SlideShare una empresa de Scribd logo

Websecurity fundamentals for beginners

Samvel Gevorgyan
Samvel Gevorgyan

Websecurity fundamentals for beginners.

Educación
1 de 18
WEB SECURITY FUNDAMENTALS COPYRIGHT 2019 © CYBER GATES SAMVEL GEVORGYAN CEO, CYBER GATES Ph.D. in Information systems and cybersecurity
CYBERSECURITY COMPONENTS WWW.CYBERGATES.ORG • Confidentiality: Keep secret from those not authorized. • Integrity: Prevent unauthorized tampering. • Availability: Ensure authorized parties can access the data. CIA model • Identification: Who I claim to be (e.g. username, digital cert). • Authentication: How I prove it (password, signature). • Authorization: What is that person allowed to do e.g. role- based security. IAA model
CYBERSECURITY ELEMENTS WWW.CYBERGATES.ORG • People • Process • Technology Resources • Policies and procedures • Roles and responsibilities • Risk management Governance
STATISTIC DATA WWW.CYBERGATES.ORG “Over 3 million suspicious login attempts and other types of intrusions targeting to information systems and official websites belonging to the Government of the Republic of Armenia has been prevented in 2018” The National Security Service of the Republic of Armenia Over 4 thousand hacked websites. Mass cyber attacks:  January 2011 (379)  July 2012 (364)  February 2013 (275)  February 2014 (359)  April 2015 (129)  December 2016 (188) Hacked websites
MASS ATTACKS WWW.CYBERGATES.ORG • Websites that use same CMS (WordPress, Joomla, etc.) • Websites built by same developer(s) • Websites that use same technology, library or certain component • Websites hosted by same Hosting Provider • Websites of agencies/companies working in the same industry Top 5 categories
TARGETED ATTACKS WWW.CYBERGATES.ORG • Small outdated websites that are easy to hack • The government agencies • News and media websites • Hosting and Internet Service Providers (ISP) • Universities and financial institutions Top 5 categories
INCIDENT AND VULNERABILITY FACTS WWW.CYBERGATES.ORG The average number of serious vulnerabilities per website is 56 Serious vulnerabilities are resolved in an average of 193 days from first notification 43% of cyber attacks target small businesses 30% of SMEs lack an incident response plan 68% of funds lost as a result of a cyber attack where declared unrecoverable 60% of small businesses close their doors within 6 months after a serious cyber attack.
REAL WORLD EXAMPLES WWW.CYBERGATES.ORG “The revelation of the 3 billion accounts hack could have implications for the $4.8 billion sale of Yahoo to Verizon.” “Microsoft Corp. closed its roughly $26 billion deal to buy professional-networking site LinkedIn after a few weeks of an incident when a hacker put up 167 million LinkedIn passwords for sale.”
COMMON BUSINESS THREATS WWW.CYBERGATES.ORG
EXAMPLE OF A THREAT WWW.CYBERGATES.ORG DOES YOUR WEBSITE HOST MALWARES? IS IT SECRETLY MINING BITCOIN? Check it yourself: www.websecurity.pro
TOP VULNERABILITIES WWW.CYBERGATES.ORG • Injection • Broken Authentication • Sensitive data exposure • XML External Entities (XXE) • Broken Access control • Security misconfigurations • Cross Site Scripting (XSS) • Insecure Deserialization • Using Components with known vulnerabilities • Insufficient logging and monitoring OWASP TOP 10 Source: https://www.owasp.org/index.php/Top_10-2017_Top_10
EXAMPLE OF AN SQL INJECTION ATTACK WWW.CYBERGATES.ORG Example URL http://site.com/product.php?id=1348+AND+1=2+union+select+1,2,user(),database(),5,version(),7+-- Example Output
TYPES OF SQL INJECTION ATTACK WWW.CYBERGATES.ORG In this type of SQL Injection vulnerability attacker sends a custom SQL query and gets the output in the screen. Normal This type of injection is identical to normal SQL Injection except that the SQL query returns positive or negative response. Blind http://site.com/product.php?id=1348+AND+1=2+union+select+1,2,user(),database(),5,version(),7+-- http://site.com/view.php?page=10+and+substring(@@version,1,1)=5+--
TESTING AN SQL INJECTION ATTACK WWW.CYBERGATES.ORG • SQLmap Tools A vulnerable website Target • http://webscantest.com/datastore/search_get_by_id.php?id=4 • http://webscantest.com/rest/demo/index.php/products/ http://sqlmap.org Sample report: http://webscantest.com/report/
PLAN A: FIXING THE PROBLEM WWW.CYBERGATES.ORG • Support • E-mail notifications about an incident • Online support (SIP calls) • Computer Emergency Response Team (CERT) • Investigation (Digital Forensics) • Consultancy Reactive approaches
PLAN B: AVOIDING THE PROBLEM WWW.CYBERGATES.ORG • Assessment • Network/Host Vulnerability Assessment • Penetration Testing • Source Code Auditing • Real-time Protection (NIDS/HIDS, WAF) • Training and awareness • Cybersecurity news and analysis • Public seminars and workshops • Corporate trainings • University programs Proactive approaches
EVALUATE RISK IN YOUR BUSINESS WWW.CYBERGATES.ORG EVALUATE YOUR BUSINESS RISKS www.websecurity.pro
CONTACT US WWW.CYBERGATES.ORG

Recomendados

What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?Samvel Gevorgyan
 
Information Security Management System in the Banking Sector
Information Security Management System in the Banking SectorInformation Security Management System in the Banking Sector
Information Security Management System in the Banking SectorSamvel Gevorgyan
 
Content Management System Security
Content Management System SecurityContent Management System Security
Content Management System SecuritySamvel Gevorgyan
 
Can you predict who will win the US election?
Can you predict who will win the US election?Can you predict who will win the US election?
Can you predict who will win the US election?Samvel Gevorgyan
 
2017 Cybersecurity Predictions
2017 Cybersecurity Predictions2017 Cybersecurity Predictions
2017 Cybersecurity PredictionsPaloAltoNetworks
 
Protecting Against Web Threats
Protecting Against Web ThreatsProtecting Against Web Threats
Protecting Against Web ThreatsKim Jensen
 
Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Carol Montgomery Adams
 
How to get deeper administration insights into your tenant
How to get deeper administration insights into your tenantHow to get deeper administration insights into your tenant
How to get deeper administration insights into your tenantRobert Crane
 

Recomendados

What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?Samvel Gevorgyan
 
Information Security Management System in the Banking Sector
Information Security Management System in the Banking SectorInformation Security Management System in the Banking Sector
Information Security Management System in the Banking SectorSamvel Gevorgyan
 
Content Management System Security
Content Management System SecurityContent Management System Security
Content Management System SecuritySamvel Gevorgyan
 
Can you predict who will win the US election?
Can you predict who will win the US election?Can you predict who will win the US election?
Can you predict who will win the US election?Samvel Gevorgyan
 
2017 Cybersecurity Predictions
2017 Cybersecurity Predictions2017 Cybersecurity Predictions
2017 Cybersecurity PredictionsPaloAltoNetworks
 
Protecting Against Web Threats
Protecting Against Web ThreatsProtecting Against Web Threats
Protecting Against Web ThreatsKim Jensen
 
Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Carol Montgomery Adams
 
How to get deeper administration insights into your tenant
How to get deeper administration insights into your tenantHow to get deeper administration insights into your tenant
How to get deeper administration insights into your tenantRobert Crane
 
The Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersThe Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersUnited Security Providers AG
 
Cyber attacks in 2021
Cyber attacks in 2021Cyber attacks in 2021
Cyber attacks in 2021redteamacademypromo
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloudUlf Mattsson
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber securityCarol Meng-Shih Wang
 
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017SurfWatch Labs
 
The Top Three 2021 Cyber Threats
The Top Three 2021 Cyber ThreatsThe Top Three 2021 Cyber Threats
The Top Three 2021 Cyber ThreatsSai Huda
 
Cyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial SectorCyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial SectorFarook Al-Jibouri
 
Cisco Content Security
Cisco Content SecurityCisco Content Security
Cisco Content SecurityCisco Canada
 
Cloud computing's notorious nine-
Cloud computing's notorious nine-Cloud computing's notorious nine-
Cloud computing's notorious nine-Nikki Alexander
 
Cyber Security Demistyified
Cyber Security DemistyifiedCyber Security Demistyified
Cyber Security DemistyifiedMicrosoft UK
 
Cyber security certification course
Cyber security certification courseCyber security certification course
Cyber security certification courseNishaPaunikar1
 
Web 2.0/Social Networks and Security
Web 2.0/Social Networks and SecurityWeb 2.0/Social Networks and Security
Web 2.0/Social Networks and Securitysherrymoon7121
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Edureka!
 
Centrify rethink security brochure
Centrify rethink security brochureCentrify rethink security brochure
Centrify rethink security brochureMark Gibson
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityJamshidRaqi
 
Norton Cyber Security Insights Report 2017
Norton Cyber Security Insights Report 2017Norton Cyber Security Insights Report 2017
Norton Cyber Security Insights Report 2017CheapSSLsecurity
 
IT Live 2018 - Farook Al-Jibouri: Stop The Breach
IT Live 2018 - Farook Al-Jibouri: Stop The BreachIT Live 2018 - Farook Al-Jibouri: Stop The Breach
IT Live 2018 - Farook Al-Jibouri: Stop The BreachFarook Al-Jibouri
 
NormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security RaviPrashant5
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
Securing the Skies: Navigating Cloud Security Challenges and Beyond
Securing the Skies: Navigating Cloud Security Challenges and BeyondSecuring the Skies: Navigating Cloud Security Challenges and Beyond
Securing the Skies: Navigating Cloud Security Challenges and BeyondPraveen Nair
 
Countering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorCountering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorEMC
 

Más contenido relacionado

La actualidad más candente

The Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersThe Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersUnited Security Providers AG
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloudUlf Mattsson
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber securityCarol Meng-Shih Wang
 
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017SurfWatch Labs
 
The Top Three 2021 Cyber Threats
The Top Three 2021 Cyber ThreatsThe Top Three 2021 Cyber Threats
The Top Three 2021 Cyber ThreatsSai Huda
 
Cyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial SectorCyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial SectorFarook Al-Jibouri
 
Cisco Content Security
Cisco Content SecurityCisco Content Security
Cisco Content SecurityCisco Canada
 
Cloud computing's notorious nine-
Cloud computing's notorious nine-Cloud computing's notorious nine-
Cloud computing's notorious nine-Nikki Alexander
 
Cyber Security Demistyified
Cyber Security DemistyifiedCyber Security Demistyified
Cyber Security DemistyifiedMicrosoft UK
 
Cyber security certification course
Cyber security certification courseCyber security certification course
Cyber security certification courseNishaPaunikar1
 
Web 2.0/Social Networks and Security
Web 2.0/Social Networks and SecurityWeb 2.0/Social Networks and Security
Web 2.0/Social Networks and Securitysherrymoon7121
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Edureka!
 
Centrify rethink security brochure
Centrify rethink security brochureCentrify rethink security brochure
Centrify rethink security brochureMark Gibson
 
Norton Cyber Security Insights Report 2017
Norton Cyber Security Insights Report 2017Norton Cyber Security Insights Report 2017
Norton Cyber Security Insights Report 2017CheapSSLsecurity
 
IT Live 2018 - Farook Al-Jibouri: Stop The Breach
IT Live 2018 - Farook Al-Jibouri: Stop The BreachIT Live 2018 - Farook Al-Jibouri: Stop The Breach
IT Live 2018 - Farook Al-Jibouri: Stop The BreachFarook Al-Jibouri
 
NormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security RaviPrashant5
 

La actualidad más candente (19)

The Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersThe Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security Providers
 
Cyber attacks in 2021
Cyber attacks in 2021Cyber attacks in 2021
Cyber attacks in 2021
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloud
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber security
 
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
 
The Top Three 2021 Cyber Threats
The Top Three 2021 Cyber ThreatsThe Top Three 2021 Cyber Threats
The Top Three 2021 Cyber Threats
 
Cyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial SectorCyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial Sector
 
Cisco Content Security
Cisco Content SecurityCisco Content Security
Cisco Content Security
 
Cloud computing's notorious nine-
Cloud computing's notorious nine-Cloud computing's notorious nine-
Cloud computing's notorious nine-
 
Cyber Security Demistyified
Cyber Security DemistyifiedCyber Security Demistyified
Cyber Security Demistyified
 
Cyber security certification course
Cyber security certification courseCyber security certification course
Cyber security certification course
 
Web 2.0/Social Networks and Security
Web 2.0/Social Networks and SecurityWeb 2.0/Social Networks and Security
Web 2.0/Social Networks and Security
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
 
Centrify rethink security brochure
Centrify rethink security brochureCentrify rethink security brochure
Centrify rethink security brochure
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Norton Cyber Security Insights Report 2017
Norton Cyber Security Insights Report 2017Norton Cyber Security Insights Report 2017
Norton Cyber Security Insights Report 2017
 
IT Live 2018 - Farook Al-Jibouri: Stop The Breach
IT Live 2018 - Farook Al-Jibouri: Stop The BreachIT Live 2018 - Farook Al-Jibouri: Stop The Breach
IT Live 2018 - Farook Al-Jibouri: Stop The Breach
 
NormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk Brief
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security
 

Similar a Websecurity fundamentals for beginners

Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
Securing the Skies: Navigating Cloud Security Challenges and Beyond
Securing the Skies: Navigating Cloud Security Challenges and BeyondSecuring the Skies: Navigating Cloud Security Challenges and Beyond
Securing the Skies: Navigating Cloud Security Challenges and BeyondPraveen Nair
 
Countering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorCountering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorEMC
 
Developing A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramDeveloping A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramBGA Cyber Security
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersJaime Manteiga
 
Application Security-Understanding The Horizon
Application Security-Understanding The HorizonApplication Security-Understanding The Horizon
Application Security-Understanding The HorizonLalit Kale
 
News Byte Session By Mukesh Pathak
News Byte Session By Mukesh PathakNews Byte Session By Mukesh Pathak
News Byte Session By Mukesh PathakMukesh Pathak
 
INSECURE Magazine - 33
INSECURE Magazine - 33INSECURE Magazine - 33
INSECURE Magazine - 33Felipe Prado
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019PECB
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns CrowdStrike
 
Cybersecurity for Marketing
Cybersecurity for Marketing Cybersecurity for Marketing
Cybersecurity for Marketing Alert Logic
 
State of Internet 1H 2008
State of Internet 1H 2008State of Internet 1H 2008
State of Internet 1H 2008Kim Jensen
 
Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threatsZscaler
 
Distil Network Sponsor Presentation at the Property Portal Watch Conference -...
Distil Network Sponsor Presentation at the Property Portal Watch Conference -...Distil Network Sponsor Presentation at the Property Portal Watch Conference -...
Distil Network Sponsor Presentation at the Property Portal Watch Conference -...Property Portal Watch
 

Similar a Websecurity fundamentals for beginners (20)

Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 
Securing the Skies: Navigating Cloud Security Challenges and Beyond
Securing the Skies: Navigating Cloud Security Challenges and BeyondSecuring the Skies: Navigating Cloud Security Challenges and Beyond
Securing the Skies: Navigating Cloud Security Challenges and Beyond
 
Countering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorCountering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website Behavior
 
Developing A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramDeveloping A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response Program
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For Hackers
 
Application Security-Understanding The Horizon
Application Security-Understanding The HorizonApplication Security-Understanding The Horizon
Application Security-Understanding The Horizon
 
News Byte Session By Mukesh Pathak
News Byte Session By Mukesh PathakNews Byte Session By Mukesh Pathak
News Byte Session By Mukesh Pathak
 
INSECURE Magazine - 33
INSECURE Magazine - 33INSECURE Magazine - 33
INSECURE Magazine - 33
 
Panama-Paper-Leak
Panama-Paper-LeakPanama-Paper-Leak
Panama-Paper-Leak
 
Panama Papers Leak and Precautions Law firms should take
Panama Papers Leak and Precautions Law firms should takePanama Papers Leak and Precautions Law firms should take
Panama Papers Leak and Precautions Law firms should take
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019
 
ICT Security is Everyone's Business
ICT Security is Everyone's BusinessICT Security is Everyone's Business
ICT Security is Everyone's Business
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
 
Cybersecurity for Marketing
Cybersecurity for Marketing Cybersecurity for Marketing
Cybersecurity for Marketing
 
Seminar
SeminarSeminar
Seminar
 
State of Internet 1H 2008
State of Internet 1H 2008State of Internet 1H 2008
State of Internet 1H 2008
 
Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threats
 
Cybercriminals Are Lurking
Cybercriminals Are LurkingCybercriminals Are Lurking
Cybercriminals Are Lurking
 
Distil Network Sponsor Presentation at the Property Portal Watch Conference -...
Distil Network Sponsor Presentation at the Property Portal Watch Conference -...Distil Network Sponsor Presentation at the Property Portal Watch Conference -...
Distil Network Sponsor Presentation at the Property Portal Watch Conference -...
 
Newbytes NullHyd
Newbytes NullHydNewbytes NullHyd
Newbytes NullHyd
 

Más de Samvel Gevorgyan

Five Ways to Improve Yandex.Taxi Service
Five Ways to Improve Yandex.Taxi ServiceFive Ways to Improve Yandex.Taxi Service
Five Ways to Improve Yandex.Taxi ServiceSamvel Gevorgyan
 
Բախումներ Լեռնային Ղարաբաղում. Քառօրյա պատերազմը կիբեռ տարածքում
Բախումներ Լեռնային Ղարաբաղում. Քառօրյա պատերազմը կիբեռ տարածքումԲախումներ Լեռնային Ղարաբաղում. Քառօրյա պատերազմը կիբեռ տարածքում
Բախումներ Լեռնային Ղարաբաղում. Քառօրյա պատերազմը կիբեռ տարածքումSamvel Gevorgyan
 
Nagorno-karabakh clashes - four-day war in cyberspace
Nagorno-karabakh clashes - four-day war in cyberspaceNagorno-karabakh clashes - four-day war in cyberspace
Nagorno-karabakh clashes - four-day war in cyberspaceSamvel Gevorgyan
 
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011Samvel Gevorgyan
 
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011Samvel Gevorgyan
 
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANBEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANSamvel Gevorgyan
 

Más de Samvel Gevorgyan (7)

Five Ways to Improve Yandex.Taxi Service
Five Ways to Improve Yandex.Taxi ServiceFive Ways to Improve Yandex.Taxi Service
Five Ways to Improve Yandex.Taxi Service
 
Բախումներ Լեռնային Ղարաբաղում. Քառօրյա պատերազմը կիբեռ տարածքում
Բախումներ Լեռնային Ղարաբաղում. Քառօրյա պատերազմը կիբեռ տարածքումԲախումներ Լեռնային Ղարաբաղում. Քառօրյա պատերազմը կիբեռ տարածքում
Բախումներ Լեռնային Ղարաբաղում. Քառօրյա պատերազմը կիբեռ տարածքում
 
Nagorno-karabakh clashes - four-day war in cyberspace
Nagorno-karabakh clashes - four-day war in cyberspaceNagorno-karabakh clashes - four-day war in cyberspace
Nagorno-karabakh clashes - four-day war in cyberspace
 
MAPY
MAPYMAPY
MAPY
 
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
 
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
 
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANBEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
 

Último

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseAnaAcapella
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structuredhanjurrannsibayan2
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxDr. Sarita Anand
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSCeline George
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxAmanpreet Kaur
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024Elizabeth Walsh
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...pradhanghanshyam7136
 

Último (20)

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 

Websecurity fundamentals for beginners

  • 1. WEB SECURITY FUNDAMENTALS COPYRIGHT 2019 © CYBER GATES SAMVEL GEVORGYAN CEO, CYBER GATES Ph.D. in Information systems and cybersecurity
  • 2. CYBERSECURITY COMPONENTS WWW.CYBERGATES.ORG • Confidentiality: Keep secret from those not authorized. • Integrity: Prevent unauthorized tampering. • Availability: Ensure authorized parties can access the data. CIA model • Identification: Who I claim to be (e.g. username, digital cert). • Authentication: How I prove it (password, signature). • Authorization: What is that person allowed to do e.g. role- based security. IAA model
  • 3. CYBERSECURITY ELEMENTS WWW.CYBERGATES.ORG • People • Process • Technology Resources • Policies and procedures • Roles and responsibilities • Risk management Governance
  • 4. STATISTIC DATA WWW.CYBERGATES.ORG “Over 3 million suspicious login attempts and other types of intrusions targeting to information systems and official websites belonging to the Government of the Republic of Armenia has been prevented in 2018” The National Security Service of the Republic of Armenia Over 4 thousand hacked websites. Mass cyber attacks:  January 2011 (379)  July 2012 (364)  February 2013 (275)  February 2014 (359)  April 2015 (129)  December 2016 (188) Hacked websites
  • 5. MASS ATTACKS WWW.CYBERGATES.ORG • Websites that use same CMS (WordPress, Joomla, etc.) • Websites built by same developer(s) • Websites that use same technology, library or certain component • Websites hosted by same Hosting Provider • Websites of agencies/companies working in the same industry Top 5 categories
  • 6. TARGETED ATTACKS WWW.CYBERGATES.ORG • Small outdated websites that are easy to hack • The government agencies • News and media websites • Hosting and Internet Service Providers (ISP) • Universities and financial institutions Top 5 categories
  • 7. INCIDENT AND VULNERABILITY FACTS WWW.CYBERGATES.ORG The average number of serious vulnerabilities per website is 56 Serious vulnerabilities are resolved in an average of 193 days from first notification 43% of cyber attacks target small businesses 30% of SMEs lack an incident response plan 68% of funds lost as a result of a cyber attack where declared unrecoverable 60% of small businesses close their doors within 6 months after a serious cyber attack.
  • 8. REAL WORLD EXAMPLES WWW.CYBERGATES.ORG “The revelation of the 3 billion accounts hack could have implications for the $4.8 billion sale of Yahoo to Verizon.” “Microsoft Corp. closed its roughly $26 billion deal to buy professional-networking site LinkedIn after a few weeks of an incident when a hacker put up 167 million LinkedIn passwords for sale.”
  • 10. EXAMPLE OF A THREAT WWW.CYBERGATES.ORG DOES YOUR WEBSITE HOST MALWARES? IS IT SECRETLY MINING BITCOIN? Check it yourself: www.websecurity.pro
  • 11. TOP VULNERABILITIES WWW.CYBERGATES.ORG • Injection • Broken Authentication • Sensitive data exposure • XML External Entities (XXE) • Broken Access control • Security misconfigurations • Cross Site Scripting (XSS) • Insecure Deserialization • Using Components with known vulnerabilities • Insufficient logging and monitoring OWASP TOP 10 Source: https://www.owasp.org/index.php/Top_10-2017_Top_10
  • 12. EXAMPLE OF AN SQL INJECTION ATTACK WWW.CYBERGATES.ORG Example URL http://site.com/product.php?id=1348+AND+1=2+union+select+1,2,user(),database(),5,version(),7+-- Example Output
  • 13. TYPES OF SQL INJECTION ATTACK WWW.CYBERGATES.ORG In this type of SQL Injection vulnerability attacker sends a custom SQL query and gets the output in the screen. Normal This type of injection is identical to normal SQL Injection except that the SQL query returns positive or negative response. Blind http://site.com/product.php?id=1348+AND+1=2+union+select+1,2,user(),database(),5,version(),7+-- http://site.com/view.php?page=10+and+substring(@@version,1,1)=5+--
  • 14. TESTING AN SQL INJECTION ATTACK WWW.CYBERGATES.ORG • SQLmap Tools A vulnerable website Target • http://webscantest.com/datastore/search_get_by_id.php?id=4 • http://webscantest.com/rest/demo/index.php/products/ http://sqlmap.org Sample report: http://webscantest.com/report/
  • 15. PLAN A: FIXING THE PROBLEM WWW.CYBERGATES.ORG • Support • E-mail notifications about an incident • Online support (SIP calls) • Computer Emergency Response Team (CERT) • Investigation (Digital Forensics) • Consultancy Reactive approaches
  • 16. PLAN B: AVOIDING THE PROBLEM WWW.CYBERGATES.ORG • Assessment • Network/Host Vulnerability Assessment • Penetration Testing • Source Code Auditing • Real-time Protection (NIDS/HIDS, WAF) • Training and awareness • Cybersecurity news and analysis • Public seminars and workshops • Corporate trainings • University programs Proactive approaches
  • 17. EVALUATE RISK IN YOUR BUSINESS WWW.CYBERGATES.ORG EVALUATE YOUR BUSINESS RISKS www.websecurity.pro