JONNEL L.

TALAÑA
MODULE 4
Learning Activities/ Exercises
What have you learned on the first lesson? please elaborate (150-180 words)

Early cryptography had only one objective: to encrypt messages so that their contents could be
safeguarded while being transferred from one place to another. Since its creation in the modern
era, cryptography has expanded from its original role as the primary means of message
confidentiality to include, among other things, some phases of message integrity checking,
sender/receiver identity authentication, and digital signatures (New World, 2007).We have felt
the need to keep our conversations private ever since we emerged from the caves, started to
form groups, and decided to take the idea of civilisation seriously. As soon as there were
different groups or tribes, along with blatant violence, concealment, and crowd control, the idea
that we must cooperate against one another originated and spread. It is not unexpected that
the first cryptographic artifacts were found in the regions that are today home to Egypt, Greece,
and Rome, the birthplace of civilization.The basic goal of cryptography is to protect sensitive
data on a hard drive or while it moves via a medium that might not be safe in and of itself. A
computer network typically acts as such a medium. Cryptography can provide the following
services: Authentication, Non-repudiation, Confidentiality (secrecy), and Integrity (anti-
tampering). The various forms of cryptography include hashing operations, symmetric key
cryptography, and asymmetric key cryptography. In the current period, public key cryptography
has grown in popularity.It is still common practice to use asymmetric encryption, which makes
use of a shared public key and a sender-only private key. Using the shared public key, anyone
can decrypt a communication that has been encrypted by the sender using the private key they
have access to. The communication's sender will thereafter be able to be identified by the
recipient.This method is the foundation of the digital signature. There are problems when
communication between many companies requires the use of multiple public keys and knowing
when to use which one. No matter the technique used, a series of techniques used one after
the other will result in the best outcomes (Whitman, 2005).

Give atleast one paragraph on your understanding about Symmetric Key Cryptography and its
examples

The simplest form of encryption, known as symmetric key cryptography, uses just one secret key
to cipher and decrypt data. An old and well-known method is symmetric encryption. It employs
a secret key, which may be a word, a number, or a collection of random letters. It is combined
with the message's plain text to alter the content in a certain way. The secret key used to
encrypt and decrypt all of the communications should be known by both the sender and the
recipient. Symmetric encryption is used in Blowfish, AES, RC4, DES, RC5, and RC6 as examples.
The symmetric algorithms AES-128, AES-192, and AES-256 are the most often utilized.

Give atleast one paragraph on your understanding about Asymmetric Key Cryptography and
its examples

Asymmetric encryption, commonly referred to as public key cryptography, is a more recent

technology than symmetric encryption. Two keys are used in asymmetric encryption to encrypt
plain text. Secret keys are transferred via a wide network like the Internet. It prevents evildoers
from utilizing the keys improperly. Asymmetric encryption employs two related keys to increase
security since it is crucial to keep in mind that anyone with access to the secret key can decode
the communication. Anybody wishing to contact you may receive a public key without charge.
The second private key's location is only known to you. Asymmetric keys are much more
effective in maintaining the confidentiality of data sent during transmission. The great majority
of channels used for daily communication, especially those linked to the Internet, employ
asymmetric encryption. The asymmetric key encryption algorithms elliptic curve approaches,
RSA, DSA, EIGamal, and PKCS are well known.

LESSON 8 – Application Security

Learning Activities/ Exercises
What have you understood on lesson 2? (200 words)

One example of how the Internet has evolved to solve web application flaws is the
introduction of HTTPS, which creates an encrypted communication channel and protects
against man in the middle (MitM) attacks. There are still a lot of flaws, though. The most
significant and pervasive issues are listed by the Open Web Application Security Project
(OWASP),
In response to the growing issue of web application security, many security firms have
created solutions designed particularly to protect web applications. The web application
firewall (WAF), a security tool designed to detect and stop threats at the application-
layer, is one instance. When the application is still in the design stage, start by
introducing security tools and standards. Early development should take vulnerability
screening into account. Second, implement security procedures and regulations to
protect apps in actual environments. Do continual security testing, for instance. As a last
line of defense, use security measures like firewalls, web application firewalls (WAF), and
intrusion prevention systems, among others (IPS). These are just a few methods for
promoting application security all throughout the software development
process.Application security aims to protect software application code and data from
online threats. Throughout the whole development process, including design,
development, and deployment, application security may and should be implemented.