Professional Documents
Culture Documents
MD Shanawaz 142.C
MD Shanawaz 142.C
MD Shanawaz 142.C
Bachelor of Engineering
in
Computer Science and Engineering
By
MOHAMMED SHANAWAZ
Under the Supervision of
1
Department of Computer Science and Engineering
LORDS INSTITUTE OF ENGINEERING & TECHNOLOGY
(Autonomous)
(Approved by AICTE, recognized by the Govt. of TS, and affiliated to OU)
Himayathsagar, Hyderabad – 500 0091.
CERTIFICATE
2
LORDS INSTITUTE OF ENGINEERING & TECHNOLOGY
(Autonomous)
Himayathsagar, Hyderabad – 500 091.
3
Department of Computer Science and Engineering
MOHAMMED SHANAWAZ
H.T.No: 160921733142
4
ACKNOWLEDGMENT
First, I wish to thank GOD Almighty who created heavens and earth, who helped me in
completing this project and I also thank my parents who encouraged me in this period
of research.
I will thanks to huntmetrics, for guiding and providing the opportunity to work
along with them in real time.
MOHAMMED SHANAWAZ
H.T.No: 160921733142
5
ABSTRACT
Kali Linux contains industry specific modifications as well as several hundred tools targeted towards
various Information Security tasks, such as Penetration Testing, Security Research, Computer
Forensics, Reverse Engineering, Vulnerability Management and Red Team Testing. Kali Linux is a
multi-platform solution, accessible and freely available to information security professionals and
hobbyists.
Kali Linux is specifically tailored to the needs of penetration testing professionals, and therefore all
documentation on this site assumes prior knowledge of, and familiarity with, the Linux operating
system in general.
6
LIST OF DIAGRAMS
1. 4.1 8
4. 15
5. 19
6. 20
7. 21
INDEX
7
Contents Page No.
Department Certificate i
Company Certificate ii
Declaration
Acknowledgement
Abstract iii
List of Diagrams iv
CHAPTER-1: INTRODUCTION
CHAPTER-2:LITERATURE SURVEY
CHAPTER-4:DESIGN
CHAPTER-5: IMPLEMENTATION
CHAPTER-6:SAMPLE CODE
CHAPTER-8: CONCLUSION
CHAPTER-9:BIBLOGRAPHY
8
CHAPTER 1
INTRODUCTION
As an intern at Huntmetrics Pvt Ltd, a leading cybersecurity company, I've had the privilege
of learning from industry experts in Cyber threat Hunting, Cybersecurity Risk Advisory, and
Critical Infrastructure Security Solutions.
Cybersecurity Risk Advisory: The company provides strategic guidance, conducting risk
assessments and crafting robust cybersecurity policies to empower clients in managing
technology risks effectively.
1
Operating System is the main system software which is responsible for the flawless
working of the machine. Some Operating Systems are designed for some specific purposes.
Though we could use them for anything we want to, but they have some special tools or
services available feasibly to its users which makes it a good OS for the specific purpose.
Like we generally prefer Windows in case of gaming as most of the games are available for
windows itself. Likewise, we prefer mac OS for designing related purposes as most of the
designing software is easily available for mac and can be used flawlessly. In the same way
when we have an OS for Network Security, Digital Forensics, Penetration testing, or
Ethical Hacking named Kali Linux.
Kali Linux is a Debian-derived Linux distribution that is maintained by Offensive Security.
It was developed by Mati Aharoni and Devon Kearns. Kali Linux is a specially designed
OS for network analysts, Penetration testers, or in simple words, it is for those who work
under the umbrella of cybersecurity and analysis. The official website of Kali Linux
is Kali.org. It gained its popularity when it was practically used in Mr. Robot Series. It was
not designed for general purposes, it is supposed to be used by professionals or by those
who know how to operate Linux/Kali. To know how to install Kali Linux check its official
documentation.
Advantages:
It has 600+ Penetration testing and network security tools pre-installed.
It is completely free and open source. So you can use it for free and even
contribute for its development.
It supports many languages.
Great for those who are intermediate in linux and have their hands on Linux
commands.
Could be easily used with Raspberry Pi.
Disadvantages:
It is not recommended for those who are new to linux and want to learn linux.
(As it is Penetration Oriented)
It is a bit slower.
Some software may malfunction.
2
CHAPTER 2
LITERATURE SURVEY
2.1 Introduction to cyber security
Cybersecurity is the practice of protecting computer systems, networks, and data from
unauthorized access, attacks, damage, or theft. It has become an essential part of our
increasingly digital and interconnected world. Cybersecurity encompasses a wide range of
technologies, processes, and practices designed to safeguard information technology (IT)
assets and ensure the confidentiality, integrity, and availability of data.
Cyber Threats: There are various types of cyber threats, including malware (such as viruses,
worms, and ransomware), phishing attacks, denial-of-service (DoS) attacks, data breaches,
and more. These threats can come from hackers, cybercriminals, nation-states, or even insider
threats.
Confidentiality, Integrity, and Availability (CIA): The CIA triad is a fundamental concept
in cybersecurity. It represents the three core principles of information security:
Availability: Ensuring that data and systems are available when needed.
Firewalls: These are network security devices that monitor and filter incoming and outgoing
network traffic to block or allow specific data packets based on predefined security rules.
Antivirus Software: Designed to detect and remove malware from computers and networks.
Encryption: The process of converting data into a code to prevent unauthorized access.
3
Multi-factor Authentication (MFA): Requires users to provide multiple forms of
identification before granting access to a system or account.
Regular Software Updates: Keeping software and operating systems up-to-date to patch
known vulnerabilities.
Ethical Hacking: Ethical hackers, also known as penetration testers or white-hat hackers, use
their skills to identify vulnerabilities and weaknesses in systems and networks to help
organizations improve their security.
Compliance and Regulations: Many industries and regions have specific cybersecurity
regulations and compliance requirements that organizations must adhere to. Non-compliance
can result in legal consequences and fines.
User Awareness: Cybersecurity is not only about technology but also about people. Training
and raising awareness among employees and individuals about cybersecurity best practices
are crucial in preventing many types of attacks, such as phishing.
Cybersecurity Career Paths: The field of cybersecurity offers a wide range of career
opportunities, including cybersecurity analysts, ethical hackers, security engineers, and chief
information security officers (CISOs).
In today's digital age, cybersecurity is a continuous and evolving process. As threats become
more sophisticated, the need for robust cybersecurity practices and professionals who can
protect our digital assets becomes increasingly important. Whether you are an individual
looking to protect your personal data or an organization safeguarding sensitive information,
4
understanding and implementing cybersecurity principles is essential in our interconnected
world.
Cybersecurity is typically organized into multiple layers or domains, each of which focuses
on a specific aspect of protecting information technology systems, networks, and data. These
layers work together to create a comprehensive defense against cyber threats. Here are the
common layers of cybersecurity:
Physical Security:
This layer involves securing the physical infrastructure of an organization, including data
centers, server rooms, and hardware devices.
Measures may include access control systems, security cameras, biometric authentication,
and secure facility design.
Perimeter Security:
Also known as network security, this layer focuses on protecting the boundary between an
organization's internal network and the external world, typically the internet.
Technologies like firewalls, intrusion detection systems (IDS), intrusion prevention systems
(IPS), and demilitarized zones (DMZs) are used to safeguard against unauthorized access and
attacks.
IAM involves managing user identities, authentication, and authorization. This layer ensures
that only authorized individuals or entities have access to specific resources or data within an
organization's network.
Technologies include single sign-on (SSO), multi-factor authentication (MFA), and access
control policies.
5
Network Security:
Within the internal network, additional security measures are implemented to protect data and
resources. This may involve network segmentation, VLANs (Virtual Local Area Networks),
and traffic monitoring.
Endpoint Security:
Endpoint devices like computers, smartphones, and IoT devices are often entry points for
cyberattacks.
Endpoint security solutions, such as antivirus software, endpoint detection and response
(EDR) systems, and mobile device management (MDM) tools, help protect these devices.
Application Security:
This layer focuses on securing software applications, including web applications and mobile
apps. Security practices include code reviews, vulnerability scanning, penetration testing, and
secure coding standards.
Data Security:
Data is a valuable asset that must be protected both in transit and at rest.
Encryption, data loss prevention (DLP) tools, and data classification are used to safeguard
sensitive information.
Cloud Security:
With the increasing use of cloud services, organizations need to secure data and applications
hosted in the cloud. Cloud security involves identity and access management for cloud
services, encryption, and monitoring cloud environments.
Security Information and Event Management (SIEM) systems, intrusion detection systems
(IDS), and incident response plans are key components.
6
The human element is often the weakest link in cybersecurity. Education and training
programs help users recognize and respond to threats, such as phishing attacks and social
engineering.
Organizations should assess and ensure the security of third-party vendors and supply chain
partners to prevent vulnerabilities introduced through external connections.
Many industries have specific regulatory requirements for data protection and cybersecurity.
This layer involves compliance with regulations and industry standards, such as GDPR,
HIPAA, or ISO 27001.
These layers work in concert to create a multi-layered Défense strategy, often referred to as
Défense in depth. By implementing security measures at various levels, organizations can
increase their resilience against a wide range of cyber threats and reduce the risk of
successful attacks.
Developers review the source code of applications to identify and remediate security flaws
before deployment.
Static analysis tools automate this process by scanning the code for vulnerabilities and
providing recommendations.
7
Dynamic Application Security Testing (DAST):
Penetration Testing:
Developers should follow secure coding guidelines and best practices when writing code.
This includes input validation, output encoding, and proper handling of authentication and
authorization.
Ensure that only authorized users can access specific parts of an application.
Encryption:
Use secure encryption algorithms and key management practices to protect data
confidentiality.
Session Management:
Manage user sessions securely to prevent session hijacking or fixation. Implement features
like session timeouts and secure session handling.
Error Handling:
8
Develop error handling mechanisms that reveal minimal information to attackers. Avoid
exposing stack traces or sensitive system details in error messages.
Keep all application components, including libraries and frameworks, up to date to address
known vulnerabilities. Regularly apply security patches and updates.
Be cautious when using third-party libraries and components in applications. Verify the
security of these components and keep them updated to address vulnerabilities.
API Security:
Secure the interfaces and APIs that applications use to interact with other systems. Implement
proper authentication, authorization, and input validation for APIs.
Implement CSP headers to mitigate cross-site scripting (XSS) attacks by specifying which
sources of content are allowed to be loaded.
If your application allows file uploads, validate and sanitize uploaded files to prevent
malware or malicious code execution.
Implement logging to track and monitor application activity. Analyze logs for suspicious
behavior and potential security incidents.
Provide training to developers, testers, and other stakeholders to raise awareness of security
risks and best practices.
9
Develop an incident response plan to address security incidents promptly and minimize their
impact.
2.3.1 SSDLC
SSDLC stands for "Secure Software Development Life Cycle." It is a set of practices and
processes that integrate security measures and considerations into every phase of the software
development life cycle (SDLC). The goal of SSDLC is to proactively identify and mitigate
security vulnerabilities and weaknesses in software applications, rather than addressing them
as an afterthought.
Here are the key phases and principles of the Secure Software Development Life Cycle
(SSDLC):
Identify and assess potential security risks and threats associated with the software project.
Requirements Analysis:
Integrate security requirements into the project's functional and non-functional requirements.
Consider security features, access controls, authentication, and data protection requirements.
10
Secure Coding Practices:
Developers follow secure coding guidelines and best practices. Code reviews and static
analysis tools are used to identify and fix security vulnerabilities.
Conduct thorough security testing, including dynamic application security testing (DAST)
and penetration testing. Verify that security controls and features function as intended.
Deploy the application securely, considering factors like secure configuration management
and hardening. Employ continuous integration and continuous deployment (CI/CD) pipelines
with security checks.
Implement real-time monitoring and logging to detect security incidents. Develop an incident
response plan to address security breaches promptly.
Periodically review the software for security updates and vulnerabilities. Ensure compliance
with industry-specific security standards and regulations.
Post-Release Maintenance:
Continue to monitor and maintain the security of the software after it's deployed.
SSDLC aims to make security an integral part of the software development process rather
than a separate activity performed at the end. By incorporating security considerations from
11
the initial planning stages, organizations can reduce the risk of security breaches and data
leaks while delivering more secure software to their users.
In addition to the above phases, various security tools and technologies, such as static
analysis tools, dynamic analysis tools, security scanning tools, and security-focused libraries
and frameworks, can be used to enhance the security of the software development process.
Web application architecture refers to the structural design and organization of web-based
software applications. It defines how various components and modules of a web application
interact with each other to provide functionality and deliver content to users over the internet.
A well-designed web application architecture ensures that the application is scalable,
maintainable, secure, and performs efficiently. Here are key components and considerations
in web application architecture:
Client-Side Components:
User Interface (UI): The client-side of a web application is responsible for rendering the
user interface that users interact with. It typically consists of HTML, CSS, and JavaScript
code.
Client-Side Frameworks: Popular JavaScript frameworks and libraries like React, Angular,
and Vue.js are often used to build dynamic and responsive UIs.
Client-Side Routing: Client-side routing is used to manage and handle different URLs
within a web application without the need for server-side requests.
Server-Side Components:
Web Server: The web server handles incoming HTTP requests from clients and routes them
to the appropriate components of the application.
Application Server: The application server contains the business logic of the web
application. It processes requests, interacts with databases, and performs other application-
specific tasks.
12
Server-Side Frameworks: Backend frameworks like Node.js, Ruby on Rails, Django, and
Express.js provide tools and structure for building server-side logic.
APIs: RESTful or GraphQL APIs are often used to enable communication between the
client-side and server-side components.
Database:
The database stores and manages the application's data. It can be relational (e.g., MySQL,
PostgreSQL) or NoSQL (e.g., MongoDB, Cassandra), depending on the data requirements.
Object-Relational Mapping (ORM) or similar tools may be used to interact with the database.
Middleware:
Caching:
Caching mechanisms like content delivery networks (CDNs) and in-memory caching (e.g.,
Redis) can be used to improve the performance of the web application by storing and serving
frequently accessed data.
Load Balancing:
Load balancers distribute incoming traffic across multiple servers or instances to ensure high
availability and scalability. They help prevent server overload and ensure that requests are
evenly distributed.
Security:
13
Scalability:
The architecture should be designed to scale horizontally (adding more servers or instances)
or vertically (upgrading server resources) to handle increased load and traffic.
Session Management:
Effective session management ensures that user sessions are secure and that users can
maintain their state while interacting with the application.
Logging and monitoring tools help track application performance, detect errors, and
troubleshoot issues in real-time.
Decisions about where and how the application will be deployed and hosted are critical.
Options include on-premises servers, cloud platforms (e.g., AWS, Azure, Google Cloud), and
serverless architectures.
Scalability:
The architecture should be designed to scale horizontally (adding more servers or instances)
or vertically (upgrading server resources) to handle increased load and traffic.
Web application architecture can vary significantly depending on the specific requirements of
the application, the technologies chosen, and the development team's expertise. It's essential
to carefully plan and design the architecture to meet performance, security, and scalability
goals while ensuring a positive user experience.
Network security is the practice of protecting computer networks from unauthorized access,
attacks, disruption, or destruction. It involves implementing a combination of hardware,
software, policies, and procedures to safeguard the integrity, confidentiality, and availability
of network resources and data. Network security is essential in today's interconnected world
14
to prevent data breaches, cyberattacks, and other threats. Here are key components and
practices in network security:
Firewalls:
Firewalls act as a barrier between a trusted internal network and untrusted external networks,
such as the internet. They inspect and control incoming and outgoing network traffic based
on predefined security rules to allow or block data packets.
IDS monitors network traffic for suspicious activities or patterns that may indicate an
intrusion.
IPS goes a step further by actively blocking or mitigating threats when detected.
VPNs encrypt data transmitted between devices over public networks, ensuring secure and
private communication. They are commonly used for remote access and to protect data while
in transit.
Access control mechanisms, like role-based access control (RBAC), restrict network resource
access to authorized users only.
Network Segmentation:
Encryption:
Encrypting data in transit (using protocols like SSL/TLS) and data at rest (using encryption
algorithms) prevents unauthorized access to sensitive information.
15
Patch Management:
Keeping network devices, operating systems, and software up-to-date with security patches
and updates is crucial to address known vulnerabilities.
Establishing and enforcing security policies and procedures ensures that network security
practices are consistently followed. Policies cover areas like password management, data
classification, and incident response.
Continuously monitoring network traffic and maintaining logs of network activities help
detect anomalies, track security events, and investigate incidents.
Educating employees and network users about security best practices, social engineering
risks, and how to recognize phishing attempts is essential.
Utilizing security appliances like anti-virus, anti-malware, and content filtering systems can
provide additional layers of defense.
Implementing strategies and technologies to protect against DoS and DDoS attacks ensures
network availability during attack attempts.
Preparing and documenting an incident response plan helps organizations respond effectively
to security incidents and minimize their impact.
16
Security Audits and Penetration Testing:
Regularly conducting security audits and penetration testing helps identify vulnerabilities and
weaknesses in network defenses.
Many industries have specific regulations and compliance requirements related to network
security, such as the Payment Card Industry Data Security Standard (PCI DSS) or the Health
Insurance Portability and Accountability Act (HIPAA).
Network security is a continuous and evolving process as cyber threats constantly change and
adapt. It's crucial for organizations to stay vigilant, regularly assess their security posture, and
update their network security strategies to defend against emerging threats.
2.5 Cryptography
Encryption is the process of converting plaintext (original data) into ciphertext using an
encryption algorithm and a secret key. The resulting ciphertext should be unintelligible
without the corresponding decryption key.
Decryption is the reverse process of converting ciphertext back into plaintext using the
decryption key.
Key Management:
Keys are essential in cryptography. The security of encrypted data relies on the strength of
the encryption algorithm and the secrecy of the encryption keys.
17
Key management involves key generation, distribution, storage, and rotation to ensure the
security of encrypted communications and data.
Types of Cryptography:
Symmetric Key Cryptography: In symmetric cryptography, the same key is used for both
encryption and decryption. Popular symmetric algorithms include AES (Advanced
Encryption Standard) and DES (Data Encryption Standard).
Hash Functions:
Hash functions are cryptographic algorithms that transform data into a fixed-size hash value
or digest. These values are unique to the input data.
Hash functions are commonly used to verify data integrity and create digital signatures.
Digital Signatures:
Digital signatures provide a way to ensure the authenticity and integrity of digital messages
or documents. They involve using a private key to create a unique signature for a piece of
data, which can be verified by others using the corresponding public key.
PKI is a framework that manages digital keys and certificates, including public keys and
digital signatures, to secure communications and authenticate users or entities.
Cryptographic protocols like SSL/TLS (Secure Sockets Layer/Transport Layer Security) are
used to secure data transmission over networks, such as the internet. These protocols ensure
that data exchanged between parties remains confidential and tamper-proof.
Cryptanalysis:
18
Cryptanalysts use mathematical techniques, computing power, and knowledge of
cryptographic principles to attempt to decipher encrypted data without knowledge of the
encryption key.
Quantum Cryptography:
Application Areas:
Risk rating, in the context of risk management and assessment, is a method used to evaluate
and quantify the level of risk associated with a particular event, action, asset, or situation. It
assigns a numerical or qualitative value to risks to help organizations prioritize them, make
informed decisions, and allocate resources effectively. Risk rating typically involves
considering factors such as the likelihood of an event occurring and the potential impact or
consequences if it does.
Likelihood:
Likelihood assesses the probability or chance that a specific risk event will occur. It is often
expressed as a probability percentage (e.g., 10% chance of occurrence).
19
Factors affecting likelihood include historical data, current conditions, trends, and external
influences.
Impact:
Impact assesses the severity or consequences of a risk event if it were to occur. It considers
the potential harm or damage to assets, operations, reputation, and financial well-being.
Impact can be classified as low, medium, high, or assigned numerical values to quantify it.
Many organizations use a risk rating matrix or a risk assessment framework to combine
likelihood and impact assessments into an overall risk rating.
The matrix typically categorizes risks into different risk levels or risk zones (e.g., low,
moderate, high) based on the combined likelihood and impact ratings.
Risk Categories:
Risks can be categorized based on different criteria, such as operational risks, financial risks,
strategic risks, compliance risks, and cybersecurity risks.
Each category may have its own rating criteria and assessment process.
Risk rating can be qualitative or quantitative. Qualitative rating uses descriptive terms (e.g.,
low, medium, high) to assess risks, while quantitative rating assigns numerical values (e.g.,
on a scale of 1 to 5).
Quantitative risk rating often requires more data and analysis but provides a more precise
assessment.
Organizations must determine their risk tolerance, which is the level of risk they are willing
to accept or tolerate. Risks that exceed the acceptable risk tolerance may require mitigation or
risk transfer strategies.
20
Mitigation and Response:
Risk rating helps organizations prioritize risks and allocate resources to mitigate or manage
them effectively. Mitigation strategies may involve risk avoidance, risk reduction, risk
sharing, or risk acceptance.
Risk ratings should be periodically reviewed and updated to reflect changes in the risk
landscape, new information, or evolving conditions. Regular monitoring helps ensure that
risk assessments remain accurate and up to date.
Scenario Analysis:
Organizations may conduct scenario analysis to assess how different risk events could impact
their operations, finances, and strategic objectives.
Effective risk rating and assessment help organizations identify, prioritize, and respond to
risks that may affect their ability to achieve their goals. It forms a critical component of risk
management strategies and informs decision-making at all levels of an organization.
CHAPTER 3
21
Tools Used and your observation during Internship
Scanning
Enumeration
Reconnaissance
Nmap is an open-source network scanner that is used to recon/scan networks. It
is used to discover hosts, ports, and services along with their versions over a
network. It sends packets to the host and then analyzes the responses in order to
produce the desired results. It could even be used for host discovery, operating
system detection, or scanning for open ports. It is one of the most popular
reconnaissance tools.
22
To use nmap:
Ping the host with the ping command to get the IP address
ping hostname
Open the terminal and enter the following command there.
nmap -sV ipaddress
Replace the IP address with the IP address of the host you want to scan.
It will display all the captured details of the host.
2. ZenMAP
It is another useful tool for the scanning phase of Ethical Hacking in Kali Linux.
It uses the Graphical User Interface. It is a great tool for network discovery and
security auditing. It does the same functions as that of the Nmap tool or in other
words, it is the graphical Interface version of the Nmap tool. It uses command
line Interface. It is a free utility tool for network discovery and security auditing.
Tasks such as network inventory, managing service upgrade schedules, and
monitoring host or service uptime are considered really useful by systems and
network administrators.
. whois lookup
3. Whois lookup whois is a database record of all the
registered domains over the internet. It is used for many purposes, a few of them
are listed below.
It is used by Network Administrators in order to identify and fix DNS or
domain-related issues.
It is used to check the availability of domain names.
It is used to identify trademark infringement.
It could even be used to track down the registrants of the Fraud domain.
To use whois lookup, enter the following command in the terminal
whois geeksforgeeks.org
4. SPARTA
SPARTA is a python based Graphical User Interface tool which is used in the
scanning and enumeration phase of information gathering. It is a toolkit having
a collection of some useful tools for information gathering. It is used for many
purposes, a few of them are listed below.
It is used to export Nmap output to an XML file.
23
It is used to automate the process of Nikto tool to every HTTP service or any
other service.
It is used to save the scan of the hosts you have scanned earlier in order to save
time.
It is used to reuse the password which is already found and is not present in the
wordlist.
CHAPTER 4
Design (If applicable and available)
24
Visual Refresh - Updated wallpapers and GRUB theme
Shell Prompt Changes - Visual improvements to improve readability when copying code
Refreshed Browser Landing Page - Firefox and Chromium homepage has had a
makeover to help you access everything Kali you need
Kali Everything Image - An all-packages-in-one solution now available to download
Kali-Tweaks Meets SSH - Connect to old SSH servers using legacy SSH protocols and
ciphers
VMware i3 Improvements - Host-guest features properly work now on i3
25
Accessibility Features - Speech synthesis is back in the Kali installer
New Tools - Various new tools added, many from ProjectDiscovery!
26
CHAPTER 5
METHODOLOGY
1. Install Git
Installing Git will allow you to download the sample codes from the repository of any
git. Some might call this step cloning a repository; nevertheless, you’ll still need to use a
git command.
To install Git, you’ll have to write: “apt install git”, and this step will solve the
dependencies that need addressing in the OS. Check the image below for a better
understanding. Then all you need to do is visit a GitHub repository, select anyone from
the list, and you’re good to go.
27
It will oversee the installation of several scripts right from a similar terminal window.
Generally, users transfer to a terminal window that runs a hand by enabling them to
run different things on different taps.
Command to install Terminal Multiplexer is also simple. All you have to do is type:
"apt install tilix". After the completion of the installation, users will have to type
"Tillix".
28
CHAPTER 6
SAMPLE CODE
If code is available
To display present working directory
pwd
This command will display the current directory you are in.
29
2. To list the directories and files in the current directory.
ls
This command will display the list of files and directories in the current directory.
3. To change the current working directory
cd
This command will change the directory you are currently working on.
4. To find a word in a file.
grep keyword filename
This command will list all the lines containing the keyword in them.
5. To create a new directory
mkdir directory_name
30
This command will create a new directory in the current folder with the
name directory_name.
6. To remove a directory
rmdir directory_name
This command will remove the directory with the name directory_name from the
current directory.
7. To move a file
mv source destination
31
This command is used to move a file from one location to another.
8. To copy a file
cp source destination
This command will copy the file from the source to the destination.
9. To create a new file
touch filename
32
This command will create a new file with the name “filename”
CHAPTER 7
EXECUTION AND TESTING
DATABASE TOOLS
33
Step 1 − To open sqlmap, go to Applications → 04-Database Assessment →
sqlmap.
34
Step 2 − To start the sql injection testing, type “sqlmap – u URL of victim”
Step 3 − From the results, you will see that some variable are vulnerable.
35
36
CHAPTER 8
CONCLUSION
On analysing the reported vulnerabilities that have been identified during this testing
exercise, it appears that most of them might have kept in at different phases of the
deployment and software development cycle.
These findings underscore the need for vigorously applying a culture of security upon the
entire length and breadth of the SDLC model that is being applied for developing the
application. This would mean a continuous process of strengthening the threat model, risk
identification and mitigation processes at each stage of the application development
lifecycle.
While it is certain that fixing the vulnerabilities identified in this exercise would greatly
reduce the risk exposure of the application, it must be appreciated that the concept of total
security is complex. As complementary types of technical solutions are implemented at
various layers (network, physical etc) these need to be supplemented with strong and
verifiable policies, processes and procedures in order to achieve a strong defense in depth
capability.
As a tactical approach, all the external facing applications have to undergo a deep dive
penetration testing with the relevant remediation. On the strategic solution to Idea
Cellular, we would need to address all the internal and external devices and application
from the real malware and threats.
We suggest having a managed service model of running the scans on all the identified
devices and applications on a quarterly basis to rule out any existing threats.
37
CHAPTER 9
BIBLIOGRAPHY
https://nvd.nist.gov/vuln
https://www.cvedetails.com/
https://owasp.org/www-project-top-ten/
https://portswigger.net/web-security/all-labs
https://resources.infosecinstitute.com/topics/hacking/
https://thehackernews.com/
https://hackerone.com/bug-bounty-programs
https://xss-quiz.int21h.jp/
OWASP - https://www.owasp.org/index.php/The_Owasp_Code_Review_Top_9
WASC - http://projects.webappsec.org/f/WASC-TC-v2_0.pdf
MSDN- http://msdn.microsoft.com/en-us/library/ff649268.aspx
MSDN- http://msdn.microsoft.com/en-us/library/ff648637.aspx#c21618429_006
SANS - http://www.sans.org/top25-software-errors/
CERT:https://www.securecoding.cert.org/confluence/display/seccode/
Top+10+Secure+Coding+Practices
Best Practices: http://www.safecode.org/publications/SAFECode_BestPractices0208.pdf
38
39