Cybersecurity Resources and Analysis
VerifiedAdded on 2020/03/04
|16
|2081
|46
AI Summary
The assignment presents a comprehensive list of books, articles, and websites dedicated to the field of cybersecurity. The listed resources encompass diverse aspects of cybersecurity, including hacking techniques, penetration testing methodologies, .NET framework security, SQL injection prevention, firewalls, and VoIP eavesdropping. The provided sources offer insights into both theoretical and practical aspects of cybersecurity.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
qwertyuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiopasdfgh
jklzxcvbnmqwertyuiopasdfghjklzxcvb
nmqwertyuiopasdfghjklzxcvbnmqwer
tyuiopasdfghjklzxcvbnmqwertyuiopas
dfghjklzxcvbnmqwertyuiopasdfghjklzx
cvbnmqwertyuiopasdfghjklzxcvbnmq
wertyuiopasdfghjklzxcvbnmqwertyuio
pasdfghjklzxcvbnmqwertyuiopasdfghj
klzxcvbnmqwertyuiopasdfghjklzxcvbn
mqwertyuiopasdfghjklzxcvbnmqwerty
uiopasdfghjklzxcvbnmqwertyuiopasdf
ghjklzxcvbnmqwertyuiopasdfghjklzxc
vbnmqwertyuiopasdfghjklzxcvbnmrty
uiopasdfghjklzxcvbnmqwertyuiopasdf
ghjklzxcvbnmqwertyuiopasdfghjklzxc
vbnmqwertyuiopasdfghjklzxcvbnmqw
System
Security
opasdfghjklzxcvbnmqwertyuiopasdfgh
jklzxcvbnmqwertyuiopasdfghjklzxcvb
nmqwertyuiopasdfghjklzxcvbnmqwer
tyuiopasdfghjklzxcvbnmqwertyuiopas
dfghjklzxcvbnmqwertyuiopasdfghjklzx
cvbnmqwertyuiopasdfghjklzxcvbnmq
wertyuiopasdfghjklzxcvbnmqwertyuio
pasdfghjklzxcvbnmqwertyuiopasdfghj
klzxcvbnmqwertyuiopasdfghjklzxcvbn
mqwertyuiopasdfghjklzxcvbnmqwerty
uiopasdfghjklzxcvbnmqwertyuiopasdf
ghjklzxcvbnmqwertyuiopasdfghjklzxc
vbnmqwertyuiopasdfghjklzxcvbnmrty
uiopasdfghjklzxcvbnmqwertyuiopasdf
ghjklzxcvbnmqwertyuiopasdfghjklzxc
vbnmqwertyuiopasdfghjklzxcvbnmqw
System
Security
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of Contents
Introduction.........................................................................................................................................3
PART A...................................................................................................................................................3
1. Installation procedures for Web goat.........................................................................................3
2. Web Goat Challenge....................................................................................................................4
3. Possible Attack Methods.............................................................................................................6
4. Attack Method Used....................................................................................................................7
PART B................................................................................................................................................7
5. Backtracksteps to Hack Facebook Account (Kali Linux).........................................................7
6. Accomplishment of Attack........................................................................................................13
7. Evaluating the Collected Data..................................................................................................14
8. Preventions.................................................................................................................................14
9. Conclusion..................................................................................................................................14
References..........................................................................................................................................15
Introduction.........................................................................................................................................3
PART A...................................................................................................................................................3
1. Installation procedures for Web goat.........................................................................................3
2. Web Goat Challenge....................................................................................................................4
3. Possible Attack Methods.............................................................................................................6
4. Attack Method Used....................................................................................................................7
PART B................................................................................................................................................7
5. Backtracksteps to Hack Facebook Account (Kali Linux).........................................................7
6. Accomplishment of Attack........................................................................................................13
7. Evaluating the Collected Data..................................................................................................14
8. Preventions.................................................................................................................................14
9. Conclusion..................................................................................................................................14
References..........................................................................................................................................15
Introduction
System security is one of the active concepts now a days .To hack and test the system
security a interesting software called web goat is used. The project deals with the installation
procedures of the web goat software , the challenges faced by the web goat software and the
possible attack methods.
PART A
1. Installation procedures for Web goat
The project deals with the system security. To hope up with the system security the
software tool called the web goat is used. The web goat software requires an operating system
like windows to work with. It also requires the java development kit. The java software is
downloaded from
http://www.oracle.com/technetwork/java/javase/downloads/index.html.webgoat also needs
Apache Tomcat Server. The web goat is downloaded using the link
https://github.com/WebGoat/WebGoat/releases.After the successful installation of web goat,
it is accessed by the url http://localhost:8000/WebGoat.Webgoat is used for hacking the
website. Web goat faces 3 challenges to hack the website.
System security is one of the active concepts now a days .To hack and test the system
security a interesting software called web goat is used. The project deals with the installation
procedures of the web goat software , the challenges faced by the web goat software and the
possible attack methods.
PART A
1. Installation procedures for Web goat
The project deals with the system security. To hope up with the system security the
software tool called the web goat is used. The web goat software requires an operating system
like windows to work with. It also requires the java development kit. The java software is
downloaded from
http://www.oracle.com/technetwork/java/javase/downloads/index.html.webgoat also needs
Apache Tomcat Server. The web goat is downloaded using the link
https://github.com/WebGoat/WebGoat/releases.After the successful installation of web goat,
it is accessed by the url http://localhost:8000/WebGoat.Webgoat is used for hacking the
website. Web goat faces 3 challenges to hack the website.
2. Web Goat Challenge
Challenge 1- Breaking the authentication
The first is to break the authentication. The challenge starts with the window which
appears like a login window. Both username and password is tracked by viewing the java
code which is mentioned as private. The username is youaretheweakestlink and the password
is goodbye. Both of these things are tracked by SQL Injection. Setting the cookie with altered
name can also help us retrieving the password.
Challenge 1- Breaking the authentication
The first is to break the authentication. The challenge starts with the window which
appears like a login window. Both username and password is tracked by viewing the java
code which is mentioned as private. The username is youaretheweakestlink and the password
is goodbye. Both of these things are tracked by SQL Injection. Setting the cookie with altered
name can also help us retrieving the password.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Challenge 2-Credit card theft
The challenge 2 starts with the payment screen. The challenge 2 mainly deals with
modifying the base64 cookie. By clicking the buy now button, the present link can go and
access other websites and get the details of the card and use it for paying to some other online
business forums. Mostly decoder is used to modify the value in the cookie. And here the
challenge 2 gets completed.
The challenge 2 starts with the payment screen. The challenge 2 mainly deals with
modifying the base64 cookie. By clicking the buy now button, the present link can go and
access other websites and get the details of the card and use it for paying to some other online
business forums. Mostly decoder is used to modify the value in the cookie. And here the
challenge 2 gets completed.
Challenge 3-Defacing the website
Defacing the website is the final stage of hacking the website and this stage lists out
the currently active websites. This stage displays the two similar frames of a website one is
original and the other is the copy. The copied one is otherwise called the defaced one. To
carry out this we are in need to use the chrome's commands from "tcp" to "&&cd" which
works in accordance with the unix password. This command lists locations and the addresses
of all active websites.
3. Possible Attack Methods
Modifying the fixed parameters
session stealing
by using fake urls
sql injection
The important thing for the attack is to code the authentication and to enable the user to make
the authentication. Sending fake urls can act as the best method to cheat the original user. The
authentication page can be bypassed. The bypassing is done by coding auth=0 or auth=1.
Defacing the website is the final stage of hacking the website and this stage lists out
the currently active websites. This stage displays the two similar frames of a website one is
original and the other is the copy. The copied one is otherwise called the defaced one. To
carry out this we are in need to use the chrome's commands from "tcp" to "&&cd" which
works in accordance with the unix password. This command lists locations and the addresses
of all active websites.
3. Possible Attack Methods
Modifying the fixed parameters
session stealing
by using fake urls
sql injection
The important thing for the attack is to code the authentication and to enable the user to make
the authentication. Sending fake urls can act as the best method to cheat the original user. The
authentication page can be bypassed. The bypassing is done by coding auth=0 or auth=1.
4. Attack Method Used
The attack method used here is the SQL injection technique. SQL injection technique
is used to inject codes and attack data. There are many methods used for the SQL injection.
Some of the methods are
Blind SQL injection
Incorrect type handling
Second order SQL injection.
PART B
5. Back tracksteps to Hack Face book Account (Kali Linux)
The Kali Linux plays a major role in hacking the social networks. The following are
the steps involved to hack the Face book account(Kali.org, 2016):
Initially, install the Kali Linux software once the installation completes open up the terminal
screen which is displayed on the screen.
Step 1:Ensure to enter the below mentioned command in the Linus terminal.
root@kali~# setoolkit
The attack method used here is the SQL injection technique. SQL injection technique
is used to inject codes and attack data. There are many methods used for the SQL injection.
Some of the methods are
Blind SQL injection
Incorrect type handling
Second order SQL injection.
PART B
5. Back tracksteps to Hack Face book Account (Kali Linux)
The Kali Linux plays a major role in hacking the social networks. The following are
the steps involved to hack the Face book account(Kali.org, 2016):
Initially, install the Kali Linux software once the installation completes open up the terminal
screen which is displayed on the screen.
Step 1:Ensure to enter the below mentioned command in the Linus terminal.
root@kali~# setoolkit
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Next, type “y”, to accept all the terms and conditions.
Step 2: Next, select any one of the following options from the menu bar, as follows:
1) Social Engineering Attacks
2) Website Attack Vectors
3) Credential Harvester Attack
Step 2: Next, select any one of the following options from the menu bar, as follows:
1) Social Engineering Attacks
2) Website Attack Vectors
3) Credential Harvester Attack
Step 3: Further, on the terminal screen type 2 to select Web Attack Vectors. Next, type 3 to
select Credential Harvester Attack. Finally, type1 to selectSocial Engineering Attack.
Step 4: The Site clone’s menu can be displayed on the terminal by typing 2.
select Credential Harvester Attack. Finally, type1 to selectSocial Engineering Attack.
Step 4: The Site clone’s menu can be displayed on the terminal by typing 2.
Step 5: Enter the IP address.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Step 6: Provide“www.fb.com” in the clone.
Step 7: Then, all the files must be moved to VAR. Next, the WWW folder must be moved to
the html folder.
Step 7: Then, all the files must be moved to VAR. Next, the WWW folder must be moved to
the html folder.
Step 8:Check tinyurl.com, then enter the IP address. Next, select the button to createtinyurl.
Step 9: Thus, it creates tinyurl, which is shared with the victim through SMS or email.
Step 9: Thus, it creates tinyurl, which is shared with the victim through SMS or email.
Step 10: If the hacker wishes to hack, the user name and the password will be entered. Then
the user information will be sent to the hacker in the hacker’s VAR – WWW folder, in his
system.
6. Accomplishment of Attack
The attack is ensured with the newly created Facebook and Gmail account, which
contain appropriate user name and password. The attack was commenced by uploading
interesting news articles and images to the attacker’s Facebook account. The point to be
noted is that the uploaded interesting news articles and images are not actually interesting.
Further, the same information was shared with the targeted Facebook account, which
continued for two consecutive days. An email was sent commonly to all the friends, which
highlighted that, “Only the people who have Facebook account can view the interesting news
articles and images.” This email fooled nearly 10% people. These 10% people were eager to
see the email which specified “Interesting news articles and images”, and they tried to access
with their user details like the Face book account’s username and the password. The accessed
information of the Face book account automatically got stored into the server’s /var/www
folder. This is how the victims willing share their account details.
the user information will be sent to the hacker in the hacker’s VAR – WWW folder, in his
system.
6. Accomplishment of Attack
The attack is ensured with the newly created Facebook and Gmail account, which
contain appropriate user name and password. The attack was commenced by uploading
interesting news articles and images to the attacker’s Facebook account. The point to be
noted is that the uploaded interesting news articles and images are not actually interesting.
Further, the same information was shared with the targeted Facebook account, which
continued for two consecutive days. An email was sent commonly to all the friends, which
highlighted that, “Only the people who have Facebook account can view the interesting news
articles and images.” This email fooled nearly 10% people. These 10% people were eager to
see the email which specified “Interesting news articles and images”, and they tried to access
with their user details like the Face book account’s username and the password. The accessed
information of the Face book account automatically got stored into the server’s /var/www
folder. This is how the victims willing share their account details.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7. Evaluating the Collected Data
The email attack is used for collecting the Facebook account’s user name and
password. The collected details are checked and in most of the cases the user name and
password matches with the database of Facebook. When the victims of such attacks are
evaluated, nearly 10% denotes using the email details. Thus, the data validation for such
victims is 100%. There are also other victims who have more than one user accounts, which
is difficult to verify with facebook.com. Because, these account details can be for different
sites where the user has created his/her account.
8. Preventions
For saving the Face book user’s account, the below listed preventions must be
ensured:
1) Take care not to share the Facebook account details.
2) Use strong password.
3) Make a point to frequently change the password, for security.
4) While saving the password of the Facebook account, confirm the settings of
the user’s mobile number.
5) Ensure to check the URL of the Facebook link, before entering Face book
account’s details.
6) Avoid providing the Facebook access details like the username and password,
in the mid stage of browsing the Facebook page.
7) Don’t respond to the deceptive emails.
8) Avoid accessing spam links.
9) Take steps to log out after browsing Facebook.
9. Conclusion
The installation procedures for the web goat , the challenges faced by the web goat to
track the details and fake code authentication methods are explained.
The email attack is used for collecting the Facebook account’s user name and
password. The collected details are checked and in most of the cases the user name and
password matches with the database of Facebook. When the victims of such attacks are
evaluated, nearly 10% denotes using the email details. Thus, the data validation for such
victims is 100%. There are also other victims who have more than one user accounts, which
is difficult to verify with facebook.com. Because, these account details can be for different
sites where the user has created his/her account.
8. Preventions
For saving the Face book user’s account, the below listed preventions must be
ensured:
1) Take care not to share the Facebook account details.
2) Use strong password.
3) Make a point to frequently change the password, for security.
4) While saving the password of the Facebook account, confirm the settings of
the user’s mobile number.
5) Ensure to check the URL of the Facebook link, before entering Face book
account’s details.
6) Avoid providing the Facebook access details like the username and password,
in the mid stage of browsing the Facebook page.
7) Don’t respond to the deceptive emails.
8) Avoid accessing spam links.
9) Take steps to log out after browsing Facebook.
9. Conclusion
The installation procedures for the web goat , the challenges faced by the web goat to
track the details and fake code authentication methods are explained.
References
Broad, J. and Bindner, A. (2014). Hacking with Kali. Amsterdam: Syngress.
Brown, K. (2005). The .NET developer's guide to Windows security. Boston, Mass:
Addison-Wesley.
Burleson, D., Celko, J., Cook, J. and Gulutzan, P. (2003). Advanced SQL Database
Programmer Handbook. [S.l.]: Rampant Tech Press.
Cache, J., Liu, V. and Wright, J. (2010). Hacking exposed wireless. New York: McGraw-
Hill.
Calvert, P. (2009). Central American Security System. Cambridge, GBR: Cambridge
University Press.
Cherry, D. (2015). Securing SQL server. Waltham, MA: Syngress.
Chirillo, J. (n.d.). Hack Attacks Revealed.
Dalziel, M. (2014). How to attack and defend your website. Amsterdam: Elsevier.
Egendorf, L. (2003). The legal system. San Diego: Greenhaven Press.
Elleithy, K. and Sobh, T. (2013). Innovations and advances in computer, information,
systems sciences, and engineering. New York, NY: Springer.
Engebretson, P. (2011). The basics of hacking and penetration testing. Waltham, Mass.:
Elsevier.
Fishbein, M. (n.d.). Growth hacking with content marketing.
Freeman, A. and Jones, A. (2009). Programming .NET Security. Sebastopol: O'Reilly
Media, Inc.
Gunkel, D. (2001). Hacking cyberspace. Boulder, Colo.: Westview Press.
Halde, J. (2014). Basics of SQL injection Analysis, Detection and Prevention.
Saarbrücken: LAP LAMBERT Academic Publishing.
Himma, K. (2007). Internet security. Sudbury, Mass.: Jones and Bartlett Publishers.
Holguín, J. (2017). Afinando nuestro IDS con Rule2alert - Security Art Work. [online]
Security Art Work. Available at: http://www.securityartwork.es/2010/10/25/afinando-
nuestro-ids-con-rule2alert/ [Accessed 6 Sep. 2017].
Hoobler, D. and Hoobler, T. (1982). The social security system. New York: Franklin
Watts.
Kleiman, D. (2007). The Official CHFI Study Guide (Exam 312-49). Burlington: Elsevier.
LaMacchia, B. (2002). NET framework security. Boston: Addison-Wesley.
Broad, J. and Bindner, A. (2014). Hacking with Kali. Amsterdam: Syngress.
Brown, K. (2005). The .NET developer's guide to Windows security. Boston, Mass:
Addison-Wesley.
Burleson, D., Celko, J., Cook, J. and Gulutzan, P. (2003). Advanced SQL Database
Programmer Handbook. [S.l.]: Rampant Tech Press.
Cache, J., Liu, V. and Wright, J. (2010). Hacking exposed wireless. New York: McGraw-
Hill.
Calvert, P. (2009). Central American Security System. Cambridge, GBR: Cambridge
University Press.
Cherry, D. (2015). Securing SQL server. Waltham, MA: Syngress.
Chirillo, J. (n.d.). Hack Attacks Revealed.
Dalziel, M. (2014). How to attack and defend your website. Amsterdam: Elsevier.
Egendorf, L. (2003). The legal system. San Diego: Greenhaven Press.
Elleithy, K. and Sobh, T. (2013). Innovations and advances in computer, information,
systems sciences, and engineering. New York, NY: Springer.
Engebretson, P. (2011). The basics of hacking and penetration testing. Waltham, Mass.:
Elsevier.
Fishbein, M. (n.d.). Growth hacking with content marketing.
Freeman, A. and Jones, A. (2009). Programming .NET Security. Sebastopol: O'Reilly
Media, Inc.
Gunkel, D. (2001). Hacking cyberspace. Boulder, Colo.: Westview Press.
Halde, J. (2014). Basics of SQL injection Analysis, Detection and Prevention.
Saarbrücken: LAP LAMBERT Academic Publishing.
Himma, K. (2007). Internet security. Sudbury, Mass.: Jones and Bartlett Publishers.
Holguín, J. (2017). Afinando nuestro IDS con Rule2alert - Security Art Work. [online]
Security Art Work. Available at: http://www.securityartwork.es/2010/10/25/afinando-
nuestro-ids-con-rule2alert/ [Accessed 6 Sep. 2017].
Hoobler, D. and Hoobler, T. (1982). The social security system. New York: Franklin
Watts.
Kleiman, D. (2007). The Official CHFI Study Guide (Exam 312-49). Burlington: Elsevier.
LaMacchia, B. (2002). NET framework security. Boston: Addison-Wesley.
Long, J., Gardner, B. and Brown, J. (n.d.). Google hacking for penetration testers.
Marshall, D. (2003). NET security programming. Indianapolis, Ind.: Wiley Pub.
Nystrom, M. (2007). SQL injection defenses. Sebastopol, Calif.: O'Reilly.
Rash, M. (2007). Linux firewalls. San Francisco: No Starch Press.
Robinson, E. and Bond, M. (2011). Security for Microsoft® Visual Basic® .NET.
Sebastopol: Microsoft Press.
Scambray, J. (2008). Hacking exposed Windows. New York: McGraw-Hill.
Simic, B. (2012). Eliminating SQL injection and cross-site scripting with aspect oriented
programming.
The OECD DAC handbook on security system reform. (2008). Paris: OECD.
Thorsteinson, P. and Ganesh, G. (2004). NET security and cryptography. Upper Saddle
River (N.J.): Prentice Hall PTR.
Villalón, J. (2017). Eavesdropping en VoIP - Security Art Work. [online] Security Art
Work. Available at: http://www.securityartwork.es/2008/03/14/eavesdropping-en-voip/
[Accessed 6 Sep. 2017].
Windowsecurity.com. (2017). Understanding Man-In-The-Middle Attacks - Part2: DNS
Spoofing - TechGenix. [online] Available at:
http://www.windowsecurity.com/articles/Understanding-Man-in-the-Middle-Attacks-
ARP-Part2.html [Accessed 6 Sep. 2017].
Marshall, D. (2003). NET security programming. Indianapolis, Ind.: Wiley Pub.
Nystrom, M. (2007). SQL injection defenses. Sebastopol, Calif.: O'Reilly.
Rash, M. (2007). Linux firewalls. San Francisco: No Starch Press.
Robinson, E. and Bond, M. (2011). Security for Microsoft® Visual Basic® .NET.
Sebastopol: Microsoft Press.
Scambray, J. (2008). Hacking exposed Windows. New York: McGraw-Hill.
Simic, B. (2012). Eliminating SQL injection and cross-site scripting with aspect oriented
programming.
The OECD DAC handbook on security system reform. (2008). Paris: OECD.
Thorsteinson, P. and Ganesh, G. (2004). NET security and cryptography. Upper Saddle
River (N.J.): Prentice Hall PTR.
Villalón, J. (2017). Eavesdropping en VoIP - Security Art Work. [online] Security Art
Work. Available at: http://www.securityartwork.es/2008/03/14/eavesdropping-en-voip/
[Accessed 6 Sep. 2017].
Windowsecurity.com. (2017). Understanding Man-In-The-Middle Attacks - Part2: DNS
Spoofing - TechGenix. [online] Available at:
http://www.windowsecurity.com/articles/Understanding-Man-in-the-Middle-Attacks-
ARP-Part2.html [Accessed 6 Sep. 2017].
1 out of 16
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.