Professional Documents
Culture Documents
Introduction To Securityf
Introduction To Securityf
Introduction To Securityf
ISD/NS/SOC
By Abdulaziz
NOV 2018
Introduction
Is the protection of information and systems and hardware that use, store,
and transmit that information.
Is the protection of Organizational valuable information assets from
attack .
Used to ensure the confidentiality, integrity, and availability of data or
resources.
Confidentiality, integrity, and availability, often known as CIA, Triad are
the building blocks of information or Objective of Security
THE CIA TRIAD
Confidentiality:
Prevent the disclosure and access of information from unauthorized
people, resources, and processes
Keeping the secrets secret
Integrity
The protection of information from improper modification or
destruction.
Integrity affected or compromised by any addition or subtraction of
data during transit
Availability
Ensuring timely and reliable access and use of Information or System
by authorized users when needed.
Various attacks on Confidentiality, Integrity and Availability
Countermeasure
Is control for reducing or eliminating vulnerabilities
An administrative, technical and physical mitigation against potential
risk(s).
Exploits
Threat
Leads to
Vulnerability
Indirectly affects
Risk
Reduces/
Eliminates
Asset
Can damage
Exposure
And causes an
Counter
measure
Can be countered by a
Database vulnerabilities
A lack of segregation
The separation of administrator and user powers, as well as the segregation
of duties, can make it more difficult for fraud undertaken by internal staff.
limiting the power of user accounts may give a hacker a harder time in
taking complete control of a database.
SQL injections
SQL injection is a code injection technique that might destroy database.
In which an attacker attempts to use SQL command or Query to access or
corrupt database content.
The best ways to protect against these threats are to protect web-facing
databases with firewalls and to test input variables for SQL injection
during development.
Database security
SQL INJECTIONS
SQL injection is one of the most prevalent types of web application
security vulnerabilities.
In which an attacker attempts to use SQL command or Query to access or
corrupt database content.
If successful, this allows the attacker to create, read, update, alter, or delete
data stored in the back-end database.
CROSS SITE SCRIPTING (XSS)
XSS allows attackers to execute JavaScript in the victim's browser which
can hijack user sessions, deface websites, or redirect the user to
malicious sites.
Validating input
Use escaping syntax
Cont’d
SECURITY MISCONFIGURATION
Gives hackers to access private data or features and can result in a
complete system compromise.
Unnecessary features are enabled or installed (e.g. unnecessary ports, services, pages,
accounts, or privileges).
Remove or do not install unused features and frameworks.
A secure configuration must be defined and deployed for the application,
frameworks, application server, web server, database server, and platform.
CROSS-SITE REQUEST FORGERY (CSRF)
Is a malicious attack where a user is tricked into performing an action he
or she didn't intend(plan) to do.
A third-party website will send a request to a web application that a user is
already authenticated against.
Targets web applications like social media, in browser email clients,
online banking, and web interfaces for network devices.
Website protection
Qradar
WAF (web Application firewall)
CERT
App scan
Cont’d
QRadar
IBM® Security QRadar® SIEM is a network security management
platform that provides situational awareness and compliance support.
It performs immediate normalization and correlation activities on raw data
to distinguish real threats from false positives.
It has three layers
Data collection layer
-Event and flow where collected from network.
Data processing layer
-where event data and flow data are run through the Custom Rules Engine
(CRE), which generates offenses and alerts.
Data searches layer
- Data that is collected and processed by QRadar is available to users for
searches, analysis, reporting, and alerts or offense investigation.
Cont’d
Appscan
An integrated application security management dashboard
Monitor and protect deployed applications
Identify and fix vulnerabilities
Reduce risk exposure by identifying vulnerabilities early in the software
development lifecycle.
Maximize remediation efforts
Classify and prioritize application assets based on business impact and
identify high-risk areas.
Decrease probability of attacks
Test applications prior to deployment and for ongoing risk assessment in
production environments.
Cont’d
WAF
Web application firewall (WAF) is a firewall that monitors, filters or
blocks data packets as they travel to and from a web application.
Provide authentication and authorization services with or without cookie
encryption
Cross-site scripting (XSS) protection
Session timeout management
CERT
Computer Emergency Response Team (CERT) are expert groups that
handle computer security incidents. Alternative names for such groups
include computer emergency readiness team and computer security incident
response team (CSIRT). In many organizations the CERT team evolves into
a information security operations center (SOC)
THANK YOU!!!