Cyber Security / Cyber Crime Testing Architecture

1
(No Transcript)
2

• Problem Statement Common IT Applications
  security vulnerabilities
• Missing data encryption
• OS command injection
• SQL injection
• Buffer overflow
• Missing authentication for critical functions
• Missing authorization
• Unrestricted upload of dangerous file types
• Reliance on untrusted inputs in a security
• decision
• Malware
• Backdoors,
• Formjacking,

• Cross-site scripting and forgery
• Download of codes without integrity checks
• Use of broken algorithms
• URL redirection to untrusted sites
• Path traversal
• Bugs
• Weak passwords
• Software that is already infected with virus
• DDoS (distributed denial-of-service) attack
• DNS (Domain Name System)

3

• Solution Cyber Security Required _at_
• Critical infrastructure cyber security.
• Network security. ...
• Cloud security. ...
• IoT (Internet of Things) security. ...
• Application security.
• Application Server Security
• Web server Security
• Middleware Security
• Database Security
• Database server Security

• Problem Statement Cybercrimes
• Email and internet fraud.
• Identity fraud (where personal information is
  stolen and used).
• Theft of financial or card payment data.
• Theft and sale of corporate data.
• Cyberextortion (demanding money to prevent a
  threatened attack).
• Ransomware attacks (a type of cyberextortion).
• Crypojacking (where hackers mine cryptocurrency
  using resources they do not own).
• Cyberespionage (where hackers access government
  or company data).

4
(No Transcript)
5

• Security Testing Types
• Scanning(Configuration Scanning)
• Penetration Testing (Ethical Hacking)
• Security Audit
• Risk Assessment Security Posture Assessment
• Information Gathering
• Port Scanning
• Packet Analyzer/Sniffers
• Vulnerability Scanners
• Proxies

• Exploitation
• Password Cracker
• Web Application Security Testing
• API Security Testing
• Test Internal Interfaces
• Interactive Application Security Testing (IAST)
• Software Composition Analysis (SCA)
• Security Testing Best Practices.
• Shift Security Testing Left
• Security Testing Best practices

6

• Security Testing Tools
• Static Application Security Testing (SAST)
• Dynamic Application Security Testing (DAST)
• Interactive Application Security Testing
• (IAST) and Hybrid Tools
• Software Composition Analysis (SCA)

7

• Security Testing Tools
• Information Gathering
• Skipfish
• NsLookup
• Google Hacking Database Tool (GHDB)
• What is my IP/IP Address Lookup
• HTTrack Website Copier
• Samspade
• Wayback Machine
• The Harvester
• Metagoofil
• Maltego
• Robots.txt

• Port Scanning
• Angry IP Scanner
• Pingsweep
• Superscan
• Advance Port Scanner
• Netcat
• Nmap
• Traceroute

• Packet Analyzer/Sniffers
• Wireshark
• Ettercap
• Tcpdump
• Kismet
• NetworkMiner

• Password Crackers
• Brutus
• Ophcrack
• John the Ripper
• Cain and Abel
• THC Hydra
• Rainbow Crack
• Truecrack
• Air crack

• Vulnerability Scanners
• Nessus
• ZAP
• AJAX Spidering
• Fuzzing
• Websocket Testing
• Acuentix
• IBM AppScan
• HP WebInspect
• Fortify Static Code Analyzer
• Burp Professional Scanner
• Netsparker
• Qualys Cloud Platform
• w3af

• Exploitation
• Metasploit
• SQL Map
• Havij
• SET (Social Engineer Toolkit)
• BeEF

• Proxies
• Paros
• WebScarab
• IE watch
• Charles

8

• Security Testing Tools
• Information Gathering
• Skipfish
• NsLookup
• Google Hacking Database Tool (GHDB)
• What is my IP/IP Address Lookup
• HTTrack Website Copier
• Samspade
• Wayback Machine
• The Harvester
• Metagoofil
• Maltego
• Robots.txt

• Port Scanning
• Angry IP Scanner
• Pingsweep
• Superscan
• Advance Port Scanner
• Netcat
• Nmap
• Traceroute

• Packet Analyzer/Sniffers
• Wireshark
• Ettercap
• Tcpdump
• Kismet
• NetworkMiner

• Password Crackers
• Brutus
• Ophcrack
• John the Ripper
• Cain and Abel
• THC Hydra
• Rainbow Crack
• Truecrack
• Air crack

• Vulnerability Scanners
• Nessus
• ZAP
• AJAX Spidering
• Fuzzing
• Websocket Testing
• Acuentix
• IBM AppScan
• HP WebInspect
• Fortify Static Code Analyzer
• Burp Professional Scanner
• Netsparker
• Qualys Cloud Platform
• w3af

• Exploitation
• Metasploit
• SQL Map
• Havij
• SET (Social Engineer Toolkit)
• BeEF

• Proxies
• Paros
• WebScarab
• IE watch
• Charles

9

• DB Testing Tools
• Data Factory
• Mockup Data
• DTM Data Generator
• MS SQL Server
• SQL Test
• Oracle SQL Developer
• NoSQL Unit
• Se Lite
• SLOB
• Orion

• DB Security Testing Techniques
• Penetration Testing
• Risk Assessment
• SQL Injection Validation
• Password Cracking
• Security Audit

10

• Benefits of Using Database Testing Tool
• Tool is that it executes tasks faster and this
  saves time.
• We have both paid as well as opensource testing
  tools
• These tools can be classified into Load and
  Performance testing tools,
• Test Generator tools, and SQL-based tools.
• Vulnerability that exists within the database
  system and using some of these tools will
• Facilitate the detection of defects efficiently
  and effectively in early stage
• periodic testing is important that will ensure
  productivity in the system (DB Crashes).

11

• _at_hjay55
• HJAY55_at_GMAIL.COM
• 91-8050862975