Professional Documents
Culture Documents
Submitted To: - Submitted By:-: Cyber Security
Submitted To: - Submitted By:-: Cyber Security
Assignment 2
5th Semester
SESSION 2019/23
Directory Traversal:
This is vulnerability where an attacker is able to access beyond the web root directory from the
application. If he is able to access beyond web root directory, he might execute OS commands
and get sensitive information or access restricted directories.
Misconfiguration attacks:
If unnecessary services are enabled or default configuration files are used, verbose/error
information is not masked; an attacker can compromise the web server through various attacks
like password cracking, Error-based SQL injection, Command Injection, etc.
Phishing Attack:
An attacker may redirect the victim to malicious websites by sending him/her a malicious link by
email which looks authentic, but redirects him/her to malicious web page thereby stealing their
data. There are a lot of other web application attacks which can lead to a web server attack-
Parameter form tampering, Cookie tampering, unvalidated inputs, SQL injection, Buffer overflow
attacks.
Cybercrime
Today, people rely on computers to create, store, and manage critical information. Thus, it is
crucial that users take measures to protect their computers and data from loss, damage, and
misuse. A computer security risk is any event or action that could cause a loss of or damage to
computer hardware, software, data, information, or processing capability. While some breaches
to computer security are accidental, many are intentional. Some intruders do no damage; they
merely access data, information, or programs on the computer. Other intruders indicate some
evidence of their presence either by leaving a message or by deliberately altering or damaging
data. An intentional breach of computer security often involves a deliberate act that is against
the law. Any illegal act involving a computer generally is referred to as a computer crime.
A passive IDS is a system that’s configured to only monitor and analyse network traffic activity
and alert an operator to potential vulnerabilities and attacks. A passive IDS is not capable of
performing any protective or corrective functions on its own.
4. Train your staff: Inform your staff about all the potential cyberattacks that can happen in your
workplace. Encourage them to report all cyberattacks that occur. Once your staff has the basic
knowledge to handle any cyberattack, managing recovery would not be so hard. Get a
professional team to train your staff about the potential problems with cybersecurity and how it
can affect the office.
5. Get certified: The international standard of cybersecurity is the ISO/IEC 27032:2012. This is a
set of rules and guidelines that cover information security, network security, internet security,
and the protection of information infrastructure. Getting a certificate would make your business
comply with these standards, leaving your security details better. Certification is also good for
business; customers and clients tend to trust your business more if it has any certification
relating to security and cybersecurity.