Student's Signature: . Date: 21/03/19: Bello Abdullahi Abubakar

2308-1501-0074 BELLO ABDULLAHI ABUBAKAR CSM201_PROJ
APPLICATION AND INFRASTRUCTURE SECURITY (CSM201)

PROJECT
Student declaration:
I declare that:
• I understand what is meant by plagiarism
• The implication of plagiarism has been explained to me by my institution
• This project is all my own work and I have acknowledged any use of the
published and unpublished works of other people.
Student’s signature: ……………………………. Date: 21/03/19
Total number of pages including this cover page

Submission Date 21-03-2019 Due Date 22-03-2019
Students’ ID 2308-1501-0074 Class Code CSM201
Student’s Full Name BELLO ABDULLAHI ABUBAKAR
Lecturer’s Name MR. MOHAMMED RAFIQ
OFFICIAL USE ONLY
Marker’s comments
Marker’s name Initial marks awarded /100

Penalty on late submission
Final marks awarded /100

Name of Student: ___________________________________________________
BELLO ABDULLAHI ABUBAKAR 1

Student ID: ____________________________________________________
Module Code : CSM201
Before scanning, after I inserted the url for challenge 3 to be scanned

Your defences will include the

followings:
-Anti malware defences

5 Marks
-Firewall & DMZ
5 Marks
-Cryptography & VPN
5 Marks
-Wireless security
5 Marks
-IDS/IPS & Honeypot
5 Marks
-Host hardening
5 Marks
Question 3
Viva and Presentation
10 Marks
Total 100 Marks
Contents
CLOUD COMPUTING BASED APPLICATION VULNERABILITY..................2

The Hackademic Challenges.....................................................................................3

CHALLENGE 3........................................................................................................4
CSRF (Cross Site Request Forgery)..........................................................................4
Trace Method.............................................................................................................5
PROOF OF CONCEPTS...........................................................................................6
COUNTER MEASURES..........................................................................................9
CALLENGE 8.........................................................................................................10
DESCRIPTION OF VUNERABILITY..................................................................11
PROOF OF CONCEPT...........................................................................................12
COUNTER MEASURES........................................................................................17
CHALLENGE 10....................................................................................................18
VULNERABILITY DESCRIPTION......................................................................19
PROOF OF CONCEPTS.........................................................................................20
COUNTER MEASURES........................................................................................27
QUESTION 2.........................................................................................................28
THE NETWORK DIAGRAM................................................................................30
ANTI MALWARE DEFENCE...............................................................................31
FIREWALL AND DEMILITRIZED ZONE (DMZ)..............................................32
CRYPTOGRAPHY AND VPN..............................................................................33
WIRELESS SECURITY.........................................................................................35
IDS/IPS AND HONEY POT...................................................................................37
HOST HARDNENING...........................................................................................38
REFERENCES........................................................................................................39
CLOUD COMPUTING BASED APPLICATION VULNERABILITY

Cloud computing is referring to as using computer resources which include both
hardware and software resources that are delivered across the network in a form of
services, a typical example of such network involved the internet.

However Cloud computing based application vulnerability is referred to as weakness or

loopholes that is involved in a computing based application which can enable any
attacker to take control or decision. Vulnerability is further explained as a point where
three elements intersects and this elements are, Cloud computing application (system)
weakness, the attacker access to the flaw, and attacker’s capability to exploit the
vulnerability.
VULNERABILITY
Vulnerability is the flaw or oversight in an existing control that may passively allow a
threat to exploit it to gain unauthorized access to organizational asset. Many
Information Technology system weaknesses identified using authorized scanning
equipment. Process and performance vulnerabilities are difficult to certain and may
require careful analysis to uncover. Audits are usually helpful in identifying
vulnerabilities. It is useful to categorize the vulnerabilities according to administration,
physical and technical areas.
ADMINISTRATION VULNERABILITIES: Are those vulnerabilities that exist in
policies, procedures or security activities. Example include missing acceptable use
policies, lack of security functionality, gaps in termination procedures, the lack of
independence in security testing inadequate compliance enforcement, inadequate
management, and insufficient staff.
PHYSICAL VULNERABILITIES: Are those vulnerabilities that exist in the
physical, geographical, personnel, or utility provisioning controls. Examples lack of
background checks for sensitive positions, detective software, and the lack of redundant
power supplies.
TECHNICAL VULNERABILITIES: That exist in the logical controls in the
organizations system examples include improperly configured equipment (e.g.
misconfigured routers)backdoors in programs, untested technology, transmission of
unprotected communication, lack of redundancy ,and weak password(e.g. poor choice
of password).
Here are some of the vulnerabilities that can be found generally in Hackademics
challenges;
Application error message
Html form without CSRF protection
Apache server-info is enable
Apache server-status is enable
User credential are sent in clear text
Trace method is enable
Password type input with auto-complete
Cross site scripting verified
Broken links

There are different web application vulnerability scanners available in other to perform
this project some of this applications includes acunetix, vega, watcher, webcruiser,
netsparker, xapiti, web scrabber, and metaspoit and so on many are available online.
However, to proceed this project three (3) challenges is intructed to be choosen from the
OWASP HACKADEMIC CHALLENGE in which challenge 3, 8, and 10 has been
choosen as the challenges to be discused.
The Hackademic Challenges.
The Acunetix web

vulnerability I used
for scanning the
Hackademic sites

CHALLENGE 3
Challenge 3 states “XSS which allows a malicious user to inject his own codes into a
vulnerable web application pages. According to OWASP 2010 Top 10 Application
Security Risks, XSS attacks rank second 2nd in the most dangerous list of attacks.
When challenge 3 was scanned using the web vulnerability scanner (Acunetix), the
following vulnerabilities was found which are listed below;
1. Trace Method.
2. HTML Form without CSRF protection.
3. Apache http only cookie disclosure.
4. PHP collision denial of service.
5. Unprotected phpMyAdmin interface.
Therefore to proceed with the project, I will focus on two among the above listed
vulnerabilities discovered from challenge 3 which are,
1. Cross Site Request Forgery (CSRF) and
2. Trace Method.
CSRF (Cross Site Request Forgery)

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute
unwanted actions on a web application in which they are currently authenticated. CSRF
attacks precisely target state – changing requests, not theft of data, since the attacker has
no technique to see the response to the forged request. With a little help of social
engineering such as sending link via email or chat, an attacker may trick the user of web
application into executing action of the attackers choosing. A successful CSRF exploit
can compromise end user data and operation in case of normal user. If the targeted end
user is the administrator account, this can compromise the entire web application.
Cross-Site Request Forgery (CSRF) can also be referred as XSRF or session ridding, it
is an attack that tricks the target into submitting a page that contains a malicious
request. CSRF is also known as the type of attack “One-Click” attack in their threat
modeling techniques and many place in their online documentation.
CSRF also inherits the identity and privileges of the target to perform an undesired
function on the victim’s behalf, example includes change e-mail address, home address,
or password or even temper with the target’s credit card details. CSRF attacks victim
functionally that causes a state of change on the server.

It’s sometime possible to keep the CSRF attack on the vulnerable site itself. Such
vulnerabilities are called “Stored CSRF flaws”. This can be achieved by simply storing
an IMG or IFRAME tag in a field that accepts HTML, or by a more complex cross-site
scripting attacks. If the attacker can store a CSRF attack in the site, the strictness of the
attack is amplified.
Trace Method
Trace Method is also referred to as cross-site tracing (XST) which involves the use of
cross-site Scripting (XSS) and the TRACE or TRACK HTTP methods. Trace Method is
an attack that allows the user to see what is being received at the other end of the
request chain and use that data or information for testing or diagnostic information. The
Track method works in the same way but is specific to Microsoft’s IIS web server.
Cross-site Tracing (XST) could be used as a method to steal user’s cookies via Cross-
site Scripting (XSS) even if the cookies has the HttpOnly flag set or exposes the user’s
Authorization header.
The Trace method attack, though actually harmless, it can be successfully controlled in
some scenarios to steal legitimate user’s credentials. This type of attack technique was
been discovered by Jeremiah Grossman in 2003, in an attempt to bypass the HttpOnly
tag that Microsoft introduced in Internet Explorer 6 sp1 to protect cookies from being
accessed by JavaScript. However, the Trace Method attack can be used to bypass this
protection and access the cookie even in this scenario. Modern browsers now prevent
trace request being made via JavaScript, however, other ways of sending trace request
with browsers have been discovered, such as using java. The influence of this type of
attack is that attackers may misuse HTTP TRACE functionally to gain access to
information in the HTTP headers such as cookies and authentication data.

PROOF OF CONCEPTS
Start button
After clicking the start button, scan finished and the following listed vulnera

TRACE METHODvulnerability is also been found and the rest of attacks.


COUNTER MEASURES
Cross-site Request Forgery (CSRF) Counter Measures.

Most CSRF counter measure techniques work by embedding additional authentication
data into request that allows the web application to detect request from unauthorized
location
Preventions are recommended or needs to be taken both the users and also the web
developers.
USERS are required to carry out the following defense actions;
6. Never allow the browser to save username/password and do not allow site to
“remember” login credentials.
7. Log off immediately after using any kind of web application.
8. Do not use the same browser access sensitive information and to surf freely on
the internet, if it is necessary to do both things at the same machine, perform
them with separate web browser.
Integrated HTML-enabled mail/browser, newsreader/browser environments pose
additional risks since simply viewing a mail message or a news message might lead to
the execution of an attack.
DEVELOPER’s preventives actions such as
9. Replacing GET request by POST request.

10. Relying on the information in the Referrer header of HTTP requests.
11. Implementing the proxy and the rewriting engine in a language such as C or C++
instead of in PHP and Java, an additional boost in performance can be expected.
12. Significant modifications to each individual web application that should be
protected when embedding shared secrets into the application’s output.
Add session-related information to the URL.

What makes the attack possible is the fact that the session is uniquely identified by the
cookie, which is automatically sent by the browser.Having other session-specific
information being generated at the URL level makes it difficult to the attacker to know
the structure of URLs to attack.
Trace Method Counter Measures
13. Disable HTTP TRACE support

Based on site requirement and policy, consider disabling HTTP Trace Method support
in web servers. As a best practice, we recommend limiting input (“whitelisting”) to the
minimum set of methods required for operation of a given application.
14. Apache HTTP Server
To dis able HTTP TRACE support, set Trace Enable OFF. Otherwise, use Apache mod
rewrite module to deny HTTP Trace request or permits only the methods needed to
meet the site requirements and policy. Trace mode rewrite can be syntax:
RewriteEngine On
RewriteCond %( REQUEST_METHOD) ^TRACE
RewriteRule.* - [f].

CHALLENGE 8
Challenge 8 has state that;
“You have managed, after several tries, to install a backdoor shell (Locus7Shell) to
trytohack.gr
The problem is that, in order to execute the majority of the commands (on the machine
running the backdoor) you must have super-user rights (root).
Your aim is to obtain root rights.”
The following vulnerabilities listed below were found after scanning the challenge 8 of
OWSAP HACKADEMIC CHALLENGE which they are listed as follows;
15. Cross Site Scripting (Verified).

16. Apache httpd Remote Denial of Service.
17. HTML form without CSRF protection.
18. Trace Method is enabling.
19. Apache httpOnly cookie disclosure.
Focus area of discussion;

CROSS SITE SCRIPTING.
DENIAL OF SERVICE
DESCRIPTION OF VUNERABILITY
Cross Site Scripting (XSS)
Cross Site Scripting (CSS for short, but sometimes abbreviated as XSS) is one of the most
common application level attacks that hackers use to sneak into web applications today.
Cross site scripting is an attack on the privacy of clients of a particular web site which can
lead to a total breach of security when customer details are stolen or manipulated. Unlike
most attacks, which involve two parties the attacker, and the web site, or the attacker and
the victim client, the CSS attack involves three parties the attacker, a client and the web
site. The goal of the CSS attack is to steal the client cookies, or any other sensitive
information, which can identify the client with the web site. With the token of the legitimate
user at hand, the attacker can proceed to act as the user in his/her interaction with the site
specifically, impersonate the user. For example, in one audit conducted for a large
company it was possible to peek at the user’s credit card number and private information

using a CSS attack. This was achieved by running malicious JavaScript code at the victim
(client) browser, with the “access privileges” of the web site. These are the very limited
JavaScript privileges which generally do not let the script access anything but site related
information. It should be stressed that although the vulnerability exists at the web site, at no
time is the web site directly harmed. Yet this is enough for the script to collect the cookies
and send them to the attacker. The result, the attacker gains the cookies and impersonates
the victim. XSS attacks occur when the following happens;
 Data enters a Web application through an untrusted source, most frequently a

web request.
 The data is included in dynamic content that is sent to a web user without being
validated for malicious content.
 The malicious content sent to the web browser often takes the form of a segment
of JavaScript, but may also include HTML, Flash, or any other type of code that
the browser may execute. The variety of attacks based on XSS is almost limitless,
but they commonly include transmitting private data, like cookies or other
session information, to the attacker, redirecting the victim to web content
controlled by the attacker, or performing other malicious operations on the user's
machine under the guise of the vulnerable site.
Denial of Service Description
The Denial of service attack is concerned in making a resource such as site, application,
server unavailable for the purpose it was designed. There are many ways to make a
service unavailable for legitimate user by manipulating network packets, programing,
logical, or resources handling vulnerabilities, among others. If a service receives a very
large number of request, it may cease to be available to legitimate users. In the same
way, a service may stop if a programming vulnerability is exploited, or the way the
service handles resource it uses.
Sometime the attacker can inject and execute arbitrary code while performing a DoS
attack in order to access critical information or execute commands on the server.
DOS attack expressively degrades the service quality experienced by the legitimate
users. These attacks introduce large response delays, excessive losses, and service
interruptions, resulting in direct impact on availability.

PROOF OF CONCEPT
Web alert Found in

challenge 008
After I insert the URL then I scan the site for vulnerability

Acunetix proof that the web site is vulnerable to Cross site scripting.
Acunetix proof that the web site is vulnerable to Apache server-Info enable.
Apache server-Status enable


Acunetix proof that the web site is vulnerable toApache server-Status enable
HTML from without CSRF protection
Acunetix proof that the web site is vulnerable to HTML from without CSRF protection.
TRACE method is Enable

Acunetix proof that the web site is vulnerable to Trace Method.
Hackademic Challenge 008
Enter ‘help’ for available commands.

Input user name and password to login.
Congratulations successfully hacked

COUNTER MEASURES
Cross-Site Scripting Counter Measures (XSS)
The following are counter measures required for the above mentioned vulnerability;
1. By performing “in-house” input filtering (sometimes called “input sanitation”). For
each user input be it a parameter or an HTTP header, in each script written in-house,
advanced filtering against HTML tags including JavaScript code should be applied.
For example, the “welcome.cgi” script from the above case study should filter the
“<script>” tag once it is through decoding the “name” parameter.
2. By performing “output filtering”, that is, to filter the user data when it is sent back to
the browser, rather than when it is received by a script. A good example for this
would be a script that inserts the input data to a database, and then presents it. In this
case, it is important not to apply the filter to the original input string, but only to the
output version. The drawbacks are similar to the ones in input filtering.
3. By installing a third party application firewall, which intercepts CSS attacks before
they reach the web server and the vulnerable scripts, and blocks them. Application
firewalls can cover all input methods (including path and HTTP headers) in a generic
way, regardless of the script/path from the in-house application, a third party script,
or a script describing no resource at all (e.g. designed to provoke a 404 page
response from the server). For each input source, the application firewall inspects the
data against various HTML tag patterns and JavaScript patterns, and if any match,
the request is rejected and the malicious input does not arrive to the server.
Denial of Service Counter Measures

1. Having both Anti-Dos technology and Dos emergency response service.
2. Proper configuration of networks equipment.
3. Enabling Ingress filtering and egress filtering.
4. Correctly Identify incoming traffic to separate human traffic from human- like
bots and hijacked web browser.
5. Avoid amplification and spoofing, therefore reduce the number of relay networks
available to attackers.

CHALLENGE 10
This challenge requires you to bypass and get serial number, which you will use for
obtaining the password that will enable you to become a member of the world largest
hackers group.
Challenge 10 site
The following vulnerabilities were found after scanning challenge 10 of OWASP

HACKADEMIC CHALLENGE which they are;
 Directory Listing.
 Trace Method is enable.
 HTML form without Cross-site Request Forgery.
 Denial of service
 Apache httpOnly cookie disclosure.
Point of discussion are;
 COOKIE DISCLOSURE
 DIRECTORY LISTING

VULNERABILITY DESCRIPTION
COOKIE DISCLOSURE
Cookie disclosure is type of attack that requires unauthorized access attempt into a web
application.HttpOnly is an additional flag included in a Set-Cookie HTTP response
header and also using the HttpOnly flag the risk of client side scripting to access the
protected cookie when generating a cookie decreased. Apache HTTP Cookie could
allow a remote attacker to obtain sensitive information, caused by an error in the default
error response for status code 400. If no custom Error Document is specified, a remote
attacker could exploit this vulnerability to disclose HttpOnly cookies and other sensitive
information. In Apache Http-Only Server Information disclosure, the signature detects a
malformed cookie combined with a 400 response code which may indicate an attempt to
execute a cross-site scripting attack against Apache servers.Apache HTTP Server 2.2.x
through 2.2.21 does not properly restrict header information during construction of Bad
Request or 400 error documents, which allows remote attackers to obtain the values of
HttpOnly cookies via vectors involving a long or malformed header in conjunction with
crafted web script.
DIRECTORY LISTING
The web server is configured to display the list of files contained in this directory. This
is not recommended because the directory may contain files that are not normally
exposed through links on the web site with detailed Information. While browsing web
pages, most of us expect to see only the pages offered.Though occasionally we come
upon what looks like a listing of files that we might see in Windows Explorer as
opposed to a web page. This is called a directory listing, it is sometimes used to offer
files easily on the internet, but if unintended, which it can allow an attacker to gain
valuable information about the target.
Directory listings can occur in two different ways:
Firstly, an attacker could view all files in a given web directory. This allows an attacker
to see files which might not be linked anywhere on your site, including files which may
include sensitive information, such as backup script files (like index.php, http access
files, or text files with notes (password.txt!). The other technique is more dangerous.
Some web servers are setup such that the web home is actually the user home, so
passing in certain values in the web address can allow directory listings outside of the
normally safe web folder structure. This is more dangerous since an attacker may be
able to find and execute programs on your server through a web browser, potentially
exploiting those programs as well.

PROOF OF CONCEPTS
Step 1: Acunetix interface before scanning the challenge (10)
Challenge 010 URL

to be scanned
Click start to trigger the scanning of the challenge 10 URL
After scanning the site the following vulnerabilities were discovered

 APPLICATION ERROR MESSAGE

Acunetix proof that the web site is vulnerable to Application Error Message.
 HTML Form Without CSRF Protection
Acunetix proof that the web site is vulnerable to Html Form without CSRF Protection
 USER CREDENTIAL ARE SENT IN CLEAR TEXT

Acunetix proof that the web site is vulnerable to User credential sent in clear text.
 TRACE method is Enable
Acunetix proof that the web site is vulnerable to Trace Method

URL page source is viewed where the serial number is acquired
Input the serial number and proceed to login page of the URL
Input password viewed in the URL page source by using the developer options in
the browser

Challenge 10 is successfully hacked after getting the password

COUNTER MEASURES
 Do ensure that messages only contain minimal details that are useful to the intended
audience and nobody else.
 The messages need to strike the balance between being too cryptic and not being cryptic
enough.
 They should not necessarily reveals the method that were used to determine the error.
Such detail information can be used to refine the original attack to increase the chance
of success.
 Check if this form requires CSRF protection and implement CSRF counter measures if
necessary.
 Because user credential are considered sensitive information, it’s recommended to be
sent to the server over an encrypted connection.
 Use authentication mechanism that do not require clear credentials to be passed over the
network.
 Do not store credentials in an insecure manner.
 The password auto complete should be disable in sensitive applications.
 To disable auto complete, use a code similar to<input type=”password” auto complete
=”off”>
 Having both Anti-Dos technology and Dos emergency response service.
 Proper configuration of network equipments.
 Enabling Ingress filtering and egress filtering.
 Correctly Identify incoming traffic to separate human traffic from human-like bots and
hijacked web browser.
 Avoid amplification and spoofing, therefore reduce the number of relay networks
available to attackers.

PRESENTATION SLIDES







QUESTION 2
AIRTEL NIGERIA as the existing system

INTRODUCTION
Formerly known as Celtel Nigeria, the company was established in 2000, by a group of
institutional and private investors as well as three state governments.It made history on
August 5, 2001 by becoming the first telecoms operator to launch commercial GSM
services in Nigeria. In 2006, following Celtel International’s acquisition of majority
stake in the company, it was re-branded Celtel and became an important part of Celtel’s
pan-African operations spanning 14 countries.On August 1, 2008 Celtel Nigeria was
rebranded Airtel Nigeria following the global acquisition of Celtel International by
Airtel Group. Airtel Nigeria, which currently covers over 1500 towns and 14000
communities across the six geopolitical zones of the country, scored a series of many
other "firsts" in the highly competitive Nigerian telecommunications market including
the first to introduce toll-free 24-hour customer care line-111; first to launch service in
all the six geo-political zones in the country; first to introduce N500 recharge card;
first to commence emergency service (Celtel 199); first to introduce monthly free SMS
and first to introduce monthly airtime bonus.
BhartiAirtel Limited is a leading global telecommunications company with operations

in 20 countries across Asia and Africa. With headquarters in New Delhi, India, the
company ranks amongst the top 5 mobile service providers globally in terms of
subscribers. In India, the company's product offerings include 2G,3G and 4G services,
fixed line, high speed broadband through DSL,IPTV, DTH, enterprise services
including national & international long distance services to carriers. In the rest of the
geographies, it offers 2G, 3G mobile services. BhartiAirtel had over 264 million
customers across its operations at the end of July 2012. To know more and please visit,
www.airtel.com


THE NETWORK DIAGRAM

ANTI MALWARE DEFENCE

Anti-malware is also known as anti-virus, it scans your computer to detect any kind of
malware and virus present and help to get rid of or clean them when detected. But anti-
malware is only active with constant update and upgrade if possible, a typical example
of a simple anti-malware defense system is the Windows defender come along with
operating system (OS).
If this organization will undergo daily updates, therefore the system will be familiar
with any kind malware or a virus detected and help block them before they do any harm
to the company’s system as a whole why because malwares and viruses are created and
released almost every day in the world of internet.
Moreover, Honeypots are used to detect malware, by exploiting the known duplication
and attack vectors malware uses. Replication vectors such as USB flash drives can
easily be verified for evidence of modifications, either through manual means or
utilizing special purpose honeypot that emulate drives. Malware increasingly is used to
search for and steal crypt occurrences. So the company will still make use of this
honeypots in other to detect certain malwares that are mistakenly brought into the
organization or deliberately by disgruntled employees.

FIREWALL AND DEMILITRIZED ZONE (DMZ)

A firewall is a network security system which can either be software or hardware-based
that controls the incoming and outgoing network packets within an organization.A
firewall establishes a barrier between a trusted, secure internal network and the outside
world or another network.
A firewall is like a security or defense wall that prevents any malicious code from
moving in or out of the organization. Now, many personal computer operating systems
include software-based firewalls to protect against threats from the public Internet.
Many routers that pass data between networks contain firewall components.
The organization is going to harden the software based firewall existing but it’s going to
be more concerned with establishing the hardware based firewall for better security.
DMZ which is simply refers to Demilitarized Zone, it’salso refer to as a perimeter
network, it is a physical or logical sub-network that contains and exposes an
organization's external-facing services to a larger and untrusted network, usually the
Internet. The purpose of a DMZ is to add an additional layer of security to an
organization's local area network (LAN), an external attacker only has direct access to
equipment in the DMZ which are more highly protected than the rest of the equipment
within the organization, rather than any other part of the network.
In a DMZ configuration, most computers on the LAN run behind a firewall connected
to a public network like the Internet. One or more computers also run outside the
firewall, in the DMZ. Those computers on the outside intercept traffic and broker
requests for the rest of the LAN, adding an extra layer of protection for computers
behind the firewall.

With the help of the DMZ, the organization’s firewall will be more secured. After all,
DMZ is also considered to be a firewall configuration for securing local area networks
(LANs).

CRYPTOGRAPHY AND VPN

Cryptography considered as hidden, secret, writing is the practice and study of
techniques for secure communication in the presence of third parties or intruders.
Cryptography is basically known as secured communication in the sense that
communication between two parties are done with the help of encryption i.e. plain text
is been converted into cypher text with the help of public key where only the destination
has the private key to decrypt the information. More generally, it is about constructing
and analyzing protocols that overcome the influence of these adversaries and which are
related to various aspects in information security such as data confidentiality, data
integrity, authentication, and non-repudiation.
Today, cryptography is comprehensively based on mathematical theory and computer

algorithms, cryptographic algorithms are designed around computational hardness
assumptions, making such algorithms hard to break in practice by any adversary.
It is theoretically possible to break such a system but it is infeasible to do so by any
known practical means. Some algorithms are already cracked, some are less secured
while some are pirated, though the good algorithms are yet to be cracked. It is advisable
to combine up to two algorithms for your system to be more secured.
The organization is going to make use of the RSA algorithm combined with AES for
their systems to be highly secured making use of the 512-bit algorithm.
VPN basically works on the foundation of simply drop a packet and follow another path
or tunnel for the communication once the protocol gets suspicious of an intruder along
its tunnel for communication, it does that again and again until a successful
communication is done. A virtual private network (VPN) extends a private network
across a public network, such as the Internet. It enables a computer to send and receive
data across shared or public networks as if it is directly connected to the private
network, while benefiting from the functionality, security and management policies of
the private network. A VPN is created by establishing a virtual point-to-point
connection through the use of dedicated connections, virtual tunneling protocols, or
traffic encryptions.

With the use of the VPN in the organization, it will enables employees to securely
access their company's intranet while traveling outside the office. Similarly, VPNs
securely connect geographically disparate offices of an organization, creating one
cohesive network. VPN technology is also used by Internet users to connect to proxy
servers for the purpose of protecting personal identity and location.

WIRELESS SECUIRITY
Wireless security is a part of computer security, however organizations may be

particularly vulnerable to security breaches caused by rascal access points. The risks to
users of wireless technology have increased as the service has become more popular.
There were relatively few dangers when wireless technology was first introduced. Now
nothing is secured when it is already on the wireless network/internet. However, there
are a great number of security risks associated with the current wireless protocols and
encryption methods, and in the carelessness and ignorance that exists at the user and
corporate IT level. Penetration procedures have become much more sophisticated and
innovative with wireless. Hacking has also become much easier and more accessible
with easy-to-use Windows or Linux-based tools being made available on the web at no
charges.
Various wireless security protocols were developed to protect home wireless networks.
These wireless security protocols include WEP, WPA, and WPA2, each with their own
strengths and weaknesses. Wired Equivalent Privacy (WEP) is the original encryption
protocol developed for wireless networks. As its name implies, WEP was designed to

provide the same level of security as wired networks. However, WEP has many well-
known security weaknesses, is difficult to configure, and is easily broken.
Wi-Fi Protected Access (WPA) was then introduced as a temporary security
enhancement over WEP while the 802.11i wireless security standard was being
developed. WPA Enterprise uses an authentication server to generate keys or
certificates.
Wi-Fi Protected Access version 2 (WPA2) being the most protected is going to be used
in the organization. The most significant improvement to WPA2 over WPA is the use of
the Advanced Encryption Standard (AES) for encryption. The security provided by
AES is sufficient and also approved for use by the U.S. government to encrypt
information classified as top secret. That is why we go for the WPA2 wireless protocol
for greater wireless security.

IDS/IPS AND HONEY POT
Intrusion Detection System (IDS) is a device or software application that monitors

network or system activities for malicious activities or policy violations and produces
reports to a management or persons involved. Intrusion Prevention System (IPS) on the
other hand is similar to the IDS but it is more intelligent than it as it does not only detect
malicious act but go further to actively block or stop the intrusions that are detected.
The main functions of intrusion prevention systems are to identify malicious activity,
log information about this activity, attempt to block or stop it, and report it when
necessary.
Therefore the current company will make use of the both the IDS/IPS in order to reduce
workloads on the rest of the IT department in other to detect and also block the
intrusion.
Honeypot is a trap device which is setup to detect or monitors an attempts at
unauthorized use of information systems. Ideally, a honeypot consists of a computer,
data, or a network site that appears to be part of a network, but is actually isolated and
monitored, and which seems to contain information or a resource of value to attackers.

As said to be a trap, honeypot makes it possible to duplicate your main server to make it
look like the original server where all the intrusions made for the original server is
going to be directed to it since intruders have been made to believe it is the main server,
thus making it possible for network administrators to make proper reconfigurations as
per the new threat made.
The organization will surely make use of the honeypot in order to avoid direct access to
our main server and in the process will make proper reconfigurations to the main server
harden it against intruders.

HOST HARDNENING
Is concerned host of the network which might be a personal computer, server, router or
even a tablet and all these may work with a different platform as per the requirements of
the organization. Host hardening may be easily done at the same time it may be the
trickiest. It is easy in the sense that once you follow the simple procedures like, once an
application/software is not useful anymore you have to disable and remove it from the
system because living it may be a loophole for an attack to occur.
Moreover, it is not advisable for one system to serve as a multifunctional system (i.e. a
system that acts as more than one server for the organization) because once the host has
been altered with, this means that not only one server is going down but many will be
down and this will cause serious problem to the organization.

PRESENTATION SLIDES






REFERENCES;
1. http://searchsecurity.techtarget.com/definition/antimalware
2. http://www.techopedia.com/definition/25873/anti-malware
3. "XML Path Language (XPath) Version 1.0 - W3C Recommendation, 16 November
1999",
4. “XML Path Language (XPath) 2.0 – W3C Working Draft, 12 November 2003”,
http://www.w3.org/TR/xpath20/
5. <http://code.google.com/apis/analytics/docs/concepts/gaConceptsCookies.html>.
6. <http://surfthenetsafely.com/surfsafely5.htm>.
7. Cross-site Scripting (Web Security Threat Classification)
http://www.webappsec.org/projects/threat/classes/cross-site_scripting.shtml
8. Cross-Site Scripting Worm Hits MySpace, BetaNews, October 13, 2005
http://www.betanews.com/article/CrossSite_Scripting_Worm_Hits_MySpace/1
129232391
9. Foreman, P: Vulnerability Management, page 1. Taylor & Francis Group,
2010.ISBN 978-1-4398-0150-5
10. Gilkeson, J. H., Reynolds, K. (2003). Determinants of Internet auction success
and closing price: An exploratory study. Psychology & Marketing, 20(6), 537-
566. Retrieved September 2, 2008, from ABI/INFORM Global database.
(Document ID: 340652811).

Student's Signature: . Date: 21/03/19: Bello Abdullahi Abubakar

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Student's Signature: . Date: 21/03/19: Bello Abdullahi Abubakar

Uploaded by

Copyright:

Available Formats

2308-1501-0074 BELLO ABDULLAHI ABUBAKAR CSM201_PROJ

APPLICATION AND INFRASTRUCTURE SECURITY (CSM201)

Total number of pages including this cover page

OFFICIAL USE ONLY

Marker’s name Initial marks awarded /100

Final marks awarded /100

BELLO ABDULLAHI ABUBAKAR 1

Student ID: ____________________________________________________

Module Code : CSM201

Before scanning, after I inserted the url for challenge 3 to be scanned

BELLO ABDULLAHI ABUBAKAR 2

Your defences will include the

-Anti malware defences

Total 100 Marks

BELLO ABDULLAHI ABUBAKAR 3

The Hackademic Challenges.....................................................................................3

CLOUD COMPUTING BASED APPLICATION VULNERABILITY

BELLO ABDULLAHI ABUBAKAR 4

However Cloud computing based application vulnerability is referred to as weakness or

BELLO ABDULLAHI ABUBAKAR 5

The Hackademic Challenges.

The Acunetix web

BELLO ABDULLAHI ABUBAKAR 6

CSRF (Cross Site Request Forgery)

BELLO ABDULLAHI ABUBAKAR 7

BELLO ABDULLAHI ABUBAKAR 8

BELLO ABDULLAHI ABUBAKAR 9

TRACE METHODvulnerability is also been found and the rest of attacks.

BELLO ABDULLAHI ABUBAKAR 10

BELLO ABDULLAHI ABUBAKAR 11

Cross-site Request Forgery (CSRF) Counter Measures.

9. Replacing GET request by POST request.

Add session-related information to the URL.

BELLO ABDULLAHI ABUBAKAR 12

BELLO ABDULLAHI ABUBAKAR 13

15. Cross Site Scripting (Verified).

Focus area of discussion;

BELLO ABDULLAHI ABUBAKAR 14

 Data enters a Web application through an untrusted source, most frequently a

BELLO ABDULLAHI ABUBAKAR 15

Web alert Found in

BELLO ABDULLAHI ABUBAKAR 16

Apache server-Status enable

BELLO ABDULLAHI ABUBAKAR 17

HTML from without CSRF protection

TRACE method is Enable

BELLO ABDULLAHI ABUBAKAR 18

Acunetix proof that the web site is vulnerable to Trace Method.

Hackademic Challenge 008

Enter ‘help’ for available commands.

BELLO ABDULLAHI ABUBAKAR 19

Input user name and password to login.

Congratulations successfully hacked

BELLO ABDULLAHI ABUBAKAR 20

Denial of Service Counter Measures

BELLO ABDULLAHI ABUBAKAR 21

The following vulnerabilities were found after scanning challenge 10 of OWASP

BELLO ABDULLAHI ABUBAKAR 22

BELLO ABDULLAHI ABUBAKAR 23

Step 1: Acunetix interface before scanning the challenge (10)

Challenge 010 URL

Click start to trigger the scanning of the challenge 10 URL

After scanning the site the following vulnerabilities were discovered