SlideShare a Scribd company logo

Soham web security

Download as PPTX, PDF
Soham Sengupta
Soham Sengupta

Basic technical handbook to stay secure across Internet,

Technology
1 of 17
Surf Web Safe Soham Sengupta Web Security Unleashed CEO, Tech IT Easy Lab of Pervasive VM Computing +91 9830740684 (sohamsengupta@yahoo.com)
Topics I shall share today To Enchant you Topics I shall not harp on To kill your time 1. Possible Attacks on your system 2. Common Preventives 3. Good practice to safe-surf web 4. My own prescriptions 5. Some wonderful demonstration replicating attacks 6. Preventive mechanism A. Basic Cryptography B. Bookish Web Architectures C. Parsing it all for Linux against Microsoft D. A hell-lot-of slides to jam your brain. So, friends! May we whistle it off? sohamsengupta@yahoo.com Monday, October 13, 2014
1. Malicious Cookies 2. Malicious Free / Open Source Software 3. SQL Injection 4. Script injection (E.g. Java script) 5. Signed Applets 6. An evil browser 7. Browser Extension/ plug-in 8. Phishing 9. Pirated (Cracked) Operating System with Malicious sohamsengupta@yahoo.com Monday, October 13, 2014 3 TCP/IP stack 10.Improper and Insecure Use of USB 11. Public Network Zones (E.g. Wi-Fi zone provided by a Cafeteria )
Do not have an account here. Let me try something wicked! sohamsengupta@yahoo.com Monday, October 13, 2014 4
Login Web Service (A servlet) sohamsengupta@yahoo.com Monday, October 13, 2014 5
sohamsengupta@yahoo.com Monday, October 13, 2014 6
anyPassword’ or ‘1’=‘1 Web Service Runs this SQL Select count(*) from User_Table where uid=‘Sohamsengupta’ AND pwd=‘anyPassword’ OR ‘1’=‘1’ sohamsengupta@yahoo.com Monday, October 13, 2014 7
 Applets are considered to be secure, because  They cannot access local machine’s files and other system resources  Java generally does not have access to native platform  But, Signed Applets can!  Users blindly trusts signed applets sohamsengupta@yahoo.com Monday, October 13, 2014 8
I am a good developer! I develop my good browser which will steal users’ information and …. I have made a Chrome Extension that does wicked tricks and captures your PG-info sohamsengupta@yahoo.com Monday, October 13, 2014 9
I am genius! Have cracked Microsoft Windows 8.1 . Shall distribute it free to people over Internet Wait! There’s never a free lunch! I’d modify this OS to my benefit! sohamsengupta@yahoo.com Monday, October 13, 2014 10
 Free utility software (Like, Document or Media Converters, Media Players, Live Wall papers, Games, Free Security Software etc.) are devils’ den!  They pass your data and documents to a remote server.  May impose key loggers to track your passwords and e-banking credentials sohamsengupta@yahoo.com Monday, October 13, 2014 11
 Can sniff your data transfer  Very risky if you use these Networks to connect to secure and sensitive sites  Do not use public Networks unless you must use them in urgency. sohamsengupta@yahoo.com Monday, October 13, 2014 12
 Beware of Java Script attack  Beware of Ajax service links sent in a mail  Avoid using Facebook Apps and clicking on any sort of links on a Social Networking portal such as Facebook  Be careful as you link your Gmail and Facebook to your smartphone (E.g. Android) sohamsengupta@yahoo.com Monday, October 13, 2014 13
 Use original OS and Antivirus  Use only trusted browser preferably Chrome  Activate 2-step authentication for mail, banking etc.  Always try to link more than one mails and mobile numbers for everything  Safe Facebooking sohamsengupta@yahoo.com Monday, October 13, 2014 14
 Do not use arbitrary software  Do not open mails that contain links promising a lottery  do not use Torrent downloaders  If you must use torrent, make it on a different (dual-boot at least) OS  Do not use your barcode scanner of smartphone to scan unknown QR codes sohamsengupta@yahoo.com Monday, October 13, 2014 15
 Using Open sources do not promote your social position always, free open sources can usher in serious threats!  Do not log in any where with Facebook or Gmail account. Doing so, you legally authorize some apps to post on your behalf.  Read carefully before you make a decision on web sohamsengupta@yahoo.com Monday, October 13, 2014 16
1) Phishing detection by smart phone 2) Risks on Applets 3) Malicious software development sohamsengupta@yahoo.com Monday, October 13, 2014 17

Recommended

EC-Council Hackway Workshop Presentation- Social Media Forensics
EC-Council Hackway Workshop Presentation- Social Media ForensicsEC-Council Hackway Workshop Presentation- Social Media Forensics
EC-Council Hackway Workshop Presentation- Social Media ForensicsSina Manavi
 
Computer Security
Computer SecurityComputer Security
Computer Securitysecrettub
 
Computer Ethics
Computer EthicsComputer Ethics
Computer Ethicsguestbdea62
 
Preventions of Email Hacking
Preventions of Email HackingPreventions of Email Hacking
Preventions of Email HackingUsman Khan
 
Trojan virus & backdoors
Trojan virus & backdoorsTrojan virus & backdoors
Trojan virus & backdoorsShrey Vyas
 
Ten Important Rules
Ten Important RulesTen Important Rules
Ten Important Rulesritz482
 
Internet Threats
Internet ThreatsInternet Threats
Internet ThreatsLeelet1121
 
Flips Sides of Technology
Flips Sides of TechnologyFlips Sides of Technology
Flips Sides of TechnologyAkash Mittal
 

Recommended

EC-Council Hackway Workshop Presentation- Social Media Forensics
EC-Council Hackway Workshop Presentation- Social Media ForensicsEC-Council Hackway Workshop Presentation- Social Media Forensics
EC-Council Hackway Workshop Presentation- Social Media ForensicsSina Manavi
 
Computer Security
Computer SecurityComputer Security
Computer Securitysecrettub
 
Computer Ethics
Computer EthicsComputer Ethics
Computer Ethicsguestbdea62
 
Preventions of Email Hacking
Preventions of Email HackingPreventions of Email Hacking
Preventions of Email HackingUsman Khan
 
Trojan virus & backdoors
Trojan virus & backdoorsTrojan virus & backdoors
Trojan virus & backdoorsShrey Vyas
 
Ten Important Rules
Ten Important RulesTen Important Rules
Ten Important Rulesritz482
 
Internet Threats
Internet ThreatsInternet Threats
Internet ThreatsLeelet1121
 
Flips Sides of Technology
Flips Sides of TechnologyFlips Sides of Technology
Flips Sides of TechnologyAkash Mittal
 
Hacker
HackerHacker
HackerRamasubbu .P
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and SpywaresAnkit Mistry
 
Internet security
Internet securityInternet security
Internet securityrfukunaga
 
Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual Jay Nagar
 
[EMPOWERMENT TECHNOLOGIES] - INTERNET THREATS
[EMPOWERMENT TECHNOLOGIES] - INTERNET THREATS[EMPOWERMENT TECHNOLOGIES] - INTERNET THREATS
[EMPOWERMENT TECHNOLOGIES] - INTERNET THREATSJazzyNF
 
Com 6 u1 L1 Maintaining internet safety
Com 6 u1 L1 Maintaining internet safetyCom 6 u1 L1 Maintaining internet safety
Com 6 u1 L1 Maintaining internet safetyJason Ruelo
 
Hacker&cracker
Hacker&crackerHacker&cracker
Hacker&crackerPat Ninlawan
 
Hacking
HackingHacking
Hackingyashasvisingh43
 
Internet Threats
Internet ThreatsInternet Threats
Internet ThreatsRonalyn_Cao
 
What Is A Web Browser
What Is A Web BrowserWhat Is A Web Browser
What Is A Web Browserkevpatel
 
Online Safety, Security, Ethics, and Netiquette - Empowerment Technologies
Online Safety, Security, Ethics, and Netiquette - Empowerment TechnologiesOnline Safety, Security, Ethics, and Netiquette - Empowerment Technologies
Online Safety, Security, Ethics, and Netiquette - Empowerment TechnologiesMark Jhon Oxillo
 
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Esteban Bedoya
 
Hackers secrets
Hackers secretsHackers secrets
Hackers secretsTengku Maulana
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crimezahid_ned
 
Online safety and security
Online safety and securityOnline safety and security
Online safety and securityjovellconde1
 
Year 7 - Week 5 esafety
Year 7 - Week 5 esafetyYear 7 - Week 5 esafety
Year 7 - Week 5 esafetyteachesict
 
Internet PC Security by Khalil Jubran Mindspring Networks
Internet PC Security by Khalil Jubran Mindspring Networks Internet PC Security by Khalil Jubran Mindspring Networks
Internet PC Security by Khalil Jubran Mindspring Networks Khalil Jubran
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDmitriy Scherbina
 
Internet threats
Internet threatsInternet threats
Internet threatsAngelicaMaliwat
 
10 most important cyber security tips for your users
10 most important cyber security tips for your users10 most important cyber security tips for your users
10 most important cyber security tips for your usersSimpliv LLC
 
Trabajo manuel
Trabajo manuelTrabajo manuel
Trabajo manuelHector Manuel Currea Torres
 
19.sacramentoconfirmacion
19.sacramentoconfirmacion19.sacramentoconfirmacion
19.sacramentoconfirmacionLigia10
 

More Related Content

What's hot

Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and SpywaresAnkit Mistry
 
Internet security
Internet securityInternet security
Internet securityrfukunaga
 
Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual Jay Nagar
 
[EMPOWERMENT TECHNOLOGIES] - INTERNET THREATS
[EMPOWERMENT TECHNOLOGIES] - INTERNET THREATS[EMPOWERMENT TECHNOLOGIES] - INTERNET THREATS
[EMPOWERMENT TECHNOLOGIES] - INTERNET THREATSJazzyNF
 
Com 6 u1 L1 Maintaining internet safety
Com 6 u1 L1 Maintaining internet safetyCom 6 u1 L1 Maintaining internet safety
Com 6 u1 L1 Maintaining internet safetyJason Ruelo
 
Internet Threats
Internet ThreatsInternet Threats
Internet ThreatsRonalyn_Cao
 
What Is A Web Browser
What Is A Web BrowserWhat Is A Web Browser
What Is A Web Browserkevpatel
 
Online Safety, Security, Ethics, and Netiquette - Empowerment Technologies
Online Safety, Security, Ethics, and Netiquette - Empowerment TechnologiesOnline Safety, Security, Ethics, and Netiquette - Empowerment Technologies
Online Safety, Security, Ethics, and Netiquette - Empowerment TechnologiesMark Jhon Oxillo
 
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Esteban Bedoya
 
Online safety and security
Online safety and securityOnline safety and security
Online safety and securityjovellconde1
 
Year 7 - Week 5 esafety
Year 7 - Week 5 esafetyYear 7 - Week 5 esafety
Year 7 - Week 5 esafetyteachesict
 
Internet PC Security by Khalil Jubran Mindspring Networks
Internet PC Security by Khalil Jubran Mindspring Networks Internet PC Security by Khalil Jubran Mindspring Networks
Internet PC Security by Khalil Jubran Mindspring Networks Khalil Jubran
 
10 most important cyber security tips for your users
10 most important cyber security tips for your users10 most important cyber security tips for your users
10 most important cyber security tips for your usersSimpliv LLC
 

What's hot (20)

Hacker
HackerHacker
Hacker
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
 
Internet security
Internet securityInternet security
Internet security
 
Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual
 
[EMPOWERMENT TECHNOLOGIES] - INTERNET THREATS
[EMPOWERMENT TECHNOLOGIES] - INTERNET THREATS[EMPOWERMENT TECHNOLOGIES] - INTERNET THREATS
[EMPOWERMENT TECHNOLOGIES] - INTERNET THREATS
 
Com 6 u1 L1 Maintaining internet safety
Com 6 u1 L1 Maintaining internet safetyCom 6 u1 L1 Maintaining internet safety
Com 6 u1 L1 Maintaining internet safety
 
Hacker&cracker
Hacker&crackerHacker&cracker
Hacker&cracker
 
Hacking
HackingHacking
Hacking
 
Internet Threats
Internet ThreatsInternet Threats
Internet Threats
 
What Is A Web Browser
What Is A Web BrowserWhat Is A Web Browser
What Is A Web Browser
 
Online Safety, Security, Ethics, and Netiquette - Empowerment Technologies
Online Safety, Security, Ethics, and Netiquette - Empowerment TechnologiesOnline Safety, Security, Ethics, and Netiquette - Empowerment Technologies
Online Safety, Security, Ethics, and Netiquette - Empowerment Technologies
 
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
 
Hackers secrets
Hackers secretsHackers secrets
Hackers secrets
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Online safety and security
Online safety and securityOnline safety and security
Online safety and security
 
Year 7 - Week 5 esafety
Year 7 - Week 5 esafetyYear 7 - Week 5 esafety
Year 7 - Week 5 esafety
 
Internet PC Security by Khalil Jubran Mindspring Networks
Internet PC Security by Khalil Jubran Mindspring Networks Internet PC Security by Khalil Jubran Mindspring Networks
Internet PC Security by Khalil Jubran Mindspring Networks
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Internet threats
Internet threatsInternet threats
Internet threats
 
10 most important cyber security tips for your users
10 most important cyber security tips for your users10 most important cyber security tips for your users
10 most important cyber security tips for your users
 

Viewers also liked

19.sacramentoconfirmacion
19.sacramentoconfirmacion19.sacramentoconfirmacion
19.sacramentoconfirmacionLigia10
 
E e professor joão cruz trabalho de biologia
E e professor joão cruz trabalho de biologiaE e professor joão cruz trabalho de biologia
E e professor joão cruz trabalho de biologiaAna Borges
 
Lista Matemática
Lista Matemática Lista Matemática
Lista Matemática alunoscem
 
225187571 mecanismos-de-seguranca
225187571 mecanismos-de-seguranca225187571 mecanismos-de-seguranca
225187571 mecanismos-de-segurancaMarco Guimarães
 
Exame electricidade
Exame electricidadeExame electricidade
Exame electricidadeAna Alvarez
 
CONFESION_Y_BENDICION
CONFESION_Y_BENDICIONCONFESION_Y_BENDICION
CONFESION_Y_BENDICIONNaty Gonzalez
 
U L A D E C H T A L L E R D E I N V E S T I G A C IÓ N C I C L O V I I
U L A D E C H T A L L E R D E I N V E S T I G A C IÓ N C I C L O V I IU L A D E C H T A L L E R D E I N V E S T I G A C IÓ N C I C L O V I I
U L A D E C H T A L L E R D E I N V E S T I G A C IÓ N C I C L O V I Iedith17
 
Notícia - Estágio Desportivo de Juvenis em Mondim de Basto
Notícia - Estágio Desportivo de Juvenis em Mondim de BastoNotícia - Estágio Desportivo de Juvenis em Mondim de Basto
Notícia - Estágio Desportivo de Juvenis em Mondim de BastoVitória Waterpolo
 
Reframing assignment
Reframing assignmentReframing assignment
Reframing assignmentNathvel
 
Dp de biologia
Dp de biologiaDp de biologia
Dp de biologiaDanielly26
 

Viewers also liked (20)

Trabajo manuel
Trabajo manuelTrabajo manuel
Trabajo manuel
 
19.sacramentoconfirmacion
19.sacramentoconfirmacion19.sacramentoconfirmacion
19.sacramentoconfirmacion
 
E e professor joão cruz trabalho de biologia
E e professor joão cruz trabalho de biologiaE e professor joão cruz trabalho de biologia
E e professor joão cruz trabalho de biologia
 
Lista Matemática
Lista Matemática Lista Matemática
Lista Matemática
 
Bulletin for week of Dec. 1, 2013
Bulletin for week of Dec. 1, 2013Bulletin for week of Dec. 1, 2013
Bulletin for week of Dec. 1, 2013
 
225187571 mecanismos-de-seguranca
225187571 mecanismos-de-seguranca225187571 mecanismos-de-seguranca
225187571 mecanismos-de-seguranca
 
1
11
1
 
Exame electricidade
Exame electricidadeExame electricidade
Exame electricidade
 
Programa semana da leitura 2011
Programa semana da leitura 2011Programa semana da leitura 2011
Programa semana da leitura 2011
 
Trabajo practico 2
Trabajo practico 2Trabajo practico 2
Trabajo practico 2
 
HTML2
HTML2HTML2
HTML2
 
CONFESION_Y_BENDICION
CONFESION_Y_BENDICIONCONFESION_Y_BENDICION
CONFESION_Y_BENDICION
 
Brasil
BrasilBrasil
Brasil
 
U L A D E C H T A L L E R D E I N V E S T I G A C IÓ N C I C L O V I I
U L A D E C H T A L L E R D E I N V E S T I G A C IÓ N C I C L O V I IU L A D E C H T A L L E R D E I N V E S T I G A C IÓ N C I C L O V I I
U L A D E C H T A L L E R D E I N V E S T I G A C IÓ N C I C L O V I I
 
Notícia - Estágio Desportivo de Juvenis em Mondim de Basto
Notícia - Estágio Desportivo de Juvenis em Mondim de BastoNotícia - Estágio Desportivo de Juvenis em Mondim de Basto
Notícia - Estágio Desportivo de Juvenis em Mondim de Basto
 
Natacio
NatacioNatacio
Natacio
 
Reframing assignment
Reframing assignmentReframing assignment
Reframing assignment
 
Ainun najib
Ainun najibAinun najib
Ainun najib
 
Aborto
AbortoAborto
Aborto
 
Dp de biologia
Dp de biologiaDp de biologia
Dp de biologia
 

Similar to Soham web security

Promote Education Internet Security
Promote Education Internet SecurityPromote Education Internet Security
Promote Education Internet SecurityZoaib Mirza
 
Information Security Day for Penn State Ag Sciences
Information Security Day for Penn State Ag SciencesInformation Security Day for Penn State Ag Sciences
Information Security Day for Penn State Ag SciencesVince Verbeke
 
Giarritano concept paper 4
Giarritano concept paper 4Giarritano concept paper 4
Giarritano concept paper 4leahg118
 
Rules of Netiquette
Rules of Netiquette Rules of Netiquette
Rules of NetiquetteRochelle Nato
 
Protect Yourself From Internet Pests
Protect Yourself From Internet PestsProtect Yourself From Internet Pests
Protect Yourself From Internet Pestspeterhitch
 
Keeping Your Children, your information and your equiptment safe
Keeping Your Children, your information and your equiptment safeKeeping Your Children, your information and your equiptment safe
Keeping Your Children, your information and your equiptment safeComputer Explorers
 
Lecture about network and host security to NII students
Lecture about network and host security to NII studentsLecture about network and host security to NII students
Lecture about network and host security to NII studentsAkiumi Hasegawa
 
Empowerment Technologies - Module 2
Empowerment Technologies - Module 2Empowerment Technologies - Module 2
Empowerment Technologies - Module 2Jesus Rances
 
IT Security Seminar Cougar CPS
IT Security Seminar Cougar CPSIT Security Seminar Cougar CPS
IT Security Seminar Cougar CPScougarcps
 
INFORMATION AND COMPUTER SECURITY.pptx
INFORMATION AND COMPUTER SECURITY.pptxINFORMATION AND COMPUTER SECURITY.pptx
INFORMATION AND COMPUTER SECURITY.pptxToleraYadessaGonfa
 
6 protecting your computer
6 protecting your computer 6 protecting your computer
6 protecting your computer mohamad Hamizi
 
4 a module virus and spyware
4 a module virus and spyware4 a module virus and spyware
4 a module virus and spywareRozell Sneede
 
Cybersecurity Awareness Training for Employees.pptx
Cybersecurity Awareness Training for Employees.pptxCybersecurity Awareness Training for Employees.pptx
Cybersecurity Awareness Training for Employees.pptxMustafa Amiri
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsConnecting Up
 
CYBER SECURITY AWARENESS.pptx
CYBER SECURITY AWARENESS.pptxCYBER SECURITY AWARENESS.pptx
CYBER SECURITY AWARENESS.pptxTapan Khilar
 

Similar to Soham web security (20)

Promote Education Internet Security
Promote Education Internet SecurityPromote Education Internet Security
Promote Education Internet Security
 
Securitytips
SecuritytipsSecuritytips
Securitytips
 
Information Security Day for Penn State Ag Sciences
Information Security Day for Penn State Ag SciencesInformation Security Day for Penn State Ag Sciences
Information Security Day for Penn State Ag Sciences
 
Giarritano concept paper 4
Giarritano concept paper 4Giarritano concept paper 4
Giarritano concept paper 4
 
Rules of Netiquette
Rules of Netiquette Rules of Netiquette
Rules of Netiquette
 
Protect Yourself From Internet Pests
Protect Yourself From Internet PestsProtect Yourself From Internet Pests
Protect Yourself From Internet Pests
 
Keeping Your Children, your information and your equiptment safe
Keeping Your Children, your information and your equiptment safeKeeping Your Children, your information and your equiptment safe
Keeping Your Children, your information and your equiptment safe
 
Lecture about network and host security to NII students
Lecture about network and host security to NII studentsLecture about network and host security to NII students
Lecture about network and host security to NII students
 
Empowerment Technologies - Module 2
Empowerment Technologies - Module 2Empowerment Technologies - Module 2
Empowerment Technologies - Module 2
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
IT Security Seminar Cougar CPS
IT Security Seminar Cougar CPSIT Security Seminar Cougar CPS
IT Security Seminar Cougar CPS
 
COMPUTERS ( types of viruses)
COMPUTERS ( types of viruses)COMPUTERS ( types of viruses)
COMPUTERS ( types of viruses)
 
INFORMATION AND COMPUTER SECURITY.pptx
INFORMATION AND COMPUTER SECURITY.pptxINFORMATION AND COMPUTER SECURITY.pptx
INFORMATION AND COMPUTER SECURITY.pptx
 
6 protecting your computer
6 protecting your computer 6 protecting your computer
6 protecting your computer
 
Computer SOS
Computer SOSComputer SOS
Computer SOS
 
Spyware
SpywareSpyware
Spyware
 
4 a module virus and spyware
4 a module virus and spyware4 a module virus and spyware
4 a module virus and spyware
 
Cybersecurity Awareness Training for Employees.pptx
Cybersecurity Awareness Training for Employees.pptxCybersecurity Awareness Training for Employees.pptx
Cybersecurity Awareness Training for Employees.pptx
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
 
CYBER SECURITY AWARENESS.pptx
CYBER SECURITY AWARENESS.pptxCYBER SECURITY AWARENESS.pptx
CYBER SECURITY AWARENESS.pptx
 

More from Soham Sengupta

Spring method-level-secuirty
Spring method-level-secuirtySpring method-level-secuirty
Spring method-level-secuirtySoham Sengupta
 
JavaScript event handling assignment
JavaScript event handling assignment JavaScript event handling assignment
JavaScript event handling assignment Soham Sengupta
 
Networking assignment 2
Networking assignment 2Networking assignment 2
Networking assignment 2Soham Sengupta
 
Networking assignment 1
Networking assignment 1Networking assignment 1
Networking assignment 1Soham Sengupta
 
Sohams cryptography basics
Sohams cryptography basicsSohams cryptography basics
Sohams cryptography basicsSoham Sengupta
 
JSR-82 Bluetooth tutorial
JSR-82 Bluetooth tutorialJSR-82 Bluetooth tutorial
JSR-82 Bluetooth tutorialSoham Sengupta
 
Html tables and_javascript
Html tables and_javascriptHtml tables and_javascript
Html tables and_javascriptSoham Sengupta
 

More from Soham Sengupta (20)

Spring method-level-secuirty
Spring method-level-secuirtySpring method-level-secuirty
Spring method-level-secuirty
 
Spring security mvc-1
Spring security mvc-1Spring security mvc-1
Spring security mvc-1
 
JavaScript event handling assignment
JavaScript event handling assignment JavaScript event handling assignment
JavaScript event handling assignment
 
Networking assignment 2
Networking assignment 2Networking assignment 2
Networking assignment 2
 
Networking assignment 1
Networking assignment 1Networking assignment 1
Networking assignment 1
 
Sohams cryptography basics
Sohams cryptography basicsSohams cryptography basics
Sohams cryptography basics
 
Network programming1
Network programming1Network programming1
Network programming1
 
JSR-82 Bluetooth tutorial
JSR-82 Bluetooth tutorialJSR-82 Bluetooth tutorial
JSR-82 Bluetooth tutorial
 
Xmpp and java
Xmpp and javaXmpp and java
Xmpp and java
 
Core java day2
Core java day2Core java day2
Core java day2
 
Core java day1
Core java day1Core java day1
Core java day1
 
Core java day4
Core java day4Core java day4
Core java day4
 
Core java day5
Core java day5Core java day5
Core java day5
 
Exceptions
ExceptionsExceptions
Exceptions
 
Java.lang.object
Java.lang.objectJava.lang.object
Java.lang.object
 
Jsp1
Jsp1Jsp1
Jsp1
 
Html tables and_javascript
Html tables and_javascriptHtml tables and_javascript
Html tables and_javascript
 
Html javascript
Html javascriptHtml javascript
Html javascript
 
Java script
Java scriptJava script
Java script
 
Sohamsg ajax
Sohamsg ajaxSohamsg ajax
Sohamsg ajax
 

Recently uploaded

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Recently uploaded (20)

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Soham web security

  • 1. Surf Web Safe Soham Sengupta Web Security Unleashed CEO, Tech IT Easy Lab of Pervasive VM Computing +91 9830740684 (sohamsengupta@yahoo.com)
  • 2. Topics I shall share today To Enchant you Topics I shall not harp on To kill your time 1. Possible Attacks on your system 2. Common Preventives 3. Good practice to safe-surf web 4. My own prescriptions 5. Some wonderful demonstration replicating attacks 6. Preventive mechanism A. Basic Cryptography B. Bookish Web Architectures C. Parsing it all for Linux against Microsoft D. A hell-lot-of slides to jam your brain. So, friends! May we whistle it off? sohamsengupta@yahoo.com Monday, October 13, 2014
  • 3. 1. Malicious Cookies 2. Malicious Free / Open Source Software 3. SQL Injection 4. Script injection (E.g. Java script) 5. Signed Applets 6. An evil browser 7. Browser Extension/ plug-in 8. Phishing 9. Pirated (Cracked) Operating System with Malicious sohamsengupta@yahoo.com Monday, October 13, 2014 3 TCP/IP stack 10.Improper and Insecure Use of USB 11. Public Network Zones (E.g. Wi-Fi zone provided by a Cafeteria )
  • 4. Do not have an account here. Let me try something wicked! sohamsengupta@yahoo.com Monday, October 13, 2014 4
  • 5. Login Web Service (A servlet) sohamsengupta@yahoo.com Monday, October 13, 2014 5
  • 7. anyPassword’ or ‘1’=‘1 Web Service Runs this SQL Select count(*) from User_Table where uid=‘Sohamsengupta’ AND pwd=‘anyPassword’ OR ‘1’=‘1’ sohamsengupta@yahoo.com Monday, October 13, 2014 7
  • 8.  Applets are considered to be secure, because  They cannot access local machine’s files and other system resources  Java generally does not have access to native platform  But, Signed Applets can!  Users blindly trusts signed applets sohamsengupta@yahoo.com Monday, October 13, 2014 8
  • 9. I am a good developer! I develop my good browser which will steal users’ information and …. I have made a Chrome Extension that does wicked tricks and captures your PG-info sohamsengupta@yahoo.com Monday, October 13, 2014 9
  • 10. I am genius! Have cracked Microsoft Windows 8.1 . Shall distribute it free to people over Internet Wait! There’s never a free lunch! I’d modify this OS to my benefit! sohamsengupta@yahoo.com Monday, October 13, 2014 10
  • 11.  Free utility software (Like, Document or Media Converters, Media Players, Live Wall papers, Games, Free Security Software etc.) are devils’ den!  They pass your data and documents to a remote server.  May impose key loggers to track your passwords and e-banking credentials sohamsengupta@yahoo.com Monday, October 13, 2014 11
  • 12.  Can sniff your data transfer  Very risky if you use these Networks to connect to secure and sensitive sites  Do not use public Networks unless you must use them in urgency. sohamsengupta@yahoo.com Monday, October 13, 2014 12
  • 13.  Beware of Java Script attack  Beware of Ajax service links sent in a mail  Avoid using Facebook Apps and clicking on any sort of links on a Social Networking portal such as Facebook  Be careful as you link your Gmail and Facebook to your smartphone (E.g. Android) sohamsengupta@yahoo.com Monday, October 13, 2014 13
  • 14.  Use original OS and Antivirus  Use only trusted browser preferably Chrome  Activate 2-step authentication for mail, banking etc.  Always try to link more than one mails and mobile numbers for everything  Safe Facebooking sohamsengupta@yahoo.com Monday, October 13, 2014 14
  • 15.  Do not use arbitrary software  Do not open mails that contain links promising a lottery  do not use Torrent downloaders  If you must use torrent, make it on a different (dual-boot at least) OS  Do not use your barcode scanner of smartphone to scan unknown QR codes sohamsengupta@yahoo.com Monday, October 13, 2014 15
  • 16.  Using Open sources do not promote your social position always, free open sources can usher in serious threats!  Do not log in any where with Facebook or Gmail account. Doing so, you legally authorize some apps to post on your behalf.  Read carefully before you make a decision on web sohamsengupta@yahoo.com Monday, October 13, 2014 16
  • 17. 1) Phishing detection by smart phone 2) Risks on Applets 3) Malicious software development sohamsengupta@yahoo.com Monday, October 13, 2014 17