Professional Documents
Culture Documents
Charan Report
Charan Report
T POLYTECHNIC 2023-24
CHAPTER-1
COMPANY PROFILE
Embedded Systems.
BSP Development
Device Drivers
Industrial Automation
Wireless
Firmware
Application Software
KNOWX founded by a group of tech savvy professionals with a multifaceted hardware and
software background, with a vision to offer the Silicon world refreshing and cost effective
Silicon, System Design and embedded software services.
At KNOWX life is all about delivering the highest quality to customers. Reduced costs,
quicker time-to-market, huge value-adds and enhanced productivity are our way of life. The
very cornerstone of our success has been our unerring path to ensuring that QA processes and
pg. 1
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
Our expertise:
Knowx Innovations provides complete solutions in embedded systems and system level
programming. Our team has a breadth of experience in design and development for
embedded systems that spans many CPU architectures, chipsets and peripherals across a
variety of platforms. We generate custom software including device drivers, firmware and
board support packages. By leveraging our experience and mature
processes. Our areas of expertise include Networking and Communication software, PDA
software, Digital Signal Processing, Security Applications and Real-Time Embedded
Systems. We have
pg. 2
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
Embedded Systems
ZigBee protocol
802.11/a/b/g Development
Bluetooth
XDSL / Broadband communications
Ethernet / Gigabit Ethernet
Cellular Communications
Satellite Communications
GPS software
Military radio and communication systems
Development Platforms
Hardware Platforms
X86
pg. 3
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
ARM/Strong ARM
XScale
Geode
MIPS / MIPS II
Power PC
TI, Analog Devices and Motorola DSPs
16 Bit Micro Controllers
Bus Interfaces
Operating Systems
PDA Application
Security Applications
OUR SERVICES
Direct Staffing
Contract Staffing
Out Sourcing
Corporate Training
pg. 5
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
Contract Staffing Services provides skilled resources to clients to meet their requirements
for defined periods and to over the lengthy selection
Deputation.
Corporate Training.
KNOWX is a BRIDGE between the IT/Electronic Industry and the Student community.
We have a broad range of course offerings to equip you and your organization with the right
skills, at precisely the right time at right cost.
Mission
"To help our customers in achieving their time-to-market objective by being their dependable
technology partners and delivering our commitments on time and every time with quality."
Vision
Knowx solutions will become the market leader in embedded system development, fir ware
& manpower outsourcing focusing on specific application areas in Communications,
Automotive and Consumer electronics."
pg. 6
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
CHAPTER-2
ON-THE-JOB TRAINING 1
pg. 7
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
CHAPTER-3
ON-THE-JOB TRAINING 2
pg. 9
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
CHAPTER-4
There are numerous use cases for web page creation, ranging from personal websites
to business-oriented applications. Here are some common scenarios where web page
creation is essential:
Personal Websites or Blogs: Many individuals create personal websites or blogs to
share their thoughts, experiences, or portfolios with others. These websites serve as a
platform for self-expression, showcasing creative work, or documenting personal
journeys.
E-commerce Platforms: Online businesses require web pages to showcase their
products or services, provide information about pricing and features, and enable
online transactions. E-commerce platforms typically include product listings,
shopping carts, secure payment gateways, and order management systems.
Corporate Websites: Companies of all sizes utilize web pages to establish an online
presence, provide information about their products or services, showcase their brand,
and offer contact details for potential customers or clients. Corporate websites often
include sections like About Us, Services, Team, and Contact.
News and Media Portals: Web pages play a crucial role in the dissemination of news
and media content. News organizations create web pages to publish articles, videos,
and multimedia content, allowing readers to access the latest news and stay informed.
Educational Platforms: Educational institutions, e-learning platforms, and online
courses rely heavily on web pages to deliver educational content to students. Web
pages are used for course materials, lecture notes, assignments, interactive quizzes,
and discussion forums.
Social Networking Sites: Social networking sites are built on web pages that facilitate
user interactions, such as sharing posts, connecting with friends, messaging, and
forming communities. These platforms often include user profiles, news feeds,
notification systems, and privacy settings.
Government Websites: Government agencies and departments create web pages to
provide information and services to citizens. These websites may offer resources,
pg. 10
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
forms, and online services related to taxes, permits, registrations, voting, public
safety, and more.
Non-Profit Organizations: Non-profit organizations use web pages to promote their
mission, raise awareness about social issues, and collect donations. These pages often
provide information about the organization's activities, volunteer opportunities, and
ways for supporters to contribute.
Landing Pages: Web pages designed specifically as landing pages aim to capture user
attention and encourage them to take a specific action, such as subscribing to a
newsletter, downloading an e-book, or signing up for a service. These pages are
typically focused and optimized for conversions.
pg. 11
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
Use Case 2: While privilege escalation attacks are typically carried out by malicious
actors seeking unauthorized access or control over systems, it's important to note that
discussing specific use cases for such attacks can potentially encourage unethical
behavior or compromise system security. However, it is essential to understand the
potential consequences of privilege escalation attacks to ensure appropriate security
measures are in place. Here are a few hypothetical examples:
Data Theft: An attacker gains elevated privileges on a compromised system and
accesses sensitive data that is restricted to higher-level users. This could include
personally identifiable information (PII), financial records, or intellectual property.
System Manipulation: By escalating privileges, an attacker can modify critical system
configurations, install malicious software, or manipulate user accounts. They may
disrupt system operations, compromise system integrity, or create a persistent
backdoor for future access.
Network Lateral Movement: After gaining initial access to a low-privileged user
account, an attacker performs a privilege escalation attack to obtain higher privileges.
With elevated access, they can move laterally across the network, compromising
additional systems and expanding their control.
Exploiting Software Vulnerabilities: Attackers may exploit vulnerabilities in
applications or operating systems to escalate privileges. For example, a flaw in an
application's code could allow the attacker to execute arbitrary commands with
elevated privileges, enabling them to take control of the system.
Privilege Escalation in Cloud Environments: In cloud computing environments,
attackers may target misconfigurations or vulnerabilities in cloud management
interfaces or APIs to escalate privileges. This could lead to unauthorized access to
cloud resources, compromising data stored in the cloud or affecting other cloud
customers.
pg. 12
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
CHAPTER-5
The primary purpose of DVWA is to simulate real-world security vulnerabilities and challenges that
developers and security professionals may encounter. By exploring and interacting with DVWA,
users can gain practical experience in identifying, exploiting, and mitigating vulnerabilities,
ultimately enhancing their understanding of web application security.
The application offers different security levels, ranging from low to high, allowing users to gradually
increase the difficulty as they progress in their knowledge and skills. This flexibility enables users to
customize their learning experience and focus on specific vulnerability types or attack scenarios.
• Practical Application of Concepts: DVWA allows users to apply theoretical concepts of web
application security in a real-world setting. It bridges the gap between theory and practice by
providing a vulnerable web application that users can interact with, enabling them to see the
direct impact of security vulnerabilities and understand the consequences of insecure coding
practices.
• Awareness and Understanding: DVWA raises awareness about the importance of web application
security and the potential risks associated with vulnerabilities. By providing a platform where users
can directly experience the impact of different attacks, DVWA highlights the need for proactive
security measures and promotes a security-focused mindset among developers, security
professionals, and enthusiasts.
• Testing and Evaluation: DVWA serves as a testing ground for security professionals and developers
to assess the security posture of their web applications. By simulating vulnerabilities and attack
pg. 13
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
scenarios, DVWA enables users to test their knowledge, evaluate their application's resilience
against common attacks, and identify potential weaknesses that need to be addressed.
• Secure Coding Practices: DVWA emphasizes the importance of secure coding practices and serves
as a learning platform to understand how vulnerabilities can be introduced and mitigated through
proper coding techniques. By examining the vulnerabilities in DVWA, users gain insights into
secure coding practices, such as input validation, output encoding, and proper user authentication.
• Penetration Testing Training: DVWA is often used as a training tool for individuals pursuing careers
in penetration testing or ethical hacking. It offers a simulated environment where users can practice
their skills in identifying and exploiting vulnerabilities, conducting security assessments, and
providing recommendations for securing web applications.
• SQL Injection Attacks: The report explores SQL injection attacks in detail, including various types of
SQL injection vulnerabilities, their impact, and real-world examples within the DVWA environment. It
also discusses mitigation techniques to prevent SQL injection attacks.
• File Upload Vulnerabilities: The report examines file upload vulnerabilities, discussing the risks
associated with this functionality, exploitation methods, and realworld examples within DVWA. It
includes best practices for secure file uploads.
• Cross-Site Scripting (XSS) Attacks: The report provides an understanding of XSS attacks, different
types of XSS vulnerabilities, common issues found in DVWA, and demonstrations of XSS exploitation
within the DVWA environment. It also covers prevention and mitigation techniques for XSS attacks.
• Cross-Site Request Forgery (CSRF) Attacks: The report discusses CSRF attacks, their implications,
and exploitation within DVWA. It emphasizes the importance of preventing CSRF attacks and
provides mitigation techniques.
2. To explain and illustrate the different types of attacks that can be performed on DVWA,
specifically focusing on SQL injection, file upload, cross-site scripting (XSS), command execution,
and cross-site request forgery (CSRF) attacks.
pg. 14
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
3. To explore the vulnerabilities associated with each attack type, including their potential risks,
impact, and consequences.
4. To showcase real-world examples and demonstrations of these attacks within the DVWA
environment, helping readers grasp the practical aspects of the vulnerabilities and their exploitation.
5. To discuss and recommend effective mitigation techniques and best practices for preventing and
mitigating the identified vulnerabilities.
6. To emphasize the importance of secure web application development and raise awareness
about the need for proactive measures to enhance web application security.
7. To equip readers with the knowledge and understanding necessary to identify, assess, and
address these common attack vectors in web applications, with a focus on the DVWA platform.
The DVWA architecture is simple and straightforward. It consists of a web server, a database server,
and the DVWA application itself. The web server is responsible for serving the DVWA application to
users. The database server stores the DVWA application's data. The DVWA application is responsible
for processing user requests and generating responses.
• Web server: The web server is responsible for serving the DVWA application to users. The most
common web servers used with DVWA are Apache and Nginx.
pg. 15
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
• Database server: The database server stores the data for the DVWA application. The most
common database servers used with DVWA are MySQL and MariaDB.
• DVWA application: The DVWA application is the vulnerable web application that is used to
learn about web application security and to practice penetration testing skills.
pg. 16
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
pg. 17
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
By entering ifconfig
pg. 18
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
pg. 19
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
pg. 20
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
pg. 21
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
pg. 22
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
pg. 23
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
pg. 24
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
pg. 25
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
5.10 upload
Click on upload
Then create one file in documents and save
pg. 26
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
pg. 27
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
pg. 28
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
pg. 29
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
pg. 30
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
pg. 31
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
STUDENT PROFILE
CHARAN C
charan280705@gmail.com | (+91)8050930656
SKILLS
Computer Basics
Python,Database Managment
AI Whisperers
EDUCATION
❖ Computer Science & Engineering | K.V.T POLYTECHNIC
EXPERIENCE
❖ Internship | KNOWX Innovations (p) ltd
Cyber security
ACADEMIC PROJECTS
Packet Sniffing
Clickjacking
HOBBIES
Fitness/Exercise
technophile
Calisthenics
AI Ethics and Bias Analysis
pg. 32
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
PHOTO GALLERY
KNOWX Innovations pvt ltd
pg. 33
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
pg. 34
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
APPENDICES
REFERENCES
References provide valuable insights, analysis, and guidance for understanding and addressing
clickjacking vulnerabilities in web applications. They serve as foundational resources for cybersecurity
professionals, researchers, and enthusiasts looking to enhance their knowledge and defenses against
this prevalent threat. By leveraging the information and recommendations presented in these
references, individuals and organizations can better protect their web assets and mitigate the risks
associated with clickjacking attacks.Armed with the information and recommendations provided in
these resources, individuals and organizations can bolster their defenses against clickjacking threats,
fortify their web security posture, and safeguard their digital assets from exploitation.With ongoing
vigilance, proactive measures, and a commitment to staying informed about emerging trends,
stakeholders can stay one step ahead of cyber adversaries and uphold the integrity and
trustworthiness of their online platforms.
pg. 36
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
pg. 37
CS&ENGG
332-K.V.T POLYTECHNIC 2023-24
CONCLUSION
In conclusion, clickjacking remains a persistent and evolving threat in the realm of web
security. As evidenced by the research, analyses, and recommendations provided in the
referenced resources, clickjacking attacks continue to pose significant risks to web
applications and their users. However, armed with knowledge of the techniques used by
attackers and the countermeasures available for defense, cybersecurity professionals and
stakeholders are empowered to mitigate these risks effectively.
However, the battle against clickjacking cannot be waged solely on the technical front.
Regulatory frameworks, such as the GDPR and CCPA, underscore the importance of
data privacy and security, imposing legal obligations on organizations to safeguard user
information from unauthorized access and exploitation, including clickjacking attacks.
****************
pg. 38
CS&ENGG