-1.pptxCYBER SECURITY final ppt-1.pptx
CYBER SECURITY final ppt-1.pptx
MOHAMMEDASHIK71
 
Website Security: A Guide to Defending Your Website
Website Security: A Guide to Defending Your WebsiteWebsite Security: A Guide to Defending Your Website
Website Security: A Guide to Defending Your Website
WebGuru Infosystems Pvt. Ltd.
 
types of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptxtypes of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptx
taufiq463421
 
Malware attack Social engineering attack
Malware attack Social engineering attackMalware attack Social engineering attack
Malware attack Social engineering attack
taufiq463421
 

Recommended

cyber security
cyber securitycyber security
cyber security
Naveed Ahmed Siddiqui
 
cryptography .pptx
cryptography .pptxcryptography .pptx
cryptography .pptx
RRamyaDevi
 
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingThe Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
Muhammad FAHAD
 
How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM
AlienVault
 
CYBER SECURITY final ppt-1.pptx
CYBER SECURITY final ppt-1.pptxCYBER SECURITY final ppt-1.pptx
CYBER SECURITY final ppt-1.pptx
MOHAMMEDASHIK71
 
Website Security: A Guide to Defending Your Website
Website Security: A Guide to Defending Your WebsiteWebsite Security: A Guide to Defending Your Website
Website Security: A Guide to Defending Your Website
WebGuru Infosystems Pvt. Ltd.
 
types of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptxtypes of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptx
taufiq463421
 
Malware attack Social engineering attack
Malware attack Social engineering attackMalware attack Social engineering attack
Malware attack Social engineering attack
taufiq463421
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
newbie2019
 
What Is Denial Of Service Attack
What Is Denial Of Service AttackWhat Is Denial Of Service Attack
What Is Denial Of Service Attack
Stephanie Williams
 
Methods Hackers Use
Methods Hackers UseMethods Hackers Use
Methods Hackers Use
brittanyjespersen
 
INTERNET SECURITY.pptx
INTERNET SECURITY.pptxINTERNET SECURITY.pptx
INTERNET SECURITY.pptx
babepa2317
 
9 Security Threats Everyone Should Be Aware Of
9 Security Threats Everyone Should Be Aware Of9 Security Threats Everyone Should Be Aware Of
9 Security Threats Everyone Should Be Aware Of
Aditya Prakhar Singh
 
Recent cyber Attacks
Recent cyber AttacksRecent cyber Attacks
Recent cyber Attacks
S.M. Towhidul Islam
 
Cyber security
Cyber security Cyber security
Cyber security
ankit yadav
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and viruses
Aamlan Saswat Mishra
 
R20BM564.pptx
R20BM564.pptxR20BM564.pptx
R20BM564.pptx
MADARAUCHIHA278827
 
R20BM564_NAWARAJSUNARPPT.pptx
R20BM564_NAWARAJSUNARPPT.pptxR20BM564_NAWARAJSUNARPPT.pptx
R20BM564_NAWARAJSUNARPPT.pptx
MADARAUCHIHA278827
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
newbie2019
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
A. Shamel
 
Cyber.pptx
Cyber.pptxCyber.pptx
Cyber.pptx
MahalakshmiShetty3
 
AW-Infs201101067.pptx
AW-Infs201101067.pptxAW-Infs201101067.pptx
AW-Infs201101067.pptx
AnonymousDevil2
 
A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...
Manimaran A
 
Computer Security
Computer SecurityComputer Security
Computer Security
Vaibhavi Patel
 
Computer Security
Computer SecurityComputer Security
Computer Security
Vaibhavi Patel
 
Network security
Network securityNetwork security
Network security
nafisarayhana1
 
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
Cyber security professional services- Detox techno
 
Security communication
Security communicationSecurity communication
Security communication
Say Shyong
 
Factory Acceptance Test( FAT).pptx .
Factory Acceptance Test( FAT).pptx .Factory Acceptance Test( FAT).pptx .
Factory Acceptance Test( FAT).pptx .
Poonam Aher Patil
 
Gwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRL
Gwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRLGwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRL
Gwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRL
kantirani197
 

More Related Content

Similar to bhumi verma dentition in mammals -aman.pptxhhdbshdbsbdhsdbhdbhs

Security communication
Security communicationSecurity communication
Security communication
Say Shyong
 

Similar to bhumi verma dentition in mammals -aman.pptxhhdbshdbsbdhsdbhdbhs (20)

Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
What Is Denial Of Service Attack
What Is Denial Of Service AttackWhat Is Denial Of Service Attack
What Is Denial Of Service Attack
 
Methods Hackers Use
Methods Hackers UseMethods Hackers Use
Methods Hackers Use
 
INTERNET SECURITY.pptx
INTERNET SECURITY.pptxINTERNET SECURITY.pptx
INTERNET SECURITY.pptx
 
9 Security Threats Everyone Should Be Aware Of
9 Security Threats Everyone Should Be Aware Of9 Security Threats Everyone Should Be Aware Of
9 Security Threats Everyone Should Be Aware Of
 
Recent cyber Attacks
Recent cyber AttacksRecent cyber Attacks
Recent cyber Attacks
 
Cyber security
Cyber security Cyber security
Cyber security
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and viruses
 
R20BM564.pptx
R20BM564.pptxR20BM564.pptx
R20BM564.pptx
 
R20BM564_NAWARAJSUNARPPT.pptx
R20BM564_NAWARAJSUNARPPT.pptxR20BM564_NAWARAJSUNARPPT.pptx
R20BM564_NAWARAJSUNARPPT.pptx
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cyber.pptx
Cyber.pptxCyber.pptx
Cyber.pptx
 
AW-Infs201101067.pptx
AW-Infs201101067.pptxAW-Infs201101067.pptx
AW-Infs201101067.pptx
 
A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Network security
Network securityNetwork security
Network security
 
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
 
Security communication
Security communicationSecurity communication
Security communication
 

Recently uploaded

Gwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRL
Gwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRLGwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRL
Gwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRL
kantirani197
 
Porella : features, morphology, anatomy, reproduction etc.
Porella : features, morphology, anatomy, reproduction etc.Porella : features, morphology, anatomy, reproduction etc.
Porella : features, morphology, anatomy, reproduction etc.
Silpa
 
development of diagnostic enzyme assay to detect leuser virus
development of diagnostic enzyme assay to detect leuser virusdevelopment of diagnostic enzyme assay to detect leuser virus
development of diagnostic enzyme assay to detect leuser virus
NazaninKarimi6
 
Reboulia: features, anatomy, morphology etc.
Reboulia: features, anatomy, morphology etc.Reboulia: features, anatomy, morphology etc.
Reboulia: features, anatomy, morphology etc.
Silpa
 
Phenolics: types, biosynthesis and functions.
Phenolics: types, biosynthesis and functions.Phenolics: types, biosynthesis and functions.
Phenolics: types, biosynthesis and functions.
Silpa
 
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 bAsymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
Sérgio Sacani
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TransientOffsetin14CAftertheCarringtonEventRecordedbyPolarTreeRings
TransientOffsetin14CAftertheCarringtonEventRecordedbyPolarTreeRingsTransientOffsetin14CAftertheCarringtonEventRecordedbyPolarTreeRings
TransientOffsetin14CAftertheCarringtonEventRecordedbyPolarTreeRings
Sérgio Sacani
 

Recently uploaded (20)

Factory Acceptance Test( FAT).pptx .
Factory Acceptance Test( FAT).pptx .Factory Acceptance Test( FAT).pptx .
Factory Acceptance Test( FAT).pptx .
 
Gwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRL
Gwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRLGwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRL
Gwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRL
 
Porella : features, morphology, anatomy, reproduction etc.
Porella : features, morphology, anatomy, reproduction etc.Porella : features, morphology, anatomy, reproduction etc.
Porella : features, morphology, anatomy, reproduction etc.
 
development of diagnostic enzyme assay to detect leuser virus
development of diagnostic enzyme assay to detect leuser virusdevelopment of diagnostic enzyme assay to detect leuser virus
development of diagnostic enzyme assay to detect leuser virus
 
Reboulia: features, anatomy, morphology etc.
Reboulia: features, anatomy, morphology etc.Reboulia: features, anatomy, morphology etc.
Reboulia: features, anatomy, morphology etc.
 
FAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
FAIRSpectra - Enabling the FAIRification of Spectroscopy and SpectrometryFAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
FAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
 
Bhiwandi Bhiwandi ❤CALL GIRL 7870993772 ❤CALL GIRLS ESCORT SERVICE In Bhiwan...
Bhiwandi Bhiwandi ❤CALL GIRL 7870993772 ❤CALL GIRLS ESCORT SERVICE In Bhiwan...Bhiwandi Bhiwandi ❤CALL GIRL 7870993772 ❤CALL GIRLS ESCORT SERVICE In Bhiwan...
Bhiwandi Bhiwandi ❤CALL GIRL 7870993772 ❤CALL GIRLS ESCORT SERVICE In Bhiwan...
 
Phenolics: types, biosynthesis and functions.
Phenolics: types, biosynthesis and functions.Phenolics: types, biosynthesis and functions.
Phenolics: types, biosynthesis and functions.
 
Selaginella: features, morphology ,anatomy and reproduction.
Selaginella: features, morphology ,anatomy and reproduction.Selaginella: features, morphology ,anatomy and reproduction.
Selaginella: features, morphology ,anatomy and reproduction.
 
GBSN - Microbiology (Unit 3)Defense Mechanism of the body
GBSN - Microbiology (Unit 3)Defense Mechanism of the body GBSN - Microbiology (Unit 3)Defense Mechanism of the body
GBSN - Microbiology (Unit 3)Defense Mechanism of the body
 
Genetics and epigenetics of ADHD and comorbid conditions
Genetics and epigenetics of ADHD and comorbid conditionsGenetics and epigenetics of ADHD and comorbid conditions
Genetics and epigenetics of ADHD and comorbid conditions
 
CURRENT SCENARIO OF POULTRY PRODUCTION IN INDIA
CURRENT SCENARIO OF POULTRY PRODUCTION IN INDIACURRENT SCENARIO OF POULTRY PRODUCTION IN INDIA
CURRENT SCENARIO OF POULTRY PRODUCTION IN INDIA
 
module for grade 9 for distance learning
module for grade 9 for distance learningmodule for grade 9 for distance learning
module for grade 9 for distance learning
 
Molecular markers- RFLP, RAPD, AFLP, SNP etc.
Molecular markers- RFLP, RAPD, AFLP, SNP etc.Molecular markers- RFLP, RAPD, AFLP, SNP etc.
Molecular markers- RFLP, RAPD, AFLP, SNP etc.
 
Chemistry 5th semester paper 1st Notes.pdf
Chemistry 5th semester paper 1st Notes.pdfChemistry 5th semester paper 1st Notes.pdf
Chemistry 5th semester paper 1st Notes.pdf
 
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 bAsymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Atp synthase , Atp synthase complex 1 to 4.
Atp synthase , Atp synthase complex 1 to 4.Atp synthase , Atp synthase complex 1 to 4.
Atp synthase , Atp synthase complex 1 to 4.
 
TransientOffsetin14CAftertheCarringtonEventRecordedbyPolarTreeRings
TransientOffsetin14CAftertheCarringtonEventRecordedbyPolarTreeRingsTransientOffsetin14CAftertheCarringtonEventRecordedbyPolarTreeRings
TransientOffsetin14CAftertheCarringtonEventRecordedbyPolarTreeRings
 
Cyanide resistant respiration pathway.pptx
Cyanide resistant respiration pathway.pptxCyanide resistant respiration pathway.pptx
Cyanide resistant respiration pathway.pptx
 

bhumi verma dentition in mammals -aman.pptxhhdbshdbsbdhsdbhdbhs

  • 1. Network level security issues Name-Aman Maheshwari Roll No.-2103291 S. No.-19 Course- CSM-603
  • 2. What is “Security” • Freedom from risk or danger; safety. • Freedom from doubt, anxiety, or fear; confidence. • Something that gives or assures safety, as: 1. A group or department of private guards: Call building security if a visitor acts suspicious. 2. Measures adopted by a government to prevent espionage, sabotage, or attack. 3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant. …etc.
  • 3. The Most Common Web Attacks • Cross-Site Scripting (XSS) • SQL Injection Attacks • Broken Authentication • Drive-By Download • DDoS (Distributed Denial-of- Service) • MiTM (Man-in-the-Middle) • Fuzzing • Password-Based Attacks
  • 4. Cross-Site Scripting (XSS) Cross-site scripting (XSS) attacks trick a browser into delivering malicious client-side scripts to the victim's browser, which will automatically execute it once received. This malware can: • Exfiltrate data • Install malware • Redirect the user to a spoofed site
  • 5. Preventing XSS attacks Preventing XSS attacks is as easy as sanitizing your data inputs. Consider denying special characters or symbols to avoid the injection of code. Unchecked, cross-site scripting attacks can lead to session hijacking, form action hijacking, and server- side request forgery attacks.
  • 6. SQL Injection Attacks SQL injection attacks are one of the most common web attacks of the past ten years and allow attackers to compromise a server's cookies, web forms, or HTTP posts to manipulate data out of the database. They exploit input fields (like those you'd see in an online form) and inject malicious scripts designed to trick the server into providing unauthorized (and yet not protected) sensitive database information. Preventing SQL injection attacks requires the same stringency for data input and a limited set of functions permissible through SQL commands
  • 7.
  • 8. Broken Authentication The Verizon 2022 DBIR states that 67% of data breaches result from compromised credentials. Broken authentication – or any sort of illegitimate login–based access – can be executed in many ways: • Brute force • Credential stuffing • Dictionary attacks Preventing broken authentication attacks can be as easy as making a super-secure password or as reliable as switching to tokenized Multi-Factor Authentication (MFA).
  • 9.
  • 10. Drive-By Download Drive-by downloads occur when a user visits a website and a malicious agent downloads onto the victim's computer automatically. It can happen when the user is downloading something else or upon opening an email, clicking a pop-up window, or merely visiting a page. Since drive-by attacks take advantage of latent security vulnerabilities in apps, browsers, and operating systems, it's important to keep your environment up to date. Limiting the number of web plug-ins and applications you install also reduces your attack surface.
  • 11.
  • 12. How to prevent malware • Keep your computer and software updated. ... • Use a non-administrator account whenever possible. ... • Think twice before clicking links or downloading anything. ... • Be careful about opening email attachments or images. ... • Don't trust pop-up windows that ask you to download software. ... • Limit your file-sharing.
  • 13. DDoS (Distributed Denial-of-Service) DDoS attacks aim to overwhelm the target's web server with requests, making the site unavailable for other visitors. A botnet usually creates a vast number of requests, which are distributed among previously infected computers. Also, these types of web attacks are often used together with other methods; the goal of the former is to distract the security systems while exploiting a vulnerability. Protecting your site against a DDoS attack is generally multi-faceted: First, you need to mitigate the peaked traffic by using a Content Delivery Network (CDN), a load balancer, and scalable resources. Secondly, you also need to deploy a Web Application Firewall (WAF) in case the DDoS attack is concealing another cyberattack method, such as an injection or XSS.
  • 14. MiTM (Man-in-the-Middle) Man-in-the-middle attacks are common among sites that haven't encrypted their data as it travels from the user to the servers (sites using HTTP instead of HTTPS). The perpetrator intercepts the data as it's being transferred between two parties. If the data isn't encrypted, the attacker can easily read personal, login, or other sensitive details that travel between two locations on the Internet. A straightforward way to mitigate the man-in-the-middle attack is to install a Secure Sockets Layer (SSL) certificate on your site. This certificate encrypts all the information between parties, so the attacker won't easily make sense of it. Typically, most modern hosting providers already feature an SSL certificate with their hosting package.
  • 15.
  • 16. SSL SSL stands for Secure Sockets Layer, and it's a protocol that allows computer systems to communicate safely over the internet. SSL encrypts data sent between a website and a browser, or between two servers, to prevent hackers from seeing or stealing information. SSL also initiates an authentication process between two devices, and digitally signs data to verify that it hasn't been tampered with.
  • 17. Fuzzing Fuzz testing is a type of web attack that works by initially inputting a large amount of random data (fuzz) into an application to get it to crash. The next step is using a fuzzer software tool to identify the weak spots. If there are any loopholes in the target's security, the attacker can further exploit it. The best way to combat a fuzzing attack is by keeping your security and other applications updated. This is especially true for any security patches that come out with an update that the perpetrators can exploit if you haven't made the update yet.
  • 18. Password-Based Attacks While these can be part of a 'broken authentication' exploit, they really deserve their own real estate. The list of password-based attacks is varied and wide, including: Credential dumping (stealing your RAM to get to your secrets) Brute force (systematically guessing the correct password) Credential stuffing (using known credentials to log into a series of other accounts) Pass the Hash techniques (stealing a hashed credential and using it to create a new authenticated session) Implementing code signing, enforcing strong password requirements, setting up MFA, and operating on the principle of least privilege will reduce the chance of password-based attacks.
  • 19.
  • 20. As we conclude our journey through network-level security challenges, let's continue to innovate and collaborate in safeguarding the digital frontier. The future of digital defense is in our hands. Safeguarding the Future