Hacking involves modifying systems outside of their intended purpose. It is commonly done by teenagers and young adults using computers. Reasons for hacking include profit, protest, and challenge. Hacking can damage information, enable theft, compromise systems, and cost businesses millions per year. Hackers can be black hats who intend harm, white hats who perform security work, or gray hats who do both. Common attack types include DoS, password guessing, and man-in-the-middle. Hacking tools are widely available online, and passwords can be cracked using dictionary, brute force, and other attacks.
+ Background & Basics of Web App Security, The HTTP Protocol, Web.
+ Application Insecurities, OWASP Top 10 Vulnerabilities (XSS, SQL Injection, CSRF, etc.)
+ Web App Security Tools (Scanners, Fuzzers, etc), Remediation of Web App
+ Vulnerabilities, Web Application Audits and Risk Assessment.
Web Application Security 101 was conducted by:
Vaibhav Gupta, Vishal Ashtana, Sandeep Singh from Null.
Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system, application, or data. This presentation covers the following topics:
1. What is Ethical hacking
2. Goals of of ethical hacker
3. Why do we need of ethical hacker
4. Types of ethical hacker
5. Advantages of of ethical hacker
6. Disadvantages of ethical hacker
7. Phases of of ethical hacker
+ Background & Basics of Web App Security, The HTTP Protocol, Web.
+ Application Insecurities, OWASP Top 10 Vulnerabilities (XSS, SQL Injection, CSRF, etc.)
+ Web App Security Tools (Scanners, Fuzzers, etc), Remediation of Web App
+ Vulnerabilities, Web Application Audits and Risk Assessment.
Web Application Security 101 was conducted by:
Vaibhav Gupta, Vishal Ashtana, Sandeep Singh from Null.
Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system, application, or data. This presentation covers the following topics:
1. What is Ethical hacking
2. Goals of of ethical hacker
3. Why do we need of ethical hacker
4. Types of ethical hacker
5. Advantages of of ethical hacker
6. Disadvantages of ethical hacker
7. Phases of of ethical hacker
This presentation includes 60+ slides that mainly deals with three Computer Security aspects i.e
1. Security Attacks and Threats
2. Security Services
3. Security Mechanisms
Along with that we've also includes Security Awareness and Security Policies
Introduction
What is Cyber Crime?
Computer crime, or cybercrime, is crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target.
What is Cyber Security?
C
yber security, also known as computer security or IT security, is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection and due to malpractice by operators,whether intentional, accidental, or due to them being tricked into deviating from secure procedures.
The field is of growing importance due to the increasing reliance on computer systems in most societies and the growth of "smart" devices,including smartphones, televisions and tiny devices as part of the Internet of Things – and of the Internet and wireless network such as Bluetooth and Wi-Fi.
Some organizations are turning to big data platforms, such as Apache Hadoop, to extend data accessibility and machine learning to detect advanced persistent threats.
Vulnerabilities and Attacks
Vulnerability is a system susceptibility or flaw, and much vulnerability are documented in the Common Vulnerabilities and Exposures (CVE) database and vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities as they are discovered.
An exploitable vulnerability is one for which at least one working attack or "exploit" exists.
To secure a computer system, it is important to understand the attacks that can be made against it, and these threats can typically be classified into one of the categories below.
This presentation includes 60+ slides that mainly deals with three Computer Security aspects i.e
1. Security Attacks and Threats
2. Security Services
3. Security Mechanisms
Along with that we've also includes Security Awareness and Security Policies
Introduction
What is Cyber Crime?
Computer crime, or cybercrime, is crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target.
What is Cyber Security?
C
yber security, also known as computer security or IT security, is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection and due to malpractice by operators,whether intentional, accidental, or due to them being tricked into deviating from secure procedures.
The field is of growing importance due to the increasing reliance on computer systems in most societies and the growth of "smart" devices,including smartphones, televisions and tiny devices as part of the Internet of Things – and of the Internet and wireless network such as Bluetooth and Wi-Fi.
Some organizations are turning to big data platforms, such as Apache Hadoop, to extend data accessibility and machine learning to detect advanced persistent threats.
Vulnerabilities and Attacks
Vulnerability is a system susceptibility or flaw, and much vulnerability are documented in the Common Vulnerabilities and Exposures (CVE) database and vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities as they are discovered.
An exploitable vulnerability is one for which at least one working attack or "exploit" exists.
To secure a computer system, it is important to understand the attacks that can be made against it, and these threats can typically be classified into one of the categories below.
2. So…what is hacking?
• Hacking is the practice of modifying the features of a
system, in order to accomplish a goal outside of the
creator's original purpose.
(http://whatishacking.org/)
• Computer hacking
– is the practice of modifying computer hardware and
software to accomplish a goal outside of the creator’s
original purpose.
– is most common among teenagers and young adults
(http://www.wisegeek.org/what-is-computer-hacking.htm)
3. Why hack?
• Profit
– Information can be sold
– Information can be used to steal
• Protest
– Eg. Hactivism: a hacktivist is someone whom utilizes
technology to announce a social, ideological, religious, or
political message
• Challenge
– Fun, problem-solving skill, the thrill of power
4. Why hack? Some examples…
• Hackers want to
– use the victim’s computer to store illicit materials
i.e pirated software, pornography, etc.
– steal the victim’s personal information in order to
access accounts or the accounts of the website
visitors. The data can be used to gain access to
important databases; billing, merchant accounts,
etc.
5. Why hack? Some examples…
• Hackers want to
– set-up fake ecommerce sites to access credit card
details; gain entry to servers that contain credit
card details and other forms of credit card fraud
– spy on friends, family, co-workers for personal
reasons
– revenge
(http://www.website-guardian.com/why-do-hackers-hack-websites-va-5.html)
6. Effects of hacking
• Damage to information
• Theft of information
– Credit card details, social security numbers, identity fraud,
email addresses
• Compromise/damage of systems
• Use of victim machines as “zombies”
Hacking attacks cost large businesses an average of about
$2.2 million per year (Symantec 2010 State of Enterprise Security
Study)
7. Effects of hacking
• Businesses may suffer from damaged reputations
and lawsuits
• Business secrets could be stolen and sold to
competitors
• Computing system/infrastructure could suffer from
performance degrading as the resources used for
malicious activities
In an education institution, hacking can cause damage to the institution’s
credibility/reputation ie. If examination system is compromised and
sensitive data tampered
8. A hacker…
Can fall into one of these types:
• Black hats
Individuals with good computing knowledge, abilities and
expertise but with the intentions and conducts to cause
damage on the systems they attack
Also known as crackers
• White hats
Individuals with good hacking skills
They perform defensive activities against hacking
Also known as security analysts
9. A hacker…
• Gray hats
Individuals that perform both offensive and defensive
hacking activities
• Suicide hackers
Individuals whom want to fail a computing system for a
personal ‘reason’ or ‘cause’
Not worried about the serious consequences that they may
have to face as a result of their damaging activities i.e being
jailed for many years
10. Types of attacks …
• DoS/DDoS Attacks
• Password Guessing Attacks
• Man-in-the-Middle Attacks
• Identity Spoofing
• Interception
• Eavesdropping
• Backdoor Attacks
… and many more!
11. How to hack?…
Many of the hacking tools
and guides are available on
the Internet
BackTrack is a Linux distro
with many tools; Metasploit,
Aircrack-ng, Nmap,
Ophcrack, Wireshark, Hydra
and many many more!
The real reasons for
BackTrack development are
for digital forensics and
penetration testing
12. How to hack?…some examples
System Hacking; Keyloggers, password
cracking
Trojans
Viruses
Sniffers
Social Engineering
Denial of Service
SQL Injection
13. How to hack?…some examples
Password cracking - dictionary attacks, brute
forcing attacks, hybrid attacks, syllable
attacks and rule-based attacks
Other types of password cracking attacks –
shoulder surfing, social engineering,
dumpster diving, wire sniffing, Man-in-the-
Middle, password guessing, keylogger
There are also other types of hacking that I came across; brain hacking, biohackingSince the word “hack” has long been used to describe someone who is incompetent at his/her profession, some hackers claim this term is offensive and fails to give appropriate recognition to their skills.Many hackers are true technology buffs who enjoy learning more about how computers work and consider computer hacking an “art” form. After this, the term hacking in this presentation is relevant to computer hacking only