Professional Documents
Culture Documents
I. public key:
In the publie key, tse data Is encrypted
Using the recipient .:
be decrypted otthoit
'
puble key and t can't
metehing the prtvate ky.
Here, One Key is ncypts tee plais teat and
another key decrypts the cipher tut.
will not oork it interch anged,
D the Nocking key is puble than aryone
Can Send he
encrypted intormation to the
prvate deerypting the irfor
key hofder but
mati on would not be posible wthout
the private Key.
enhanas the conkdon tiality
Hence
Communi
it cation,
dthe
9, Paivate key:
data is encrypted
In tte prív ete key
and
te,
Can be dearypked ody
the prvate
key
.1. Energptin
Deeryption
.Encryption
Jo the eneryplion, the inlrmation praent
5 plain text is encaded Using Speihe alyoa
by means
4 key.
The infovnation cohich i obtained ag'an output
is kno wn ag encry pted data.
en crypted g
he infor matin cipher
tent and olan tett is considered a Uhen eryoted
in-formation.
encnyeted intoMation there should
1o accesS the
the
be private tey present by which deeryption te
Can be done.
to the intomatin;
Hence t en ab les more Secority
trans furtd.
the tey enabled less
Use priyate
on
eplai tatihon and Compro alSing Yisks.
b. Deoyption
Decryption s the process eovertiong the
ipher
C
tot into plain teub.
Ln the decyption,the reeivey
process
decades the encrygted infonatiog by vring toe koy
shaed.
decrypt the ihformtion presente d priate
is must.
ehergyption and deyptn wake p
Both term cryptogrpy.
ohole
Digital Signature:
Hash
Hagh uneticns alto defned ay one-oy
re
u
tunctiong there k ho in volve ent
In the hah
of the tay during the encgpêion process.
The plain
tet Snfeor watiom Is Conveted ioto hash
by the sultable algori fhs.
The ploin taxt is non-recoverable bom fhe has h
-hncioo because the hashes are OeDne-tony property
Important Cyptogrephy Algori th ms
auziliary Vabu.
generate d public key keeping
Usor public hes the
the prime numberg Secret.
ay can
publie bay
publie can be dted by
The publighed
pub
e nery pting the inbrmein.
Decoding
the PsA eneryption is
ay KSA
probeu.
genealy Enocon
one
Ps A
the slowest agorithns and
due to his Is hot much usedfoy energtig theuser.
MDs caiddy óre
úse dd
hashig algoritaa for
generatirg
hrbit hash.
Jenery used y a data
veriheattn
Unintentional coYruptions.
MO ne lway hash tuncfion but it
but it Can
be cracked or reversed by
using Brute - Porce
Atacks.
nessage
MD is the advaned Seiee
digest funetions.
mds hauh
n
the Secuity pot d vies,
Securidy had Com proni sed Many tines.
Usig olision atacks made possible
it to
CYack ds hach.
3. Secure Hashing
Algartto:
SHÀ is q hashig algorith io ohich tatey an
foy Seored
is
also
web
used fr
conneetong.
nfegrity checksung and
SHA-1
SHA 3.
Practical
I. True Cryet:
Doconload # troy
www. druve rget. orgdowntoads
NoTE: TrueCrypt is not used in ltest Vers ion
-
and it
windows.
Bit
is
o cter s
pre-londed.
introdoced for encrgption
hew.
a. Online
MDS Encvyptiony
list.
S. Cing Sest:
Opon your broser go to
and ao
online con!
opey a coebsite ron where
gou
Nouw i{ oll
Can Con yert yoo)
Sinple tert to bost bath.
Dnseyt you tor b
ethies and
is T oant to be a hacker
hash buton.
chck o hae your
you la
lphanumerie hash.
dhg-douh
NOTE: you Can
choose other hahhom
list. (10)
Stega nographd
is mposi ble.
t
beig detected
just by Seeirg the files
Steganogrophj Can be cone wth mediakles
and folders.
stegano gapy is Sometimes Used ag an autbentication
watermar k by the digttal hyusic and moui
Companjes
ohich is invisible
ìn visible to the Users byt is
Use fal to kep authenticity.
2t is aso used by teOnst o tho Secrot
intrmatio exchanging.
D s adso popular tom he
trensics point b
Vieo and is coidely Covered under cy
ber for ensiks
Foy examble:
atacker hides Sone Con-kdantal
araphg analyss.
Terms Assodetad oit teganojrphy:
J. Cover- Mediom
&. Stego - Me dium
3. Dn-vnoticn
I. Cover- Medivm
Jhe nedium in obich the
inorat'on Ôr e
dargt message sto be hidden is knoan ay coyer,
medium,
Cove mediunj is mitlal plare
the informati og should be bidden iy
decidig cohare td
the nedivy.
2. tego- Mediun :
The nediom in ohich
he infonition bror the
arget
mediuw.
mes age
Ishidden is knocon
ae eoo stego
waterm arking is a
siilar process
-tthe
protection
the documents
by keepig
Ooner.
2t: prary goal * not to le deitroyed or
autyacted.
oater s
maYk ing geneally csed ot, mutmed'q
-rles to
pro teet the intelectual property
ig hts.
water m ay kS are adto ured rt docUhie n
tohich Visible toaternarks.
be Used to wake
Iuay the inbnston benper
proot by using 4fingorprind to tha mtorwotiey
Stegangrphy Methods
). Tadition al Methody
a, Hidden tattoos
b. Usig Loax peper
C. USin the
he nneas arheles by highlighted teut
metho d
d. Nicrodots and sy
belie Conmniatiom
9. Modern Metabdi
a. plain Tert Video
d.
b. typer Teat e. Audio
C. T'hag
elf. 9.
Prectable
Netoovk packets.
(t
foy
Modern metio ds are caidely sed thestegano-
Sraphy ond Secore nfomation enhanges,
. plain Test:
matods
Ône
J Using plain
Common
tet.
4 tegono grepy is
be done by using
plain tat steg anagnophy Can
presert în q poragraph oy
Sentence
Special hover or
tet highiyht ing is usd f
-tis ethod.
for e He I: Good Ilusionis t and Kecon
Lovet if the at Jottey each cword is taben
or
Sometims Sone So Speuial S n beie obite
charaetert ane
uwed tohieh Jenealy not
decoded by normal tent view arf ayd h ence
are Used
SReganagraphy.
J. Hyper Teut:
Hyper Teet is Shaib
Stegan ography bated on
to
o plain tet.
Generally toe message is hidden ottliy the fkl
Com
Using the Comments jeerally hot vistble
norma and hence Can be wewed
to Uer
hence
code and
.
in speetion Source
might be -used
tr stug anogr «phy
s cure
ths casethe
Dn etho not much Se
additional musiè
eg uence
syuince oy the shet.
0Y
hotey
enbedtig a hmeslage
Digtal embeddig is a process
into audio
-fles..
Ued for eaed ding the mecsage
Redundant bits are
4. Video
Messages iand intoretion Can be tidden inside
5Uideo stegahogr ap hy is widely urod for the Secret
information nterchonge.
4
steymog raphy.
is Somecalbat Stilar t the hyperteut
Can
Unlike
adso
te
be
au dio and video Stegnographa, messags
hidden ing Sight diferest Cdours
cokich Can't be
deteeted easthy by vis aa Look up.
SS, Tmage:
Most connmen and cotdely
coi dely sed techmize ts inmage
tegonograpby
An image ured to hide the data and infmckton
's
wifhin iH.
from he close ingpetion ó1 naked eye inspehon,
-the bidden intortion Cort be detted just Lte
audio and video Steg anogrephy.
6. Exewtable Files
Stegonegy Con be done tofth
te helo eueoutabld
nogrepy in 1E.
Steqanay sis
Stegonabyas k the procrs anabysng and
dete ting skyarneyrnphy
Sone Speia! tachntyuá, and toos
Stej malyeis.
Generally
-iete
statista! analytis vred to he
Shegenography cetecton.
Stuganalysi Atacks
Stego -only Attack
d. Cover Attack
3. Visual Detetion.
|Doobep.
Semetimes the
nuel Variance and paterng Can Qoadto
-tee failore and deteckion de steganogphy.
Generaly cue to lack d proper ncrypting witlin the
t is detectad by dhe
innage.
Spuilly, in case eshen the segonegrphy s done
2, Qutct Stego:
DocOn LoAD: ww0, CylbernesCernte
UsPNG Quict Stego!
Pirstlhy doconload and Run BickStege. TH is ery
Simple te e and haue Uer fndly ntenfae
o on open inage
clic k
to pan the nage
you (oant to hidea message or teat le.
yo
cicle open teat to cpa, the tent kle want
(20)
Vulnerabidty Assessment
Vulnerab:lby :
Vulnerabiliby is
eakness pregent in any
H
Vulnerabi lity gives yeteu
attacker advontage
dhe target to use it to euplot
Systent.,
Just lite human gett 4 dksease
because deticney
OY. weakness
tn immune Systew,
actally lnerab:lity tis eaknest is
In immune Systey and a chsease
USeg dhrealel
tt weakness to Spread into
human body.
Vulnera bilby
Reads
s a Weakness cwhich
enpleitahon
yatey,
vakneralbtlty is adho termed ag leop lhob or
A bug s a dechnical error
due to colhieh a Systey
b
oT Sesvle becane vulnetable.
vulnerab:laty may be due
to huon error
due to miss Aimes
i Codes
Improper
dealop ant.
Valne rabikty is a sign donger, more -he
vulne rabikty are
associated oth he syste, lecs
Security is associated.
Vulnrab: kity tyrs.
A Nes 4rsco verad ag
Vulnaability is Fhocon
V
2e RO -DAY.
honce e
H 2ero- day s Bresh valnorablt and
high chan eg that it kauy be tooo d
in al 4
the appli ation.
good iet
Reseye her aloo warded oitt eir Name in
hal fame.
Compang'i
due to
This became Vry intoresting Bl d
(Y
Yesearch ert
this s Completely wkite hat and
adso get a ewayded.
disclaror
Many hecomers UYe
Vunrab:ktie are
defned te basis
d
t.ret level.
te s a
stondard who de fneg the Aist
HUNTDNG.
g kant Nicraceft,
There are bnany
big lee
Google, Fate book, ete.
bug bounty progra
ns their b
runs
every yenr.
is defined by the O cAce
valne rabikty lot
The Open Web trplicatiog Seunity Prajeet
(ow ASP)
internaional Source
OWASP is op
ckelaeg the lut
foundatorn Ouasp
Valnera btlbes on
he bsis d threst level and isk
factoy.
Thic
ist is lenoon ay OwAs Top l0.
OwAsp Top lo vuknerabilities eeognized
the standardvulnerabilty st.
Threat fonn -tore valnerab; lities s wery high
and caue potentia! damage to -le coeb oppliti
for Nobtle
OwAsp aleo declares dhe it
valnembility tožts the nabne d h owAsp Mobile
Secority Preject.
open
2ed Atect Prony CeAp) s one d the
owAsp
Soorce oolUsedBr penetrati on testing.
is availa ble onine for tree.
to autoetically d secortty
4 P helps the user
in the target webstte.
Valnerabiltiy
Thx is mostly Ureful when you want to tet
deulapirg cb aplicatins.
penetrati og
is algo usedo wanaal
OwASp 2Ap.
by proest onay hi
besting and generally kd
manual testig.
in kali Ainox
Comes
nes
preistalled
Ow Asp PZP1o (20ts
OwASp Top
to Ooasp):
USe
d
Sate ApT which avoide
the use 4 interpter
Cmpletdy and restricts the queries to get eHecvted.
Care hdly ercape special, charactrs sing te ipeti
escape Synten Should be used So that input ean bel
Tertrieted.
white lict input Can alko be ured oheh deny.
he unauthoried input and hente kess chonte
ate over. (26)
tveaten ing vulner abilithy which CAYe
foond in
completely open
H Ths preject is SoUrce.
AM he penetatiog tester ard bug bounty
hunters follo uos OtoA sp
Top lo Velneabilty
Staodard cohik testirg coeb applicaf ion,
Prjects are open Source qDareness
pnpose.
Folboing are -he top lo vulnera bil:tieg
1. Tnijecten
A.
Rroken Authenticatien and Sessiovy onagement.
s. Cross - Site Senpting Cxss).
4. Ihsecore Dired okjet Referentes,
S. Saconty Msconguatien.
6. Sensttive Data Papas ure. oS
25
Prevention :
Management:
1. o be clearly visible in the URL.
Session hray
a Session Dds valnerabe -to Sescion time
are
Suatiom.
|3. User authentication and Sesicorn hnagement tok
aYe
not invalalated during tae Sogout.
. Session.
Unenerypted
timeout.
to
l2. lou) the dvoa legin and thts
again Visit
tìme ho errot would be encounte red.
29)
|Tsting oilh DvwA!
Dnjnodion:
all User
Sarg brto
hto data base inpu tais
S. To See
#
query: % or 0= 0 Unin Seleet hol, user()
the quer
7 Docontoad s cheat shect tom the intt
test deent querig and analyte
ond ty to
ochavi our,
their
Cross - site scriptin is aready anplined aboue. and
is ae one
d
the erkeal dne rabilkty.
I, Run DvwA on local hect
. click on DvwA
host and
Setuidy in
Login
det sidebar
hto it.
and st
DUwA Secortty to Louw.
3. chek on XSS, for the beginning SAart ott, toned
ss.
Name feld nput he name
4
4. InDn the
message
freld input Javsipt.
2. cliee
on DvwOA Seority tom the leff st ba
by
Low.
and Set the Secority stde bar
sPP om
3. clc Neas passoord and confivny eo
o Znput the
paswod widh
any pasroord aud cleck
change.
Por ex: harsh hash
mess age shaon belous
s. passooord changed wil bo
he change button.
ew check -the PL. hee wil) a
to stia
a
which are Separted by the 4': passo ord_he
= past coa
hash @hareh
4_ corf harsk@ horsh.
7These stings contam tte pasaord colieh hag
been Set a heo passeaord.
chonge -the pasoord praont in bote the
Striags Aike! passcond. hecd s x00pasa or d Cont
Xr00t
Alow Dvwd and try to loqn cort,
9 coil be Success fally
changed pstoor d and logji
and road abot nore
to. Vsit
advan ed Uses