OWASP Top 10

OWASP stands for Open Web Application Security Project and it is an international non-profit organization that works towards improving the security of software. OWASP has chapters worldwide including tens of thousands of members and through community-led open-source projects, they work to make the web more secure. All of the materials including documentation, tools, and videos are freely available on their website. One of the well-known projects of them is the OWASP Top 10. 

OWASP Top 10 is a regularly-updated report containing the top 10 most critical risks for web application security. It is a standard web application security awareness document which is really important for developers. This document is compiled by a well-qualified team of security experts. It is recommended for companies to refer to this document when developing web applications to minimize security risks. OWASP Top 10 is a very good initiative for writing more secure code ensuring information security in organizations. There are ten security risks for web applications reported in this OWASP Top 10 report. 

1. Injection: Different injection attack types like SQL injections, LDAP injections, NoSQL injections happen when untrusted data is sent to the interpreter as a part of the query or the code. If an attacker inserts SQL code into a form input and if these form inputs are not properly secured then there is a risk of that SQL code being executed. This is an example of SQL injection. These types of injections can be avoided by sanitizing or validating the form inputs before sending them to the backend. 

2.  Broken Authentication: Authentication is validating the identity of users allowing only authorized users to access the systems. If authentication is not properly implemented it will allow the attackers to compromise passwords, tokens, or keys. Two-factor authentication is one of the mechanisms that can be used to mitigate authentication vulnerabilities. 

3. Sensitive Data Exposure: If sensitive information such as financials, healthcare, and military are not properly protected in web applications and APIs, they can be stolen by attackers using them to do credit card frauds and other types of cybercrimes such as identity theft. 

4. XML External Entities (XEE): Poorly configured XML processors are vulnerable to attacks as they can reverence an external entity. Attackers try to exploit this vulnerability by ding data to unauthorized eternal entities. 

5. Broken Access Control: Broken access controls allow attackers to bypass authorization and perform tasks as though they were privileged. 

6. Security Misconfiguration: Displaying default configurations or displaying excessively verbose errors can be a vulnerability. This can be mitigated by removing unused features and making sure that the error is more general. 

7. Cross-Site Scripting: If the web applications allow the users to add custom code to URL paths then it can be a vulnerability. This can be exploited to run malicious javascript code on the victim's browser. 

8. Insecure Deserialization: This threat targets the many web applications which frequently serialize and deserialize data. Insecure deserialization often leads to remote code execution

9. Using Components With Known Vulnerabilities: Most web application developers use components like frameworks and libraries. These components will help the developers by minimizing redundant work. But the disadvantage of these components is that the attackers try to use vulnerabilities in these components. 

10. Insufficient Logging And Monitoring: Many web applications do not have a proper mechanism to detect data breaches. If there is not an efficient logging and monitoring process then it will allow attackers to further attack systems. Therefore it is crucial to have proper logging and monitoring mechanisms in web applications. 

REFERENCES

https://owasp.org/www-project-top-ten/

Cyberattack Techniques in the Modern World

A cyberattack is an assault launched targetting computer systems and networks. In the modern world, there are a variety of techniques and attack types used by hackers to achieve their objectives. 

Malware 

Malware is a malicious piece of software that is specifically designed to collect information or to damage a computer system by gaining unauthorized access. Examples of modern malware include WannaCry and HenBox. Wannacry is a ransomware attack that infected around 250,000 windows computers worldwide in 2017. The damage caused by Wannacry is estimated at around US$5 Billion. HenBox typically appears as a legitimate Android system and VPN apps, and sometimes embeds legitimate apps. The main goal of the HenBox apps is to spy on those who install them.

 There are several types of malware which include,

1. Viruses:  This is a special type of malware that is self-replicating. First, it needs to be executed by a user or a process  to infect the host system
   
2. Worms: Unlike viruses, worms do not need to be executed by a user or a process to infect the host system. Worms usually target the computer networks spreading rapidly through replication. 
3. Trojan horses: Malware that is disguised as a harmless program, but actually gives
   attackers elevated proviledge and full control of an endpoint when installed. Unlike other types of malware types, trojan horses are not self-replicating 
4. Ransomware: Malware that locks a computer or device or encrypts data  on an infected endpoint with an encryption key that only the attacker knows, thereby making the data unusable until the victim pays a ransom 
5. Back doors: This type of malware allows an attacker to bypass authentication to gain unauthorized access to a compromised system 
6. Logic bombs: Logic bombs are a special type of malware that is triggered when a specific condition is met (Like a special date) 
7. Rootkits: This type of malware allows the attackers to get root-level access to a computer. Usually, rootkits are installed to BIOS of a computer. This prevents operating system level security tools from detecting them.  

Spamming and phishing  

Spam and phishing emails are the most common methods of delivering malware. The volume of

spam email as a percentage of total global email traffic fluctuates widely typically from 45 to 75 percent. In contrast to spam phishing attacks, are becoming more sophisticated and difficult to identify.

Spear phishing is a targeted phishing campaign that appears more credible to its victims by

gathering specific information about the target, and thus has a higher probability of success.

Bots and botnets

Bots are individual endpoints that are infected with advanced malware that enables an attacker to take control of the compromised endpoint. A botnet is a network of bots working together under the control of attackers. In a botnet, advanced malware works together toward a common objective, with each bot growing the power and destructiveness of the overall botnet. The botnet can evolve to pursue new goals or adapt as different security countermeasures are deployed. Botnets themselves are dubious sources of income for cybercriminals. Botnets are created by cybercriminals to harvest computing resources. Control of botnets can then be sold or rented out to other cybercriminals.

REFERENCES

https://blog.netwrix.com/2018/05/15/top-10-most-common-types-of-cyber-attacks/
https://www.checkpoint.com/cyber-hub/cyber-security/what-is-cyber-attack/

 

 

Cybersecurity Tools and Technologies

Network security tools are very important when ensuring Information Security in an organization. Cybersecurity tools and technologies include Firewalls, Intrusion Detection Systems, and Intrusion Prevention Systems (IDS/IPS), Web Content Filters, Data Loss Prevention (DLP), Unified Threat Management (UTM), and Security Information and Event Management (SIEM).

Firewalls 

Firewalls are one of the most prominent network security tools since the early days of the Internet. A firewall is a hardware or software platform that controls the flow of traffic between a trusted network such as a corporate LAN and an untrusted network like the Internet. There are different types of firewalls,

1. Packet filtering firewalls: Checks data packets coming from the router 
2. Stateful packet inspection (SPI) firewalls: These firewalls combine both packet inspection technology and TCP handshake 
3. Application firewalls: Operate up to Layer 7 (application layer) of the OSI model and control access to specific applications and services on the network

Intrusion Detection Systems and Intrusion Prevention Systems (IDS/IPS)

Intrusion detection systems (IDS) and Intrusion Prevention Systems (IPS) perform deep-packet inspection and analysis of network activity and data and provide real-time monitoring of network traffic. Unlike traditional packet filtering and stateful packet inspection firewalls that examine only packet header information, IDS/IPS examines both the packet header and payload of network traffic. IDS/IPS attempts to match malicious patterns found within inspected packets. IDS/IPS are typically deployed to detect and block exploits of software vulnerabilities on the network. The primary difference between IDS and IPS is that IDS is considered to be a passive system, whereas IPS is an active system. IDS monitor and analyze network activity and provide alerts to potential attacks and vulnerabilities on the network, but it doesn’t perform any preventive action to stop an attack.

Web content filters

Web content filters are used to restrict the activity of users on a network. Web content filters match a web address against a database of websites. They are typically provided as a subscription-based service and maintained by the individual security vendors that sell the web content filters. Web content filters attempt to classify websites based on broad categories that are either allowed or blocked for various groups of users on the network. For example, the human resources department may have access to social media sites such as LinkedIn and Facebook for recruiting activities, while other users are blocked.

Data loss prevention (DLP)

Data loss prevention solutions inspect data that is leaving the network (for example, via email, file uploads, or by USB  drives) and prevent certain sensitive data like social security numbers, Addresses, Electronic Heath Records, and Classified material from leaving the network.

Unified threat management (UTM)

Unified threat management devices combine numerous security functions into a single system, including Anti-malware, Anti-spam, Content filtering, DLP, Firewall, IDS/IPS, and VPN. UTM devices don’t necessarily perform any of these security functions better than their standalone tools. But for a medium-sized enterprise, this is a more convenient and inexpensive solution that gives the needed all in one security from cyber threats. 

Security information and event management (SIEM)

Security information and event management software tools and managed services provide real-time monitoring, event correlation, analysis, and notification of security alerts generated by various network devices and applications.

REFERENCES

https://www.juniper.net/uk/en/products-services/what-is/ids-ips/
https://www.imperva.com/learn/application-security/siem/
https://digitalguardian.com/blog/what-unified-threat-management-utm-defining-and-outlining-benefits-unified-threat-management
https://www.compuquip.com/blog/the-different-types-of-firewall-architectures

CIA Triad of Information Security

What is CIA Triad?

CIA stands for Confidentiality, Integrity, and Availability and they are the key attributes of information security that are used as a security benchmark model to evaluate information security of an organization. It is a widely used model to guide an organization to implement policies and mechanisms aimed at keeping their data secure. 

Confidentiality

Confidentiality means keeping the systems, data, and other technological assets confidential from unauthorized access. In the modern world, it is very important to keep private and sensitive data from unauthorized access. Confidentiality can be achieved by using mechanisms like authentication, authorization, and encryption. Authentication is allowing only authorized users to access the systems and data. It includes using passwords, biometrics, and security tokens to establish identity. Authorization is giving different user permission levels to access resources. Authentication validates the identity of users while authorization defines if that user has access to a specific resource. Both authentication and authorization are needed to ensure confidentiality. Encryption is the process of converting data into cipher in order to prevent the exposure of confidential data to unauthorized parties. There are two types of encryption mechanisms Symmetric Encryption and Asymmetric Encryption. Packet sniffing, keylogging, and phishing are some of the attacks that affect confidentiality. 

Integrity 

Integrity is preventing the malicious alteration of data by unauthorized parties. It is the accuracy and completeness of data. Information should not be changed during transit. This simply means that the receiver should get the exactly same message that is sent by the sender. Techniques like hashing and encryption can be used to ensure the integrity of data. Hashing is a mathematical algorithm used to generate signatures. Different hashing algorithms like MD5 and SHA(Secure Hashing Algorithm) can be used to ensure the integrity of data. Man in the middle attacks and session hijacking are some of the attacks that affect integrity. 

Availability

Availability is the process of ensuring that the data, information, and systems are available when it's needed. Backups, hardware maintenance, software patching, and redundancy are mechanisms to ensure availability. Redundancy results in fault tolerance. One example of lack of availability is not having any kind of backups for the systems. In case of a cyber-attack if all the data from the systems are deleted then without backups it is impossible to recover. Therefore a routine backup is needed to ensure high availability. Denial of Service (DOS) attack is a type of attack where the hackers try to make the systems unavailable to intended users. This is a good example of a cyber threat which results in a loss of availability. 

Confidentiality, Integrity, and Availability are the three pillars of information security. Any cyber-attack will compromise any of these attributes. Therefore strong security policies and mechanisms should be implemented in an organization to ensure information security. CIA triad is an important model that can be used to implement the information security strategy of an organization.

REFERENCES

https://www.techopedia.com/definition/25830/cia-triad-of-information-security
https://www.icann.org/news/blog/what-is-authorization-and-access-control
https://www.forcepoint.com/cyber-edu/cia-triad
https://www.csoonline.com/article/3519908/the-cia-triad-definition-components-and-examples.html
https://blog.jamestyson.co.uk/the-cia-and-dad-triads

Deep Learning in Cyber Security

Artificial Intelligence (AI) is the study and design of intelligent agents that can perceive the environment and take appropriate actions to change the state of the environment to a favorable state. Deep Learning is a subfield of Artificial Intelligence and Machine Learning that imitates the neuron functionality of the brain to gain knowledge. Deep Learning models are based on Artificial Neural Network (ANN) algorithms. Deep Learning has revolutionized the tech industry of the world. It has enabled the improvement of the state of the art technologies like self-driving cars, speech recognition, accurate cancer diagnosis, and computer vision. Compared to traditional machine learning techniques deep learning models have better accuracy. 

Cybersecurity is the field of protecting data and computer systems from malicious attacks. It includes network security, application security, information security, and operational security. Deep learning techniques can be used in the field of cybersecurity to enhance the security of the digital world protecting its users against cyber threats. Applications of deep learning in cybersecurity include Network Traffic Analysis, Intrusion Detection and Prevention systems,  Spam Detection, and Malware Detection.

Network traffic analysis is an important aspect of cybersecurity. Density and the volume of the network traffic are increasing day by day. Network traffic analysis is the process of analyzing network traffic like HTTP and HTTPS for malicious activity. Detection of these malicious activities will allow security engineers to take necessary actions to prevent the damage that will be caused by malicious activities. Deep Learning algorithms like Deep Artificial Neural Networks can be used to improve the accuracy of malicious activity detection. Accurate detection of cyber threats like SQL injections and Denial of Service (DOS) is possible by integrating deep learning models to network traffic analysis.

Intrusion detection and prevention systems are used in cybersecurity to mitigate attacks and to block new cyber threats. Intrusion prevention systems use proactive measures to prevent cyber attacks. While intrusion detection systems use reactive measures to identify and mitigate ongoing attacks. Deep Learning algorithms such as Convolutional Neural Networks and Recurrent Neural Networks can be used in intrusion detection and prevention systems to increase the accuracy of threat detection minimizing the number of false alarms. 

Spam detection also can be improved by using Natural Language Processing (NLP) Deep Learning techniques, One application is spam email detection. Spam mails are used for cybercrimes to get sensitive information. By using deep learning techniques accurate detection of spam mail is possible. Deep Artificial Neural Networks can be used in the classification of URL phishing. 

Malware is malicious programs that are intentionally designed to damage data or systems. Malware detection is crucial in cybersecurity. Deep Learning algorithms can be used to detect advanced malware programs and common attack patterns efficiently than traditional algorithms. 

The above applications show how Deep Learning can be used in the field of cybersecurity. Using the latest deep learning techniques can result in the accurate detection of cyber threats in the modern digital world.

REFERENCES

https://www.kaspersky.com/resource-center/definitions/what-is-cyber-security

https://searchenterpriseai.techtarget.com/definition/deep-learning-deep-neural-network

https://arxiv.org/ftp/arxiv/papers/1812/1812.06292.pdf

https://www.imperva.com/learn/application-security/intrusion-detection-prevention/