| 1) <* mpprtance 4 ttemerts Af secuary ~_prata dan attack _Aypes of hacker attacks a tochyts tn evn ical hack ent yo Pres of Pen. eshing ~_Metmodotogiet f aise: een yethng +3 ~~ Proper + Ermeat disctosure <7 owase «top ten attack -[Page No, [baw YAPT. ep -2 Ampertante of Secanry : s AP we come around a digitol world wery process {Mvoives or (© under process ¢ being inveved with diginzakh. f Data is found everywhere Networks are being chhabtiehedl > - J As car dependence on sthe “Hechnelogy increases “mere te also a sHhrea” do dere “|__thas_our dependence +0 eqbereer- Cberspace 4a meet dokeep our data safe.+4 Secure Paka privacy netaork privacy network integrity ¢ 4 fanchoning thet Keeps our \Wwer_atveamlined need cyberses. to Fun Sear tess)% Gements of secunty « le want 40 protec eur computer sys. (vom any harm + > Secumby Researchers 4 arolysts hore Comeop with geome unique tonceps 40 Kewp system safe 4 Secure. => AP anyone of the conetrain felement 1s Compromic edt , Ir possess poteninal isk to sthe, System? fe available 4 and when® dnreqnty > technique to encure cthab ati the data we LE availabe te be accessed in real- hme Is legitimahe- Protected unde from untawhit user medificor + Mita_cheeksame doke compansons » tte. tne data inher ts _vonbed + ® Humenhaty —> “can be dehned ay process t eianeris X_conhrerning ste Wenbty af wey 1k tegihirase Buthinheal? =tekes place when vier ctnes XO aecets 5 Anydara oc informahonw 4) _conhiaenbaliry —>s sp conPidentanty -Termisning approved user &_gecetsing sensitwe Ate Secunty techniques A occets conwel_on ony daha + plon=vepudiahoh —o method oF accuronee hat “the meacage woes transmitted AmMeng the +00 |More wlors via Sigitel_Siqnoture or throug enevyphon Is occurare tentioning, outnenineiry of tmessane [doce . wnyty —> _used for any purpose tne data is Accessed 4 then tsed Joy user. Not entirery the type of element Por Security yuk \f any resource, ube, Snecomes Waque ten Wis tno Use- Cryptography i uied +0 Preserve she Perevency Hany Yeource wate Sens over’! “internet - bee t<__duthen heity of daha Cnet attered) ape ubtirg wont Prevas\ Accountotitty 7 een teat? 4 authenneat™ anneng the system, wier ond appliéshen thus ati there mest be noted down. + Peusability —y A User ray not reuse | mmanipetate the data thak isSeconty Attaotes Cured 4 emenpies) srneeat AS conbaenhality —y _sreeping “Waffic onoll{¥t5 « Ss teeping on eye 20 unaath acct 40 dares pacrels cent over neksorts. = _nreat_ 30 Integy —> nest modifeohon , (data raniprlar” > Mosquerecdiod 5 acrets dunng dir dienes ) paienng __Crevie of _pacrets dunng Repudiahen _{ vezecdng_ ine aurhenhelry meg Bee exailabuiry o> Denied ct Sree Coos) d mening ane server Duy by Coasting teat unwanted [False reqeers- Bccumry , Funchonaiiry

Achve A passive reconnaissance. | Scorexpentscheo——» 15 ~info—obrmrred— BINS _Obratryed- Sete ERORTTOR TTS Oe __ Reed _a_Mmethed to —detver—tiet a _ nen erat |s) Uleopomisrhe) > Tle _weaponice the _méo obtained uta Yeconn . “iat _mneans need to decide the stud _eytemn Ao break dor the target Syste ond also xplot the networl< . tore > “1p compromise the network , Py anpetened cunby $0 eh connected device _is exploited atracked . 5) _penwery —> at the point atracker yas his jorget , info on torgel A_ometned cheese to attack ‘the Jorgeh te gain conte) 4) _Exptewanen —> attacker make ‘the aktack breaching fhe slorget sustem Via Chooten delivery meted + Grosming enuch nar _info en hao trafhe Focos 5 connected gyeiem + user House ete exp fo treat - 9D sosyananen —> As otracter woants He connoue the access Over System, amacker exeotes A backdoor disabling ‘ine Presonus < ereanng she accounts toitn admin access + AInvs , Can inckoti oy mates ee decntop y te eae ®) _temmond 4 cenrrel > in “hk tet Aeols G+) __Achons_+_ objec —> Hine Final atege could _toveiv ea Stealing _, asrapt.og demanding Yonsome. A neve. ——S gute es Ane datos pics phar of havwng b %) Cats) Reconnaissance —+ gamer info —> conrcrs info about targer Custer [LBS Pas ewe reconnatanre. network of eng! using e#en Souree Li favaltabie info. about DNS + pomain heme, emails ere | _achve Peconnaissance —> Achve reconn + meaning, direct doers , routers Ca | H TT || 4) Scanning => attacker ate deters’ getneredt during ree | I eo \dennty vaingrabinncs sMore “indepth. a I ob data en ab uich® - TT | oqeal evento of achve recenn ] 2) tianing acces —> IP veinera bury 18 found , atracker exptornng that tne te aceets the system «2+ An cinauth: decete 10 _-tne_Sycte Gis Ayrecker can nocd, hair ayckems Fesources may _perPorn_tnany attacks \we (os, sessien hijacking A backers chonoes ef _geuningaccets -t0.Syesttn om based on mys StagsLAVA ae 2 Dywonianing Acs —Y _Onre tne accede te gained, altathers [et eonts_se stay inthe _aystenn fo fusPin_tne goat of attack. F ence the attacker ie inte_syctern, “they can use beth cycte and Wc resources “9 _exptoit others [ ney may instal _vemors viruses sto genin, cthe_accers bash i seed othe cys ters (egy “wojan herse _to_enter app) + : |___ “Though warncxu Systems now? Ube honey pols to rap hachews Aspecker voonts to desmoy AN Wis races evate atbockert @)_govenng packs fec rat | trojans ate genecaity used to achyines = once trojans are placed into system, attocterts iweny so gain ai accets of ‘me system = Type ct Hecker atraces > Frere ore anyway. 20 pat hooker con get inte Hy A_velnerabunes * Syme, explois a systems _oderntnets 2) saws mntralct 8. npeastssnotoo.de9 iOS a CoR Cte Oe froburee Zome ore more prone 10_vetineerabill hes for atpackes - loo For 05 vuinerabitines thet nl Arroctes constantly reo nem wp ger acces clo The sysrens fnalaualnem ‘preqram , install By defaws mock fre O-8+ feadng_otrac ters Por vdnevebttiirea - arerge no. S _epen ports cide sycteren >this necersony sto_qeh—poiche le —pretsel > _BufPer_overPiow vulnerabiniines OS vulnerabiitiet imeludePago No Dem, >) susconigurehon atpaoks —> + Misconfig: Vwnerabilines. a z eteoor _o¢_Fromecoort 2) Appiet) level attacks > = ue de hme conrranht , cine teering. ot ony s)ea_may be. undtecoverd sceumby holes. not dene property caving behind IL AS Increase in Comprexihy Means Mere novel _védn abil | sowing it Zag Bor emocte 42 ecco gan upenth acattd. ; IL Roadina te iseuct line —> Cr citer NC Pannaea I _seasion. nijatking BOS' SG. injection bts | 2 casey Hp Hpckng > explore me sinfo In afctelod if the code \mpiemenls A cookie lets ethereal” - | vata ee ame eae eran Be ameep laced Ey _akne® goten (ie atracker) thet eucceey mn t met tneute of verourcet Gb meet tem —____uther by _ftonding -theserver eit faite requeils . or vy ony. trafhe everFiecs_metned Shunk - wep Coded retoper often ute branes _ J retourees ip their code cto reduce the tne, +l rhe coe [iprory thet ie copied from conned here,__may-cen tain any _velnerabi\ity thet meaty proveke acecunty frre PAGO a | wooing —> Exploinng. System alnermbiliines AO gain unacty eceLs “quse__the systero and Its resources « Cao mod hy the systern_lappticahen feature to aemeve ‘these goat - ¢ Hacker —7 peson tohe breaks IMto the system wlo authenzaheo fo destroy, Steal @T__Manipatote clara crassa: —> Black nats Cemminais) tute hats (Pen tester) tray hats Cone’) Sucide hackers sempt fades ber aermast Cresigiva ) 4+ clate sponsored Cagenda) pactvct > _Hochyvies) ts omen hacker breaks into gout» or corporate computers at_an acto protesin « > Hechwets ute hacking to. wereate Qcnorenees oft _trert social 2! pou tical agendas = [eg by asobting Craking down) websited 0 _prove “thew agende. - > _commen Whachvist _fongeh snetdes govt» agencies _ mocd | - SC _piner eplity Anode ata css Gk threat io TA ES 3 _pnony mous | ig 0 wortd cate _Amout _bachwel qe ze ee = rat of a —___| lo a) =rl *Mer_tns_ts_dore , in order to ass tne srganisehon (by theme ie_order_jo_tah thar networhs for poscities Seounr4 hel UL O* veineradiies. + Wimte hats dee tne term refereet to them Cpen teiter) | U “hey help 24 ‘o -echancing Cyber sec « Done colin tne permission af neteoorin, System -f oeones audit Ye _ayatem for serait > _qenerany 9 person ron tras Wwe a cracker + mes + sto fina out Ol: nur four \¢ 40 evaluate the system secunty update admin Tegarding a) discovered valneralilined ak finan J procedures Cpatcnes’) to ix em. yw Tam done Ney eknicoh hac” ree Muineraleititea tn he _eyctens. ¥) arnwee 4 Etrengtnen systems. Secunty polyerer Network infrastructire ys )__ hep. sePequara Lusromers datos Jeh_o1 ee ot pon vec ave are vequrved | AS ent, Néhweoreing concept, adopr Yeuereiy) Ae taunch deh. atrocks coork ethics fedate ith jveal stds 3 : | foc 9 aa. aeee EEE Ec ||_Penetrabon tering Sheqes ¢ \_Secumty exeretse | done by cyber expert where sth mp t ty oe 4 emia ie Pind 4 exptort A ois Main pucpese lt fo_Idennly tweak epee Less hots vulnerabiyp res) Anat atracter Could dake adv. ot + + pecPormed by Netneal_ hackers! Pen tating stages Corner ta phates ct atracte) a) Ponning 4 peconnarscance. eine the renson (goats & acope ) -of test Inctuding System $0 be odaressed +t deshing methede to be wed « + colvect ino abet tne syctem: Pe 20s penetrahe rn: ¥)_Scanning > + Beep de of rererreh or info collection - Ae understand ‘thy Aarget Syptern —ndeptn 9) raining access “Based 00 ipformahen , wget reany ‘backdoors open parts 1 Luncover _ -terget's vutnerabyhhea Satening the vulnerabsiiited 4 gaining wnqutn acces “i system + » pean aaa eceys.\ A detailed yepory 18 trade hated_o6 pen “leshing -——entnening the velnerabintien stmt cere exploited $=} Sinsinve dota nab was aecessed amt: #tme 1 __bin bt. “Me infos _enetysed _jo_help_ configure orgs sthear cccumby 4 goteh_Vuinerabilities ~w8ad_10_ systern | Penreahos Metredetogies 5 2) Smesnat_ testing 5 | ae Gere Loitry acces 4o an oppiicahor tehind 4 4 Simmleret_an ottack by a moaliciout inciden eS, Seberpiocbeite Ae_goin 4 extract vaiuanie dare.s! Page No. Daley ——— JL ae é © angeted secting ay oi | —> Botner! oh _Secumy, _fetsonne> ora een Ao_keep i |____techetner updated Re sthehr_ movement. ——————_—_—_— __Provaing aeeurnty erm tatty a reed =Hene Peed bonis e trom hacker Pov + | Bune in Pentetnog i ad ailcl \A)_gustem outag e one 2 Pani demn cthe_tedter ts to expiort ‘tn nq_Pen 4. geidg, ee Votnexabilihes In tre _systeon tout tuhile ding se, they $$ might _breax_ {nto some tng Important by aseidene —, leading to _aystem. quteges « + _Roshnas 3 net done_on purpose but due to inerpenence of in attentvenets , setter Moy misuse tools ‘Ther moy lead +40_aystem _Outaget- + Unexpected cavrcumeronces May aeme occur due fe ans Unfocreen teatens lime Mmiscenhgurahln eke ») femelacency during Pen seshog > + 0rq eau Past do teeny _an_otracis on _eysterm conile- conduchng Pen teunng Cfasing fo recognise _2n actual otrack dunng pentesting) © Ae solve me, ‘tnere Shed he proper comrcinteatlon beth tester 4 securrty offre: te check 00 ees) come St +|___+ Ovg must _ponke _emptoyer atvendy suare —— Se _ieiseoortsiy twit cPtrcient © sc ia naa lace 25+ LO) Seuse Meqanyes ee | + vurnerobitter , thot are net found by Pea te! || + sinus _ong's defence against cy be emit do pen Sezhng bub cise sequiar ease $f eeea tei sine at setters ot ee ©) Enetnyeal backers > Sinem nt pt L = face, that tne, _pan— Jester Je not heneg!= hos _unetpreel menvel teas: Jowards system [dato + Maybe an hachvier_, or doing for toeney (tonnes) ss push nol * Proper 4 EtMicol _Orselpoure ek Te qemos —eonete on efnical hacker , veporis ong seciaty rove or lssue. ~leahng Jo tne organisa! + Mois perp: of trys te to_inforen tne orp A tre customer - ebouh ‘ne potentiat wek , thus furtner achons con be taken. = tq oted fe _inform Ane org + cbout the wulnerabiliry i =the info: teqarding this ts ro be shared in_conRdenhal_manney__—= @ | aenecary we have 8 Wypea of diseionives i 2) Private disctesuxe _—* _Weforts_1s provided to. -2°9 = prnvolely — | depends on org. whether te disclose about Issue _or nef + = Wssua 1s that _ somehmes 079 do nor pay attention jo thy. rooty lend clo deter gayeh! a _ |——__pabiicotny, wole_the fix been arrempted Peuning pressure org. nto Bx the sou eee —tolth mony risks 2) _Responetore_disctocure _ —> cchet_dieciosea Vutnerability, Publicalty | ber onty offer tne org bat 0 Fix 40_sthe Yulnerabililsy Based _on a stds tre frome tne _velner bility 1s diseeseal . wash (orn web-apphicahh secunty Project > => a sen - preGt oq Pocuced on sec: icy ot sho. Tiney inctude ae Veviour too) Hits _, loca! chapters 4 conferences « * mate op 10 <> ve a sr of top Jo imoeh Gerinne se Seaman wisk Cpa | REE Broce Conn | es ey oop eee rete bow Same —hocon—eb —phe——“tt BY CORRS teearness—eremerctrens 2) || 44) sronen Access Convo Caac) - PP _quth. 4 access _yeghnehons are nor _Proper'y _tmplemented ths cosy Por atrocker to gehic tol BACfiaws unquth user may have access - —>__Sccebe control polierey ,vesmer weer te their Intended dots perenistions -Tron) | fe a Ad) Boyecheo _uben applrcohon. accepts untrusted data | ___ stray tnetude SPL inject” 08 commands Inj ee > atrocier may \ip_cede thu getting wt dB’ | His 1s acornmon val i _potenhaliy Cevantuatiy) gining system access =) || aa ____—_——_—_—4 || ean be vevented via _femediahon -lechniques —- — Au) Insecure _Detiqn T <> vernecownynes vretvexet due de too of secumty implemenianed at Hime of development - 2 > _sg_ tens thor, ro proper _secunry model was Used | aeniging app g | nd _seconry_rmiecontrg, => secunty contrets (6g: accets) moy be misconPigured! ec Uf insecsict, —puinog the system ond reducing msconP: mek org: Shetld Youtnnety harden 8 t d deployed apps ft _infrostructmt_« Cong | | | data of risk | | =» ceuialing mayor dab “ten contre : 1 | | lhc) Muineraie 4 outdated Components ! | | > 8 aege nos of s_pory brenet_are utd novo 4 > Arec \ibsonad ore patched, bat tohat modest to our app, Needs *o be _congrlerec ond patched component posed _Vulnerabihiiy 16 geen eohen an ‘componentAa) SaermPer® 4 autnenheat? Farwueres =. ldcatitying 4 aute fundamental Secunty prechee => Way of \dennfying, users 1S _embteauy Uuinerabte > _aePours togin_cveds Cry progra phy Pas ae. As) selheoore 4 data integrity Fatlurer —2__“levls_used 1p __batlaing ,_manging 4 depleying si _are_cominon vectors of attacks => _uemg ewineey data [Lappe cao _venficanen of tere denny Fans ander “tov cote oe As) secunty legging 4 sronitering Farhuces => _no dicech vulnerability Con Anse due to Mic, bet legging 4 Monitoring are quite enhcal__4 thay absence er Patuees con diwectiy _\mpach Misibility eisoras ape + + > _hoving a Puncnenct logging +t moniter a) As _essenhal “E210 | _botn breaching _hapeBunty limiting “the damage + _4_kneseing ___ the scope of “breach Ave) Sewer Side Request Forgery (SSRF) > __nevs_many ussb-appi _cernmenty feten edartora( detest: __ Contents er data Grom _yernote_Tesource + ~> 40 atrocker can infiuence the deshinahen secre f app: does