Cyber Security Project: Embark on a journey through the realm of cyber security with our meticulous student project conducted by the esteemed Boston Institute of Analytics. This immersive analysis navigates the intricate layers of website security, spanning from vulnerability assessments to proactive risk mitigation strategies. Explore our findings and recommendations to fortify your website's defenses against the ever-evolving threats in the digital landscape with our Cyber Security project,Dive deeper into encryption protocols, authentication mechanisms, and other vital aspects of cyber security. Discover more about our project at https://bostoninstituteofanalytics.org/cyber-security-and-ethical-hacking/

2. Website Analysis
By
Neeteshkumar Vishwakarma

3. Website Analysis
What is website analysis?
• Website analysis is the process of examining and evaluating different aspects
of a website to gain insights into its functionality, performance, security,
audience, and overall effectiveness.
• It involves a series of steps to gather information, analyze data, and draw
conclusions about the website's strengths, weaknesses, and areas for
improvement.
Here are the key reasons why website analysis is important:
• Improved user experience: By identifying issues that affect user navigation,
functionality, or content clarity, website analysis can help optimize the site for a
better user experience.
• Enhanced SEO performance: By analyzing data on website traffic, keyword
rankings, and backlinks, website owners can identify areas for improvement in
search engine optimization (SEO) and increase their online visibility.
• Data-driven decision making: Website analysis provides valuable data and
insights that can be used to inform website design, content creation, and
marketing strategies.

4. • Competitive benchmarking: By analyzing competitor websites, businesses can
identify best practices, understand their online landscape, and develop strategies
to differentiate themselves.
• Improved security posture: Security analysis of websites can reveal potential
vulnerabilities, allowing owners to take proactive steps to protect their website
from cyber threats.
Website analysis can be categorized into several types depending on
the specific goals:
• Technical analysis: This focuses on the website's technical aspects, such as the
CMS used, performance metrics, and coding standards.
• User experience (UX) analysis: This evaluates how easy and enjoyable it is for
users to navigate and use the website.
• Content analysis: This examines the website's content, including its quality,
relevance, and alignment with user needs.
• SEO analysis: This focuses on how well the website is optimized for search
engines and potential improvements in its ranking.
• Security analysis: This assesses the website's security measures and identifies
potential vulnerabilities.

5. Abstract:
• This analysis delves into www.technotaught.com, an educational website offering
tutorials and resources on various technology-related topics. It explores the
website's purpose in facilitating learning, inspiration, problem-solving, and
community building within the tech sphere.
• The study identifies the technologies utilized, including the Content Management
System (CMS), programming language, database, web server, and plugins.
• Practical demonstrations illustrate website scanning, vulnerability assessment,
and traffic analysis methods using tools like Nmap, Nessus, and Tcpdump.
• Recommendations encompass automated vulnerability scanners, web application
scanners, security headers analysis, web application firewalls (WAFs), manual
security testing, CMS scanners, and continuous monitoring solutions to fortify
security and performance.
• This analysis aims to enhance understanding of website analysis techniques,
aiding in the protection and optimization of web-based platforms.

6. Objective:
• The objective of the research is to analyze the website www.technotaught.com,
focusing on its purpose, target audience, categories, and the technologies used.
• Additionally, the research aims to provide insights into the website's use cases,
such as learning, inspiration, problem-solving, community building, and
professional development.
• Furthermore, the research includes a detailed examination of the technologies
utilized by the website, ranging from the Content Management System (CMS) to
programming languages, plugins, and hosting services.
• The practical demonstration section outlines various methods and tools for
website scanning, along with recommendations for improving website security
and mitigating vulnerabilities.
• Overall, the research aims to provide a comprehensive understanding of
www.technotaught.com and offer actionable insights for enhancing its
functionality, user experience, and security posture.

7. I have divided my website analysis into 3 parts:
I. Research:
• In-depth exploration of the website's purpose, audience, and categories.
• Analysis of its functionalities in learning, inspiration, problem-solving,
community building, and professional development.
II. Data Collection:
• Comprehensive overview of the technologies employed on the website.
• Examination of the Content Management System (CMS), programming
languages, plugins, and hosting services utilized.
III. Practical Demonstration:
• Utilization of various tools for information gathering, vulnerability
scanning, web application scanning, content discovery, and website traffic
analysis.
• Recommendations for improving website security and performance based
on practical findings.

8. I. Research
Website Used:
The website analyzed is www.technotaught.com.

9. Use of this website:
• Learning: The website seems to offer tips and tricks across various
subjects, potentially serving as a learning resource for individuals seeking
information on technology, business, the internet, web development, graphic
design, and marketing.
• Inspiration: By showcasing various projects and ideas, the website could inspire
users to explore new creative or technical endeavors.
• Problem-solving: Articles and tutorials might provide users with solutions to
specific challenges they encounter in their personal or professional lives.
• Community building: The website has a comment section or forum, it could
facilitate discussions and build a community of like-minded individuals.
• Professional development: The website offer resources or insights relevant to
various professions, particularly those related to technology and design.

10. Purpose:
1. Education and Learning:
• Technotaught.com offers a wide range of
tutorials, articles, and resources on various
technology, business, and internet-related topics.
• These resources cater to individuals of all skill
levels, from beginners seeking basic introductions to more
advanced users looking to deepen their knowledge.
• The website aims to be a comprehensive learning platform
where users can acquire new skills, stay updated on the
latest trends, and solve problems they encounter in their
personal or professional lives.
2. Inspiration and Creativity:
• Technotaught.com showcases various projects, ideas, and
use cases across different domains.
• This can inspire users to explore new possibilities,
experiment with different tools and techniques, and
unleash their own creativity.
• The website can serve as a springboard for individuals
looking to start new projects, learn new skills, or simply
get motivated by seeing what others have achieved.

11. 3. Community Building and Networking:
• While I cannot directly access the website's
features, some sources suggest that Technotaught.com
may have a comment section or forum where users can
interact and engage with each other.
• This can foster a sense of community among users with
similar interests, allowing them to share knowledge, ask
questions, and learn from each other's experiences.
• It can also create opportunities for collaboration and
networking, potentially leading to new
projects, partnerships, or career opportunities.
4. Professional Development:
• The website's content can be valuable for professionals
looking to stay updated on the latest trends and
technologies in their fields.
• Articles and tutorials on web development, graphic
design, marketing, and other relevant topics can help
individuals enhance their skills, improve their
professional profiles, and stay competitive in the job
market.

12. Category:
I. Primary Category:
Educational Website:
• Focus: Providing tutorials, articles, and resources on
diverse technology, business, and internet-related topics.
• Examples: Learning web development
skills, understanding SEO best practices, mastering
Photoshop tools, starting a small business online.
• Target Audience: Individuals of all skill levels seeking to
learn, improve existing skills, or acquire new ones.
II. Secondary Categories:
1. Technology Blog:
• Focus: Regularly publishing articles on new
technologies, trends, and tools in the tech world.
• Examples: Latest software releases, emerging cloud
computing solutions, advancements in artificial
intelligence, cybersecurity updates.
• Target Audience: Tech enthusiasts, professionals looking
to stay updated, individuals curious about the ever-
evolving tech landscape.

13. 2. DIY Resource:
• Focus: Offering step-by-step guides and instructions for
completing various projects.
• Examples: Building a website, creating graphic
designs, setting up a home network, fixing common
computer problems.
• Target Audience: Individuals who enjoy hands-on
projects, want to learn by doing, and appreciate practical
problem-solving approaches.
3. Professional Development Tool:
• Focus: Sharing content relevant to various
professions, helping individuals enhance their skillsets and
stay competitive.
• Examples: Web development tutorials for
developers, marketing tips for entrepreneurs, graphic
design techniques for creative professionals.
• Target Audience: Professionals aiming to upskill, expand
their knowledge base, and stay relevant in their respective
fields.

14. II. Data Collection
Technologies used by this website:
1. Content Management System (CMS): WordPress
• A Content Management System (CMS) is a software application that helps users
create, manage, and publish content on a website or web application. It provides
a user-friendly interface, eliminating the need for extensive coding knowledge,
and streamlines the content lifecycle. Think of it as a central hub where you can
easily edit text, upload images, add videos, and organize various elements of
your website without directly working with complex code.
WordPress as a Content Management System (CMS) Technology
• WordPress is a free and open-source CMS, making it one of the most popular
choices for building and managing websites worldwide. Its user-friendly
interface and vast ecosystem of plugins and themes empower users with varying
technical skills to create diverse websites, from simple blogs to complex e-
commerce platforms.

15. 2. Blogs : WordPress
WordPress remains a popular choice for bloggers due to its ease of use, flexibility,
customization options, and extensive ecosystem of themes and plugins. Whether
you're a hobbyist blogger, professional writer, or business owner, WordPress
provides a powerful platform for creating and managing your blog effectively.
3. Programming languages: PHP(8.0.29)
PHP 8.0.29 serves as a dependable foundation for WordPress websites, enabling
them to deliver dynamic, interactive, and secure user experiences. By leveraging
the stability and security of PHP 8.0.29, WordPress developers can build robust
websites that meet the demands of modern web standards while prioritizing
performance, reliability, and user security.
4. Database: MySQL
WordPress, being built on PHP, typically uses MySQL as its default database
backend. MySQL is a widely-used open-source relational database management
system known for its reliability, performance, and ease of use. It's highly
compatible with PHP and provides robust support for storing and retrieving data,
making it an ideal choice for dynamic content management systems like WordPress.

16. 5. WordPress plugins: Yoast SEO
Yoast SEO is a comprehensive and user-friendly WordPress plugin that empowers
website owners to improve their search engine rankings, increase organic traffic,
and enhance the overall visibility and performance of their WordPress sites. Its
intuitive interface, powerful features, and continuous updates make it an essential
tool for anyone serious about SEO optimization on WordPress.
6. Web servers: LiteSpeed
LiteSpeed web server is a powerful and feature-rich solution for hosting WordPress
websites. Its combination of speed, scalability, compatibility, and security makes it
an attractive choice for WordPress users seeking to optimize their website
performance and deliver an exceptional user experience to their visitors.
7. SEO: Yoast SEO
Yoast SEO is a powerful tool for optimizing WordPress websites for search engines.
It offers a wide range of features and tools to improve on-page SEO, analyze
content, and enhance overall website performance in search engine results. Its user-
friendly interface, comprehensive features, and regular updates make it a valuable
asset for website owners looking to improve their search engine rankings and attract
more organic traffic.

17. 8. Caching: LiteSpeed Cache
LiteSpeed Cache is a feature-rich caching plugin that offers comprehensive caching
and optimization solutions for WordPress websites hosted on LiteSpeed web
servers. By leveraging its caching features, optimization tools, and integration
capabilities, website owners can significantly improve website performance,
enhance user experience, and achieve faster page load times.
9. Performance: Priority Hints
Priority Hints is a web performance optimization technique that allows developers
to provide hints to the browser about the importance or priority of certain resources.
Therefore, to implement Priority Hints in a WordPress website, custom
development or the use of plugins would be required. Priority Hints can be a
valuable optimization technique for improving website performance, its
implementation in WordPress may require custom development or the use of
specialized plugins.
10. Advertising: Google AdSense
Google AdSense offers website owners and publishers an effective way to monetize
their online content through targeted advertising. It's one of the most popular and
widely-used advertising networks worldwide, offering a simple and effective way
for website owners to monetize their online content. By displaying relevant ads to
their audience and optimizing ad placements, publishers can generate revenue and
support their online activities while providing value to their visitors.

18. 11. JavaScript libraries:
JavaScript libraries play a crucial role in enhancing the functionality and
interactivity of websites. In the context of WordPress, these JavaScript libraries can
be integrated into themes or plugins to enhance the user experience and add
interactive features to WordPress websites. Here are some mentioned libraries in the
website:
• Swiper: Swiper is a powerful and flexible JavaScript library for creating
responsive, touch-enabled sliders and carousels. It's commonly used for creating
image galleries, product sliders, and other dynamic content presentations. Swiper
offers a wide range of customization options, including navigation controls,
pagination, autoplay, and multiple slide effects.
• jQuery Migrate 3.4.1: jQuery Migrate is a JavaScript library that helps maintain
compatibility between older versions of jQuery and newer versions or browser
environments. It provides warnings and compatibility fixes for deprecated
features or changes in jQuery, allowing websites to smoothly transition to newer
versions without breaking existing functionality.
• jQuery 3.7.1: jQuery is a fast, lightweight, and feature-rich JavaScript library
that simplifies HTML document traversing, event handling, animation, and
AJAX interactions. It's widely used in web development for its ease of use,
cross-browser compatibility, and extensive plugin ecosystem. jQuery simplifies
tasks like DOM manipulation, event handling, and asynchronous HTTP requests,
making it a popular choice for building interactive and dynamic websites.

19. 12. Hosting: Hostinger
Hostinger is a web hosting company that provides a range of hosting services
tailored to meet the needs of individuals, small businesses, and developers.
Hostinger is known for its affordable hosting plans, user-friendly interface, and
reliable performance. Whether you're a beginner looking to launch your first
website or an experienced developer in need of robust hosting solutions, Hostinger
offers a range of hosting options to suit different needs and budgets.
13. Miscellaneous:
• RSS (Really Simple Syndication): WordPress automatically generates RSS
feeds for various types of content, including blog posts, comments, categories,
tags, and custom post types. These RSS feeds allow users to subscribe to updates
from WordPress websites using feed readers or aggregators. Users can stay
informed about new content without visiting the website directly, making RSS
feeds a convenient way to consume information.
• Open Graph: Open Graph meta tags are crucial for optimizing how WordPress
content appears when shared on social media platforms like Facebook, Twitter,
LinkedIn, and others. WordPress supports the integration of Open Graph meta
tags through plugins or themes. By adding Open Graph tags to WordPress pages
and posts, website owners can control the title, description, image, and other
metadata that appears when their content is shared on social media. This ensures
that shared content looks visually appealing and informative, potentially
increasing engagement and traffic from social media referrals.

20. • HTTP/3 in WordPress: HTTP/3 is the latest version of the Hypertext Transfer
Protocol (HTTP), offering improved performance, security, and efficiency
compared to previous versions. While WordPress core itself doesn't dictate the
usage of HTTP/3, its adoption depends on server support and configuration.
Some hosting providers may offer HTTP/3 support as part of their server setups,
allowing WordPress websites to leverage the benefits of the protocol. However,
users should check with their hosting provider to ensure HTTP/3 compatibility
and enablement.
14. Live chat: WhatsApp Business Chat
Integrating WhatsApp Business Chat into a website allows businesses to provide
real-time support and communication with their customers directly through the
popular messaging platform. By integrating WhatsApp Business Chat into their
website, businesses can provide personalized, efficient, and convenient
communication channels for their customers, ultimately enhancing the overall
customer experience and driving business growth.

21. III. Practical Demonstration
1. Information Gathering:
I have use three tools for information gathering are as follows:
i. Nmap: Scanning for open ports and services on the website's server.
ii. Whois: Gathering information about the website's domain ownership
and registration.
iii. DNSdumpster: Extracting subdomains, related domains, and historical
records.

22. i. Nmap: Scanning for open ports and services on the website's server.
Step 1: Open Nmap in Windows.
Step 2: In Target typing my website IP Address and Choose profile Intense Scan.

24. As you can see there are 4 open ports which are 21, 80, 443 and 3306.
Each open port serves a specific purpose and is essential for enabling various
services and functionalities on the server. Here's why each of the mentioned ports is
important to keep open:
 Port 21 (TCP):
Port 21 is used for FTP (File Transfer Protocol) connections, which facilitate the
transfer of files between a client and a server. Keeping port 21 open is essential for
enabling FTP access to the server, allowing users to upload, download, and manage
files stored on the server. FTP is commonly used for website maintenance, software
distribution, and file sharing purposes.
 Port 80 (TCP):
Port 80 is used for HTTP (Hypertext Transfer Protocol) connections, which
facilitate the transfer of unencrypted data between web servers and clients. Keeping
port 80 open is essential for serving web content, such as websites, web
applications, and APIs, to users accessing the server via standard HTTP
connections. Port 80 is commonly used for hosting websites and delivering web-
based services to users.

25.  Port 443 (TCP):
Port 443 is used for HTTPS (Hypertext Transfer Protocol Secure) connections,
which encrypt data transmitted between web servers and clients using SSL/TLS
encryption. Keeping port 443 open is crucial for securing web traffic, protecting
sensitive information, and ensuring the confidentiality and integrity of data
exchanged over HTTPS connections, such as login credentials, personal
information, and financial transactions.
 Port 3306 (TCP):
Port 3306 is used for MySQL database connections, enabling clients to establish
connections with the MySQL database server for data storage, retrieval, and
manipulation. Keeping port 3306 open is necessary for applications and services
that rely on MySQL databases, such as content management systems (e.g.,
WordPress), e-commerce platforms, and web applications. It allows seamless
communication between the application and the MySQL database backend.

26. ii. Whois: Gathering information about the website's domain ownership and
registration.
Step 1: Visit website whois.com
Step 2: Type your domain name in the box

27. Here you can see Domain Information and Registrant Contract.

28. iii. DNSdumpster: Extracting subdomains, related domains, and historical records.
Step 1: Visit website https://dnsdumpster.com
Step 2: Type your domain name in the box

29. Here you can see DNS Servers, MX Records and TXT Records
Host Records:

30. 2. Vulnerability Scanning:
I have use two tools for vulnerability scanning are as follows:
i. Nessus: A powerful commercial scanner offering extensive vulnerability
detection.
ii. Nikto: Scan for common vulnerabilities in web applications.

31. i. Nessus: A powerful commercial scanner offering extensive vulnerability
detection.
Here I have done Basic Network Scan

32. There is one major vulnerability in this website

33. The vulnerability we found is SSL Medium Strength Cipher Suites Supported
(SWEET32).
 Description:
The remote host is configured to allow SSL ciphers that provide encryption of
medium strength, as classified by Nessus. Medium strength encryption, according
to Nessus, encompasses encryption methods with key lengths ranging from at least
64 bits to less than 112 bits. Additionally, it includes the use of the 3DES
encryption suite. Note that it is considerably easier to circumvent medium strength
encryption if the attacker is on the same physical network.
 Solution:
Reconfigure the affected application if possible to avoid use of medium strength
ciphers. Reconfiguring an application to avoid medium-strength ciphers is a crucial
security step, but it requires specific knowledge and access to the application's
configuration settings. Here's a breakdown of the process:
 Understanding the Issue:
• Medium-strength ciphers offer less encryption compared to stronger
alternatives, making them more vulnerable to decryption attempts. This can
compromise sensitive data transmitted between the application and users.

34.  Reconfiguration Steps (General Approach):
• Identify the affected application: Determine which application or service is
using medium-strength ciphers. This information might be provided in the
security vulnerability report or through system logs.
• Access configuration settings: Depending on the application, you might need to
access administrative or developer settings panels to modify encryption settings.
• Locate cipher options: Look for options related to ciphers, encryption
protocols, or security settings within the configuration menu.
• Disable medium-strength ciphers: Identify and disable the options that enable
medium-strength ciphers (e.g., DES, 3DES, RC4).
• Enable strong ciphers: Choose and enable ciphers considered strong and secure
according to current security standards (e.g., AES-256, TLS 1.3).
• Test and verify: After making changes, thoroughly test the application
functionality to ensure no unexpected issues arise due to the cipher
modifications.

35. ii. Nikto: Scan for common vulnerabilities in web applications.
Open Terminal and
type “nikto –host https://technotaught.com/ -ssl”

36.  Identified Issues:
• Missing security headers:
• X-Frame-Options: Protects against clickjacking attacks.
• Strict-Transport-Security (HSTS): Enforces HTTPS connections.
• X-Content-Type-Options: Mitigates potential MIME type sniffing
vulnerabilities.
• Uncommon headers:
• x-litespeed-cache: Indicates LiteSpeed web server caching.
• platform: Reveals the hosting provider (Hostinger).
• x-redirect-by: Suggests potential WordPress usage (uncertain).
• Potentially vulnerable configurations:
• Content-Encoding: deflate: Might be susceptible to the BREACH attack
(requires further investigation).
• Server leaks inodes via ETags: Might expose server information (needs
evaluation).
• TLS negotiation failure: The scan encountered an error while establishing a
secure connection.
Overall, the scan highlights several areas for improvement in
technotaught.com's security posture.

37.  Recommendations:
• Implement missing security headers: Add X-Frame-Options, HSTS, and X-
Content-Type-Options headers with appropriate directives to enhance website
security.
• Evaluate uncommon headers: Investigate the purpose and potential security
implications of the identified uncommon headers.
• Address potential vulnerabilities: Investigate the possibility of BREACH
attack susceptibility and server information leakage through ETags. Consider
patching or mitigating these vulnerabilities if applicable.
• Investigate TLS negotiation failure: Analyze the cause of the TLS error and
ensure a secure connection can be established.

38. 3. Web Application Scanning:
I have use one tools for web application scanning which is owasp zap.
OWASP ZAP: Open-source web application security scanner with a user-friendly
interface.
Open zap in kali linux and type domain and click on attack

39. So I have generate a report of this you can see this report here:
https://drive.google.com/file/d/1YctzrObsD0c3UhoH2OHRpoBdnG_pzlbq/view?usp=
sharing
One major Vulnerability in this website which is PII Disclosure.
 Description: The response contains Personally Identifiable Information, such as CC
number, SSN and similar sensitive data.

40.  Solution:
To check the response for the potential presence of personally identifiable
information (PII) and ensure that nothing sensitive is leaked by the website, you
need to perform a thorough review of the website's content and functionality. Here
are steps you can take to accomplish this:
i. Review Web Pages:
• Manually inspect each web page of the website, including homepage,
contact page, registration forms, user profiles, checkout pages, etc.
• Look for fields or sections where users might input PII, such as names,
email addresses, phone numbers, addresses, birthdates, social security
numbers, or financial information.
ii. Check Form Fields:
• Inspect any forms present on the website (e.g., registration forms, contact
forms, payment forms) to ensure that they do not request unnecessary or
sensitive information.
• Verify that form submissions are handled securely, with proper encryption
and validation to prevent data leakage or tampering.
iii. Examine URLs and Parameters:
• Analyze URLs and query parameters for any sensitive information that
might be exposed, such as session IDs, user IDs, or tokens.
• Ensure that sensitive data is not included in URLs or transmitted in
plaintext.

41. iv. Inspect Cookies:
• Review cookies set by the website to ensure they do not contain sensitive
information, such as user identifiers or authentication tokens.
• Check for the presence of HTTP-only and Secure flags to enhance cookie
security.
v. Evaluate Response Headers:
• Examine HTTP response headers for any sensitive information that might be
exposed, such as server versions, technology stack details, or debugging
information.
• Ensure that headers do not leak unnecessary information that could be
exploited by attackers.
vi. Test Authentication Mechanisms:
• If the website requires user authentication, test the login and registration
processes to ensure they are secure and do not leak sensitive information
during authentication or password reset procedures.
vii. Check Error Handling:
• Review error messages and response codes returned by the website to
ensure they do not disclose sensitive information or reveal details about the
website's internal structure or configuration.
viii. Evaluate Third-party Integrations:
• Assess any third-party scripts, plugins, or APIs integrated into the website
for potential security risks or data leakage issues.

42. ix. Implement Security Headers and Practices:
• Consider implementing security headers, such as Content Security Policy
(CSP), X-Content-Type-Options, X-Frame-Options, and X-XSS-Protection,
to mitigate various security risks, including data leakage and injection
attacks.
By following these steps and conducting a comprehensive review of the website's
content, functionality, and security practices, you can identify and address any
potential issues related to the presence of personally identifiable information (PII)
and ensure that sensitive information is not leaked by the website.

43. 4. Content Discovery and Analysis:
I have use two tools for content discovery and analysis which are:
i. Gobuster: Brute-force directory and file enumeration with wordlists.
ii. EyeWitness: Capture screenshots of various web pages for manual analysis.

44. i. Gobuster: Brute-force directory and file enumeration with wordlists.
a. Here is the command to look for URLs with the common wordlist.
“gobuster dir -u 154.41.233.134:80 –w /usr/share/wordlists/dirb/common.txt”
And here is the result. We can see that there are some exposed files in the
www.technotaught.com website.

45. b. If we want to look just for specific file extensions, we can use the -x flag. Here is
a sample command to filter images:
“gobuster dir -u 154.41.233.134:80 -w /usr/share/wordlists/dirb/common.txt -x
jpg,png,jpeg”

46. c. You can use DNS mode to find hidden subdomains in a target domain. For
example, if you have a domain named mydomain.com, sub-domains like
admin.mydomain.com, support.mydomain.com, and so on can be found using
Gobuster. Here is a sample command to find hidden subdomains:
“gobuster dns –d technotaught.com –w /usr/share/wordlists/dirb/common.txt”

47. ii. EyeWitness: Capture screenshots of various web pages for manual analysis.
Here is the command to screenshot web pages:
Output:

48. Output:

49. 5. Website Traffic Analysis:
I have use two tools for website traffic analysis which are:
i. Tcpdump: Capture and analyze network traffic to and from the website.
ii. Wireshark: Analyze captured network traffic for insights into website
communication.

50. i. Tcpdump: Capture and analyze network traffic to and from the website.
Open Terminal and type this command
“sudo tcpdump -i eth0 -w ~/Desktop/technotaught_traffic.pcap host
www.technotaught.com”
This command utilizes the tcpdump tool to capture network traffic on the eth0
interface of the system. It filters the captured traffic to include only packets that
involve communication with the host www.technotaught.com. The captured packets
are then saved to a file named technotaught_traffic.pcap, located on the desktop
(~/Desktop) of the current user. The use of sudo ensures that the command is
executed with administrative privileges, allowing access to the network interface
for packet capture. Overall, the command captures traffic specifically related to
interactions with the website www.technotaught.com and stores it in a packet
capture file for further analysis. Once you've stopped the capture, you can view the
captured traffic using tcpdump or other packet analysis tools like Wireshark.

51. ii. Wireshark: Analyze captured network traffic for insights into website
communication.
Open that file in wireshark which you have captured from tcpdump.

52.  Observations:
• The capture seems to involve a client device (10.0.2.15) communicating with a
server (154.41.233.134) using the HTTPS protocol (port 443).
• The communication starts with a TLSv1.3 handshake (lines 1-10), which is a
secure communication protocol used to establish encryption between the client
and server.
• Following the handshake, there's an exchange of data packets between the client
and server. These packets likely contain the website content being requested and
the server's response.

53.  Specific Events (lines 1-18):
• Lines 1-2: The client sends an initial packet to the server (likely a SYN packet to
initiate the connection).
• Lines 3-4: The server responds with a SYN-ACK packet, acknowledging the
connection request and sending its synchronization information.
• Lines 5-6: The client sends an ACK packet, acknowledging the server's response,
and the connection is established.
• Lines 7-10: The client and server perform a TLS handshake to establish a secure
connection.
• Lines 11-14: The client sends multiple packets to the server, likely containing the
website request data.
• Lines 15-18: The server acknowledges receiving the client's data and sends its
response packets (potentially containing the website content).

54. Recommendations
Available Methods and Tools for Website Scanning:
1. Automated Vulnerability Scanners:
Utilize automated vulnerability scanning tools such as:
• OpenVAS: An open-source vulnerability scanner that offers similar
capabilities to Nessus.
• Nexpose: A vulnerability management solution that provides scanning,
prioritization, and remediation recommendations.
2. Web Application Scanners:
Employ web application scanners to identify vulnerabilities specific to web
applications:
• Netsparker: An automated web application security scanner that
detects SQL injection, cross-site scripting (XSS), and other
vulnerabilities.
• Acunetix: A web vulnerability scanner that performs comprehensive
security assessments of web applications, including JavaScript-heavy
applications and single-page applications.

55. 3. Security Headers Analysis:
Use tools to analyze security headers and configuration:
• SecurityHeaders.com: A free online tool that evaluates the security
headers of a website and provides recommendations for improvement.
• Mozilla Observatory: A web-based tool that assesses a website's
security posture, including security headers, encryption protocols, and
more.
4. Web Application Firewalls (WAFs):
Implement WAFs to protect against common web application attacks:
• ModSecurity: An open-source WAF module that protects web
applications from various attacks, including SQL injection and cross-
site scripting.
• Cloudflare WAF: A cloud-based WAF service that provides protection
against OWASP Top 10 vulnerabilities and other threats.
5. Manual Security Testing:
Conduct manual security testing to complement automated scanning:
• Burp Suite: A popular toolkit for web application security testing,
including manual testing, automated scanning, and vulnerability
verification.

56. 6. Content Management System (CMS) Scanners:
If the website is built on a CMS platform, use CMS-specific scanners to
identify vulnerabilities:
• WPScan: A WordPress vulnerability scanner that checks for security
issues in WordPress installations, themes, and plugins.
• JoomScan: A Joomla vulnerability scanner that identifies security
vulnerabilities in Joomla-based websites.
7. Continuous Monitoring and Reporting:
Implement continuous monitoring solutions to detect and respond to new
vulnerabilities:
• Security Information and Event Management (SIEM) Systems:
Aggregate security event logs and provide real-time analysis and
reporting.
• Vulnerability Management Platforms: Automate vulnerability
assessment, prioritize risks, and generate reports for remediation
efforts.
By leveraging these methods and tools for website scanning, organizations can
effectively identify and mitigate security vulnerabilities, enhance their security
posture, and protect sensitive data from potential cyber threats. Regular scanning
and proactive security measures are essential for maintaining a robust and
resilient web infrastructure.

57. Conclusion
In conclusion, the analysis of www.technotaught.com reveals its diverse
utility as an educational platform, inspirational resource, problem-solving
hub, community-building space, and professional development tool.
Leveraging WordPress as its CMS and a suite of complementary
technologies such as PHP, MySQL, Yoast SEO, and LiteSpeed, the
website caters to a broad audience seeking knowledge and practical
guidance across various domains.
Recommendations for enhancing its security posture through automated
vulnerability scanners, web application scanners, security headers
analysis, WAFs, manual security testing, CMS-specific scanners, and
continuous monitoring underscore the importance of proactive security
measures in maintaining a robust web presence.
Overall, www.technotaught.com exemplifies the value of leveraging
technology to empower users in their learning, creativity, and
professional endeavors while prioritizing security and community
engagement.

58. References
https://www.youtube.com/watch?v=alJLui61v2Y&ab_chann
el=TechieQA
https://www.freecodecamp.org/news/gobuster-tutorial-find-
hidden-directories-sub-domains-and-s3-buckets/
https://www.youtube.com/watch?v=q3EleG1_5so&ab_chan
nel=CyberNation1
https://null-byte.wonderhowto.com/how-to/scan-for-
vulnerabilities-any-website-using-nikto-0151729/
https://www.tenable.com/blog/how-to-run-your-first-
vulnerability-scan-with-nessus

59. Thank You!!