INTERNSHIP REPORT

“CYBER SECURITY ”

Submitted in partial fulfillment of the requirement of internship for

THIRD YEAR ENGINEERING

Computer Engineering

SPPU,PUNE

Submitted by

SHIVAM DAYANAND SURYAWANSHI

Roll no -22

Under the guidance of

Prof.S.V Shardul

Amruta Vaishnavi Education & Welfare Trust’s

Shatabdi Institute of Engineering & Research

At. Post- Agaskhind (Via Deolali Camp-Bhagur) Tal-Sinnar,
Dist-Nashik

DEPARTMENT OF COMPUTER ENGINEERING

ACADEMIC YEAR: 2023-2024

Page 1 of 35
 Amruta Vaishnavi Education & Welfare Trust’s
Shatabdi Institute of Engineering & Research
At. Post- Agaskhind (Via Deolali Camp-Bhagur) Tal-Sinnar,
Dist-Nashik
DEPARTMENT OF COMPUTER ENGNIEERING
ACADEMIC YEAR: 2023-2024

This is to certify that, this report entitled “CYBER SECURITY” submitted by

SHIVAM DAYANAND SURYAWANSHI for partial fulfillment of the requirement of
internship for THIRD YEAR ENGINEERING in COMPUTER ENGINEERING as
laid down by SAVITRIBAI PHULE PUNE UNIVERSITY, Pune, is a record of their
own work carried out by them under my supervision and guidance during year 2023 – 2024.

Place: Nashik

Date:

Prof S.V. Shardul Mrs.M.A. Dahale

INTERNSHIP GUIDE
TRAINING INCHARGE

Dr. P. G. VISPUTE
Prof.S.V. Mahale
PRINCIPAL
HEAD OF DEPARTMENT

Page 2 of 35
INTERNSHIP COMPLETION CERTIFICATE

Page 3 of 35
 Internship Place Details -

NetLeap IT Training and Solutions | Best IT Training Institute

Floor No.1 Avadhoot Aadhar Apartment, Gangapur Rd, above Luthra Agencies, Old Gangapur Naka,
Signal, Nashik, Maharashtra 422005

Company background – Organization:

NetLeap IT Training & Solutions is set up to provide quality, industry-oriented IT Training with future
needs of IT Infrastructure.

Provide extensive training in high end certification programs like Hardware / Networking, Cisco
Technologies, Redhat Linux, Red Hat Openstack, Ansible, Virtualization ,AWS, SOFTWARE
DEVELOPMENT, etc.

Activities / Scope:

• Network Security
• Application Security
• Information Security
• Endpoint Security
• Cloud Security

Object of the Study:

To analyze the Cybersecurity focuses on protecting computer systems, networks, and data from
unauthorized access, attacks, and breaches

Page 4 of 35
 Contents

Sr. No Content Page No

1 Introduction 7-9

2 CIA Traid 10

4 Network Security 11-12

5 Significance 13-14

8 Inventory Management Compliance 15-16

9 Flow Chart 17

10 Types Of Cyber Security 18

11 Types Of Cyber Attack 19-20

12 Cyber Security Vulnerabilities 21-22

13 Cyber Security Measures 23-24

15 Project-OWASP Calculation 25-32

16 Attendance 33

17 Conclusion 34

18 References 35

Page 5 of 35
 Abstract

Abstract of Cyber Security

Cyber security, a critical domain in today's digital era, encompasses the protection of computer
systems, networks, and data from cyber threats. With the increasing reliance on technology and the
interconnected nature of our digital infrastructure, the importance of cyber security cannot be
overstated. This abstract provides an overview of the key aspects of cyber security, including its
significance, challenges, and approaches.

Significance: Cyber security plays a vital role in safeguarding sensitive information, preserving
privacy rights, ensuring business continuity, and maintaining trust in digital systems. It protects
against a wide range of cyber threats, including malware, phishing attacks, ransomware, and insider
threats, which can result in financial losses, reputational damage, and legal liabilities.

Challenges: The evolving threat landscape presents numerous challenges for cyber security,
including the proliferation of sophisticated cyber attacks, the emergence of new technologies and
attack vectors, and the human factor, such as human error and negligence. Additionally, compliance
with regulatory requirements and the need to balance security with usability and productivity pose
significant challenges for organizations.

Approaches: Effective cyber security requires a multi-layered approach that combines technical
controls, security best practices, and user education. This includes implementing robust authentication
and access controls, deploying advanced threat detection and prevention technologies, conducting
regular security assessments and audits, and fostering a culture of security awareness and vigilance
among employees.

Page 6 of 35
Introduction
In today's interconnected world, cyber security plays a critical role in protecting individuals,
organizations, and governments from a wide range of threats. From data breaches to ransomware
attacks, the risks associated with cyber threats continue to evolve, making it essential to understand
the fundamentals of cyber security.

At its core, cyber security involves the practices, technologies, and processes designed to safeguard
digital assets, including computers, networks, and data, from unauthorized access, manipulation, or
destruction. With the proliferation of technology and the increasing reliance on digital platforms for
communication, commerce, and critical infrastructure, the need for effective cyber security measures
has never been greater.

This introduction serves as a gateway to exploring the various aspects of cyber security, including its
importance, key principles, emerging trends, and best practices. By gaining a deeper understanding of
cyber security fundamentals, individuals and organizations can better protect themselves against cyber
threats and mitigate potential risks to their digital assets and operations.

Understanding Cyber Security:

It involves protecting computers, networks, and data from unauthorized access or damage.

Importance of Cyber Security:

Failing to prioritize cyber security can lead to financial losses, reputational damage, and legal
liabilities.

Liability in Cyber Security:

Legal responsibility for cyber attacks and breaches falls on individuals, organizations, and
governments, emphasizing the need for compliance with data protection laws.

Vision for Cyber Security:

Creating a secure digital ecosystem through collaboration, best practices, and innovative technologies
is key.

Page 7 of 35
What Is A Cyber Security?

Cyber security, also known as information security or computer security, refers to the practice of
protecting computer systems, networks, data, and digital assets from unauthorized access,
exploitation, manipulation, or destruction. It encompasses a range of technologies, processes, and
practices designed to safeguard against cyber threats, including hackers, malware, ransomware,
phishing scams, and insider threats.

The primary goal of cyber security is to ensure the confidentiality, integrity, and availability of
information and resources in the digital realm. This involves implementing security measures such as
encryption, access controls, intrusion detection systems, firewalls, and security policies to prevent
unauthorized access to sensitive data, detect and respond to security incidents, and maintain the
uninterrupted operation of critical systems and services.

Cyber security is essential for protecting individuals, organizations, and governments from the
growing number and sophistication of cyber threats in today's interconnected world. It plays a crucial
role in safeguarding personal privacy, preserving business continuity, maintaining trust in digital
systems, and upholding national security interests.

Page 8 of 35
Why Cyber Security Is Important?

Cyber security is important because it protects computer systems, networks, data, and digital assets
from unauthorized access, exploitation, and harm. It encompasses a range of technologies, processes,
and practices designed to safeguard against cyber threats such as hackers, malware, phishing scams,
and insider threats.

The importance of cyber security stems from several key factors:

1. Protection of Data: Cyber security helps safeguard sensitive information, including personal data,
financial records, and intellectual property, from theft, manipulation, or unauthorized disclosure.

2. Preservation of Privacy: Cyber security measures ensure that individuals' privacy rights are
respected by preventing unauthorized access to personal information stored online, such as emails,
social media accounts, and browsing history.

3. Business Continuity: Cyber security is essential for maintaining the uninterrupted operation of
businesses and organizations by protecting critical systems and services from cyber attacks that could
disrupt operations or cause financial losses.

4. Trust and Confidence: Maintaining trust and confidence in digital systems and services is crucial
for fostering innovation, facilitating commerce, and sustaining economic growth. Cyber security helps
preserve trust by safeguarding the confidentiality, integrity, and availability of information and
resources.

5. Compliance and Legal Requirements: Organizations are subject to various laws, regulations, and
industry standards governing data protection, privacy, and cyber security. Compliance with these
requirements is essential for avoiding legal liabilities, regulatory fines, and reputational damage.

6. National Security: Cyber attacks can have significant national security implications, ranging from
espionage and sabotage to disruption of critical infrastructure and services. Cyber security measures
are essential for protecting against these threats and safeguarding the economic and national interests
of nations

Page 9 of 35
CIA TRIAD

The CIA triad is a foundational concept in cybersecurity, representing three core principles:
Confidentiality, Integrity, and Availability.

1. Confidentiality: Ensuring that data is accessible only to those authorized to access it. This involves
measures such as encryption, access controls, and secure communication channels.

2. Integrity: Ensuring that data is accurate, complete, and trustworthy. Measures to maintain integrity
include data validation, checksums, and digital signatures to detect unauthorized changes.

3. Availability: Ensuring that data and resources are accessible to authorized users when needed. This
involves measures such as redundancy, backups, and robust infrastructure to prevent downtime due to
cyberattacks or technical failures.

Page 10 of 35
Network Security

Network security involves protecting computer networks from unauthorized access, misuse,
modification, or denial of service. It encompasses various technologies, policies, and procedures
designed to secure the network infrastructure and the data transmitted over it. Key components of
network security include:

1. Firewalls: These are security barriers that monitor and control incoming and outgoing
network traffic based on predetermined security rules. They help prevent unauthorized access
to or from private networks.

2. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS): IDS
monitors network traffic for suspicious activity or known attack patterns, while IPS actively
blocks or filters malicious traffic.

3. Virtual Private Networks (VPNs): VPNs create encrypted tunnels over public networks,
such as the internet, to ensure secure remote access to private networks.

4. Antivirus and Antimalware Software: These programs detect and remove malicious
software (viruses, worms, Trojans, etc.) from computer systems and networks.

5. Authentication and Access Control: This involves verifying the identity of users and
devices trying to access the network and limiting their access based on predefined policies.

6. Encryption: Encrypting sensitive data before transmitting it over the network helps protect it
from unauthorized interception and disclosure.

7. Security Protocols: Implementing secure protocols (e.g., SSL/TLS for web traffic) helps
ensure the confidentiality and integrity of data transmitted over the network

8. Regular Updates and Patch Management: Keeping network devices, software, and security
measures up to date with the latest patches helps mitigate vulnerabilities and reduce the risk
of exploitation by attackers.

Page 11 of 35
9. Security Audits and Monitoring: Regularly auditing network security controls and
monitoring network activity for anomalies or signs of intrusion can help identify and address
security weaknesses proactively.

10. Employee Training and Awareness: Educating employees about security best practices,
such as creating strong passwords, recognizing phishing attempts, and avoiding suspicious
websites, can help prevent security breaches caused by human error.

Page 12 of 35
Significance

The Significance of Cyber Security

In today's digital age, where technology permeates every aspect of our lives, the significance
of cyber security cannot be overstated. Here are some key reasons why cyber security is of
paramount importance:

Protection of Sensitive Data:

Cyber security measures are essential for safeguarding sensitive information such as personal
data, financial records, and intellectual property. Breaches in security can lead to data theft,
identity fraud, and financial losses for individuals and organizations alike.

Preservation of Privacy:

Maintaining privacy is a fundamental human right in the digital age. Cyber security helps
protect individuals' privacy by preventing unauthorized access to personal information stored
online, such as social media accounts, emails, and browsing history.

Prevention of Financial Losses:

Cyber attacks can result in significant financial losses for businesses through theft of funds,
ransom demands, or disruption of operations. Investing in robust cyber security measures can
help mitigate these risks and protect against potential financial harm.

Protection of Critical Infrastructure:

Critical infrastructure such as power grids, transportation systems, and healthcare facilities
relies heavily on interconnected computer systems. Cyber security safeguards these systems
from attacks that could disrupt essential services and cause widespread chaos.

Page 13 of 35
Preservation of Reputation:

A data breach or cyber attack can tarnish an organization's reputation and erode customer
trust. Implementing effective cyber security measures not only protects against financial
losses but also helps maintain a positive public image and preserve stakeholder confidence.

Mitigation of Legal and Regulatory Risks:

Compliance with data protection laws and regulations is mandatory for businesses operating
in today's globalized marketplace. Failure to secure sensitive data can result in legal
liabilities, regulatory fines, and damage to corporate credibility.

Protection Against Emerging Threats:

As technology evolves, so do cyber threats. Cyber security measures must continually adapt
to address new and emerging threats such as ransomware, phishing scams, and artificial
intelligence-driven attacks.

In summary, cyber security is indispensable for protecting individuals, organizations, and

governments against a myriad of cyber threats. By prioritizing cyber security measures,
stakeholders can mitigate risks, preserve privacy, safeguard critical infrastructure, and
maintain trust in an increasingly interconnected

Page 14 of 35
Inventory Management Compliance

Inventory management compliance refers to adhering to regulations and standards governing

the tracking, handling, and reporting of inventory within a business or industry. Here's a brief
overview:

1. Regulatory Requirements: Depending on the industry and geographic location,

businesses may be subject to various regulatory requirements regarding inventory
management. These regulations often aim to ensure accuracy, transparency, and
accountability in inventory tracking and reporting.

2. Inventory Tracking: Compliance typically involves accurately tracking inventory levels,

movements, and transactions throughout the supply chain. This includes recording purchases,
sales, returns, transfers, and adjustments in inventory management systems.

3. Data Accuracy and Integrity: Maintaining accurate and reliable inventory data is crucial
for compliance. Businesses must implement processes and controls to minimize errors,
discrepancies, and fraud in inventory records.

4. Quality Control: Compliance: may require implementing quality control measures to

ensure the accuracy, safety, and integrity of inventory items. This may involve conducting
inspections, testing, and monitoring inventory for defects, expiration dates, or other quality
issues.

5. Documentation and Reporting: Businesses often need to maintain detailed

documentation of inventory transactions and activities for compliance purposes. This
includes keeping records of inventory counts, valuations, audits, and regulatory reports.

6. Security and Confidentiality: Protecting sensitive inventory data from unauthorized

access, theft, or loss is essential for compliance. Businesses may need to implement security
measures such as access controls, encryption, and physical safeguards to safeguard inventory
information.

Page 15 of 35
7. Audits and Compliance Checks: Compliance may involve undergoing periodic audits or
compliance checks to assess adherence to inventory management regulations and standards.
These audits may be conducted internally or by external regulatory agencies.

8. Technology and Automation: Leveraging inventory management software and

automation tools can help streamline compliance efforts by improving accuracy, efficiency,
and visibility into inventory processes.

9. Training and Education: Ensuring employees are trained on inventory management

policies, procedures, and compliance requirements is crucial for maintaining compliance.
This may include training on data entry, inventory handling, regulatory requirements, and
ethical practices.

10. Continuous Improvement: Compliance is an ongoing effort that requires continuous

monitoring, evaluation, and improvement of inventory management processes. Businesses
should regularly review and update their inventory management practices to address evolving
regulatory requirements and business needs.

Page 16 of 35
Flow Charts

Page 17 of 35
Types Of Cyber Security

Cybersecurity encompasses various approaches and measures aimed at protecting computer systems,
networks, and data from unauthorized access, cyberattacks, and data breaches. Here are some key
types of cybersecurity:

1. Network Security: Focuses on securing the integrity and confidentiality of data as it travels across
networks. This involves implementing firewalls, intrusion detection systems, and encryption protocols
to prevent unauthorized access and data interception.

2. Endpoint Security: Concerned with securing individual devices such as computers, smartphones,
and tablets. Endpoint security solutions include antivirus software, intrusion prevention systems, and
device encryption to protect against malware, phishing, and other threats.

3. Data Security: Involves protecting sensitive data from unauthorized access, disclosure, and
manipulation. Data security measures include encryption, access controls, data masking, and data loss
prevention techniques to safeguard valuable information.

4. Application Security: Focuses on securing software applications and preventing vulnerabilities

that could be exploited by attackers. This includes secure coding practices, regular security testing,
and the implementation of security controls such as authentication and authorization mechanisms.

5. Cloud Security: Addresses the unique security challenges associated with cloud computing
environments. This includes ensuring the confidentiality, integrity, and availability of data stored in
the cloud, as well as implementing access controls, encryption, and monitoring solutions.

6. Identity and Access Management (IAM): Involves managing user identities and controlling their
access to systems and resources. IAM solutions include user authentication, authorization, and
accountability mechanisms to ensure that only authorized users can access sensitive information.

Page 18 of 35
Types Of Cyber Attacks

Certainly! Cyberattacks encompass a wide range of malicious activities targeting computer systems,
networks, and data. Here's a brief explanation of some common types:

1. Malware Attacks: Malicious software, or malware, includes viruses, worms, Trojans, ransomware,
spyware, and adware. Malware infects systems to steal data, disrupt operations, or gain unauthorized
access.

2. Phishing Attacks: Phishing involves tricking users into revealing sensitive information such as
passwords, credit card numbers, or personal details by posing as a legitimate entity via email, text
message, or phone call.

3. Man-in-the-Middle (MitM) Attacks: In MitM attacks, an attacker intercepts communication

between two parties to eavesdrop, manipulate data, or steal information without the knowledge of the
communicating parties.

4. SQL Injection Attacks: SQL injection exploits vulnerabilities in web applications to inject
malicious SQL code into database queries, allowing attackers to access, modify, or delete data.

5. Cross-Site Scripting (XSS) Attacks: XSS attacks inject malicious scripts into web pages viewed
by other users, potentially stealing cookies, session tokens, or other sensitive information.

6. Ransomware Attacks: Ransomware encrypts a victim's files or locks them out of their system,
demanding a ransom payment for decryption or restoration of access.

7. Social Engineering Attacks: Social engineering manipulates individuals into divulging

confidential information or performing actions that compromise security, often through psychological
manipulation or deception.

Page 19 of 35
8. Zero-Day Exploits: Zero-day exploits target vulnerabilities in software or systems that are
unknown to the vendor or have not been patched yet, giving attackers a window of opportunity to
launch attacks before defenses can be put in place.

9. Insider Threats: Insider threats involve employees, contractors, or business partners who misuse
their access privileges to steal data, sabotage systems, or compromise security from within the
organization.

10. Botnet (Bot Network) Attacks: A botnet is a network of compromised computers or devices
controlled by a single entity, usually a hacker or a group of hackers. These compromised devices,
known as "bots" or "zombies," are typically infected with malicious software without the knowledge
of their owners. Botnet attacks can involve various malicious activities such as DDoS attacks, spam
distribution, information theft, and more. Hackers use botnets to carry out coordinated attacks,
leveraging the combined resources of multiple compromised devices.

11. Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks: In a DoS attack,
the attacker floods a target system, network, or service with an overwhelming amount of traffic or
requests, rendering it inaccessible to legitimate users. DDoS attacks are similar but involve multiple
sources (often compromised devices in a botnet) flooding the target simultaneously, making them
even more potent. These attacks aim to disrupt the availability of services, causing financial losses
and reputational damage to the targeted organization.

12. Domain Generation Algorithm (DGA) Attacks: Domain Generation Algorithms are techniques
used by malware to dynamically generate a large number of domain names to communicate with their
command and control (C&C) servers. This makes it difficult for security measures to block or
blacklist these domains effectively. DGA attacks are commonly associated with botnets and other
types of malware that rely on communication with external servers controlled by attackers. By using
DGAs, malware can evade detection and maintain persistence by constantly changing the domain
names it communicates with.

13. Network Attacks: Network attacks encompass a wide range of malicious activities targeting
networks, devices, or communication protocols. These attacks can include but are not limited to:
-Man-in-the-Middle (MitM) Attacks: Intercepting and possibly altering communication between
two parties without their knowledge.
-Packet Sniffing: Capturing data packets transmitted over a network to steal sensitive information.
-ARP Spoofing: Manipulating the Address Resolution Protocol (ARP) tables to redirect network
traffic to the attacker's device.
-Port Scanning: Searching for open ports on a target system to identify potential vulnerabilities or
services running on it.
-DNS Spoofing: Corrupting the Domain Name System (DNS) to redirect users to malicious websites
or serve

Page 20 of 35
Cyber Security Vulnerabilities

Cybersecurity weak points can exist at various levels within an organization's infrastructure,
processes, and human factors. Here are some common weak points:

1. Outdated Software and Systems: Legacy systems or software that are not regularly
updated or patched can contain vulnerabilities that attackers can exploit. Unsupported or end-of-life
software may no longer receive security updates, leaving them particularly vulnerable.

2. Weak Passwords and Authentication: Inadequate password policies, such as using

default or easily guessable passwords, or failing to implement multi-factor authentication, can make it
easier for attackers to gain unauthorized access to systems and accounts.

3. Lack of Employee Awareness and Training: Employees who are not adequately trained
in cybersecurity best practices may inadvertently fall victim to phishing scams, social engineering
attacks, or other forms of manipulation by attackers.

4. Insufficient Access Controls: Failure to implement proper access controls, such as least
privilege principles, can result in unauthorized users gaining access to sensitive data or systems.
Overly permissive access permissions can also increase the risk of insider threats.

5. Inadequate Network Security Measures: Weaknesses in network security, such as

unsecured Wi-Fi networks, unencrypted communications, or lack of intrusion detection systems, can
make it easier for attackers to intercept data or gain unauthorized access to network resources.

6. Poorly Configured or Misconfigured Security Controls: Misconfigurations in firewalls,

antivirus software, or other security controls can create vulnerabilities that attackers can exploit to
bypass defenses or launch attacks.

Page 21 of 35
 7. Lack of Incident Response Plan: Without a well-defined incident response plan,
organizations may struggle to detect, contain, and respond effectively to cyber incidents, resulting in
prolonged exposure to threats and increased damage.

8. Third-party and Supply Chain Risks: Organizations may be vulnerable to cyber attacks
through their relationships with third-party vendors, suppliers, or partners who may have weaker
cybersecurity practices, allowing attackers to exploit them as a pathway into the organization's
systems.

9. Data Privacy and Compliance Issues: Failure to comply with relevant data protection
regulations or industry standards can expose organizations to legal and financial consequences in the
event of a data breach or security incident.

10. Human Factors and Insider Threats: Malicious insiders or employees who unwittingly
compromise security due to negligence, lack of awareness, or malicious intent can pose significant
risks to an organization's cybersecurity postures

Page 22 of 35
Cyber Security Measures

Cybersecurity measures and protection strategies are crucial for safeguarding computer
systems, networks, and data from cyber threats. Here's a detailed overview of some key cybersecurity
measures and protection mechanisms:

1. Firewalls: Deploy firewalls to monitor and control incoming and outgoing network traffic
based on predefined security rules. Firewalls act as a barrier between a trusted internal network and
untrusted external networks, helping to prevent unauthorized access and cyber attacks.

2. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS): IDS and
IPS solutions monitor network traffic for suspicious activities or known attack patterns. IDS detects
and alerts on potential security incidents, while IPS can automatically block or respond to detected
threats in real-time.

3. Endpoint Security: Protect endpoint devices such as desktops, laptops, and mobile devices
with antivirus software, anti-malware solutions, and endpoint detection and response (EDR) tools.
Endpoint security solutions help detect and mitigate threats targeting individual devices.

4. Access Control and Authentication: Implement strong access controls and authentication
mechanisms to ensure that only authorized users have access to sensitive systems and data. Use multi-
factor authentication (MFA), biometric authentication, and least privilege principles to enhance

Page 23 of 35
 5. Encryption: Encrypt sensitive data both in transit and at rest to protect it from
unauthorized access or interception. Use encryption algorithms and protocols such as SSL/TLS for
secure communication and data encryption standards for data storage.

6. Patch Management: Regularly update and patch software, operating systems, and
firmware to address known vulnerabilities and security weaknesses. Patch management helps mitigate
the risk of exploitation by attackers targeting known vulnerabilities.

7. Security Awareness Training: Provide comprehensive cybersecurity awareness training

to employees to educate them about common threats, phishing scams, social engineering tactics, and
best practices for maintaining security. Security awareness training helps reduce the risk of human
error and improve overall security posture.

8. Incident Response Planning: Develop and maintain an incident response plan to

effectively detect, respond to, and recover from cybersecurity incidents. The incident response plan
should include procedures for incident detection, reporting, containment, eradication, and recovery.

9. Data Backup and Recovery: Implement regular data backup procedures to ensure that
critical data is regularly backed up and stored securely. Test backup and recovery processes regularly
to verify their effectiveness in restoring data in the event of a cyber incident.

10. Continuous Monitoring and Threat Intelligence: Implement continuous monitoring

tools and threat intelligence sources to detect and respond to security threats in real-time. Continuous
monitoring helps identify and mitigate security incidents quickly, while threat intelligence provides
insights into emerging threats and attack trends.

11. Regulatory Compliance: Ensure compliance with relevant cybersecurity regulations,

industry standards, and frameworks based on the organization's industry and geographical location.
Compliance with regulations such as GDPR, HIPAA, PCI DSS, ISO 27001, and NIST Cybersecurity
Framework helps mitigate legal and regulatory risks.

Page 24 of 35
 Cyber Security Project-OWASP Calculation

The OWASP Calculator is a comprehensive tool designed to evaluate the security posture
of web applications against common vulnerabilities and threats. In today's digital
landscape, web applications are prime targets for malicious actors seeking to exploit
vulnerabilities for various nefarious purposes. Hence, it is imperative for organizations to
regularly assess and enhance the security of their web applications.

The OWASP Calculator offers a systematic approach to identifying, prioritizing, and

addressing security issues within web applications. Leveraging industry best practices and
standards, the tool employs a varietyof assessment techniques, including vulnerability
scanning, penetration testing, and risk analysis.

Key features of the OWASP Calculator include:

1. Vulnerability Detection: The tool scans web applications for known security
vulnerabilities such as SQLinjection, cross-site scripting (XSS), cross-site request forgery
(CSRF), and more.

2. Risk Prioritization: It assigns risk scores to identified vulnerabilities based on factors

such as severity, exploitability, and potential impact, enabling organizations to prioritize
remediation efforts effectively.

3. Compliance Checking: The OWASP Calculator assesses web applications against

relevant security standards and guidelines, including OWASP Top 10, PCI DSS, and
GDPR, ensuring compliance with regulatory requirements.

4. Customization and Flexibility: Organizations can tailor the assessment criteria and
parameters accordingto their specific requirements, allowing for a flexible and adaptable
approach to security assessment.

5. Reporting and Analysis: The tool generates comprehensive reports detailing identified
vulnerabilities, associated risks, and recommended remediation measures. These reports
facilitate informed decision- making and communication with stakeholders.

By utilizing the OWASP Calculator, organizations can proactively identify and mitigate
security risks within their web applications, thereby enhancing their overall security
posture and safeguarding against potential threats.

In summary, the OWASP Calculator serves as a valuable asset for organizations committed
to maintainingthe security and integrity of their web applications in the face of evolving
cyber threats.

Page 25 of 35
 Project Aim

The project aim of the OWASP Calculator can be detailed as follows:

1. Comprehensive Security Assessment: The OWASP Calculator aims to provide

a comprehensive tool capable of thoroughly assessing the security posture of web
applications. Thisinvolves identifying vulnerabilities across various layers and
components of the application stack.

2. Risk Prioritization: One of the primary goals is to enable organizations to

prioritize remediationefforts effectively. The tool assigns risk scores to identified
vulnerabilities based on factors such as severity, exploitability, and potential
impact, allowing organizations to focus on addressing high-risk issues first.

3. Vulnerability Detection: The project aims to develop robust mechanisms for

detecting a widerange of security vulnerabilities commonly found in web
applications. This includes but is not limited to vulnerabilities such as SQL
injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and
more.

4. Adherence to Standards: The OWASP Calculator project endeavors to ensure

that web applications assessed using the tool comply with relevant security
standards and guidelines. Thismay include standards such as the OWASP Top
10, Payment Card Industry Data Security Standard (PCI DSS), General Data
Protection Regulation (GDPR), among others.

5. Flexibility and Customization: Recognizing the diverse nature of web

applications and organizational requirements, the project aims to offer flexibility
and customization options. Thisallows organizations to tailor the assessment
criteria and parameters according to their specific needs and environments.

6. Reporting and Analysis: Another crucial aspect is to provide detailed reports

that offer insightsinto identified vulnerabilities, associated risks, and
recommended remediation measures. These reports facilitate informed decision-
making and communication with stakeholders, including developers, security
teams, and management.

7. Proactive Security Measures: Ultimately, the OWASP Calculator aims to

promote a proactiveapproach to web application security. By empowering
organizations to identify and mitigate security risks early in the development
lifecycle, the project contributes to enhancing the overallsecurity and resilience
of web applications against evolving cyber threats.

By focusing on these key objectives, the OWASP Calculator project aims to serve as a
valuable asset for organizations striving to safeguard their web applications and protect
sensitive data frompotential security breaches.Problem Statement

Page 26 of 35
 Problem Statement for OWASP Calculation:

The problem statement of the OWASP Calculator project revolves around addressing the
inherent vulnerabilities and security risks present in web applications. Despite the
advancements in web technology, web applications remain susceptible to a wide range of
exploits and threats, including but not limited to SQL injection, cross-site scripting (XSS),
cross-site request forgery (CSRF), andmore. The lack of effective tools and methodologies
for systematically assessing and mitigating these vulnerabilities poses a significant
challenge for organizations seeking to protect their web applications and the sensitive data
they handle. Furthermore, the absence of standardized approaches for prioritizing
remediation efforts and ensuring compliance with relevant security standards exacerbates
the problem, leading to potential security breaches, data leaks, and compromised user trust.
Therefore, there is a pressing need for a comprehensive and adaptable solution like the
OWASP Calculator that can efficiently detect, prioritize, and address security
vulnerabilities in web applications while facilitating compliance with industry standards
andregulations

Page 27 of 35
System Analysis and Requirement

2.1 Required environment

The system development environment shows the hardware and software
requirements,which is necessary for developing the software. Necessary
softwareand hardwarerequirements, which are necessary for making this
software are as follows:

• Software requirement
➢ Operating system: Windows 7 or 10
➢ HTML
➢ Visual Studio Code

• Hardware requirement
➢ Processor: A multicore processor with a speed of at
least 1.6 GHz or higher is recommended. Intel
Core i3, i5, or i7 series or equivalent AMD
processors.
➢ Ram: A minimum of 4 GB RAM is recommended.
➢ Storage: 128GB HDD or SSD

Page 28 of 35
 Software system specification

Project Name: OWASP Calculator

Abstract: The OWASP Calculator stands as a robust and indispensable
tool in the realm of web application security assessment. Its
comprehensive design encompasses a multitude of
techniques and methodologies, all aimed at meticulously
scrutinizing web applications for prevalent vulnerabilities
and threats. Drawing from established industry standards and
best practices, the OWASP Calculator integrates various
approaches, including vulnerability scanning, penetration
testing, and rigorous risk analysis. Through these
methodologies, it systematically identifies and catalogues
security issues, ranging from common exploits like SQL
injection and cross-site scripting (XSS) to more sophisticated
threats like cross-site request forgery (CSRF). What sets the
OWASP Calculator apart is its capacity to not merely identify
vulnerabilities, but also to assign risk scores to each, thereby
enabling organizations to prioritize remediation efforts
effectively
Language: HTML
IDE: Visual Studio Code
Compiler Google Chrome

Graph Chart.js
Type: Desktop Application
Recommended T.E Students
for:

Page 29 of 35
 Further scope
The future scope of the OWASP Calculator project encompasses several avenues for
expansion, enhancement, and adaptation to evolving cybersecurity landscapes. Here are
some potential areas of futuredevelopment:

1. Advanced Threat Detection: Incorporate machine learning and artificial intelligence

techniques to enhance the capability of the OWASP Calculator in identifying and
mitigating emerging threats and zero- day vulnerabilities.

2. Cloud-Native Security Assessments: Extend the OWASP Calculator to support security

assessments of cloud-native applications and microservices architectures, considering the
unique security challenges posedby cloud environments.

3. Container Security: Develop capabilities to assess the security of containerized

applications and containerorchestration platforms (e.g., Kubernetes) to address the growing
adoption of container technology in modern application deployments.

4. API Security: Expand the scope of the OWASP Calculator to include assessments of
API security, considering the critical role of APIs in modern web application architectures
and the increasing prevalenceof API-related security vulnerabilities.

5. DevSecOps Integration: Strengthen integration with DevSecOps practices and

toolchains to facilitate automated security assessments throughout the software
development lifecycle, promoting a shift-left approach to security.

6. Threat Intelligence Integration: Integrate threat intelligence feeds and security

information and event management (SIEM) systems to enrich the OWASP Calculator's
capabilities with real-time insights into emerging threats and attack patterns.

7. Interactive Training and Education: Develop interactive training modules and

educational resources to help developers and security professionals better understand and
address common vulnerabilities identifiedby the OWASP Calculator.

8. Community Collaboration and Contribution: Foster an active community around the

OWASP Calculator project, encouraging collaboration, knowledge sharing, and
contributions from security experts, developers,and organizations worldwide.

9. Compliance Automation: Enhance automation capabilities to streamline compliance

assessments and reporting processes, helping organizations demonstrate adherence to
regulatory requirements more efficiently.

Page 30 of 35
System Design

Page 31 of 35
ER Diagram

Page 32 of 35
Attendence
SR NO DATE DAY WORK DONE
1 11/12/2023 Monday Introduction To Cyber Security
2 12/12/2023 Tuesday Understood CIA Traid
3 13/12/2023 Wednesday Network Security
4 14/12/2023 Thursday Inventory Management Compliance
5 15/12/2023 Friday Cyber Security Work Flow
6 16/12/2023 Saturday BAT File Testing
7 17/12/2023 Sunday Holiday
8 18/12/2023 Monday Intro Of CMD
9 19/12/2023 Tuesday Performed CMD Commands
10 20/12/2023 Wednesday Types Of Cyber Attacks
11 21/12/2023 Thursday Intro To Cyber Policies
12 22/12/2023 Friday Task To Find Vulnerabilities In A Systems
13 23/12/2023 Saturday Introduction To Linux
14 24/12/2023 Sunday Holiday
15 25/12/2023 Monday Holiday
16 26/12/2023 Tuesday Basics Of Cryptography
17 27/12/2023 Wednesday Identify Internal Threats
18 28/12/2023 Thursday Analzying On Cyber Attacks
19 29/12/2023 Friday Intro To Types Of Hackers
20 30/12/2023 Saturday Awareness Regarding Cyber Crimes
21 31/12/2023 Sunday Holiday
22 01/01/2024 Monday Learned About Cyber Attacks Measures
23 02/01/2024 Tuesday Made An Audit About System Specification
24 03/01/2024 Wednesday Updated Software And Drivers Of All Desktops
25 04/01/2024 Thursday Updated Desktop With Latest Security Patch
26 04/01/2024 Friday Task Given To Develop Project On OWASP
Calculation
27 05/01/2024 Saturday Prepared The Project Model
28 06/01/2024 Sunday Holiday(We Prepared The Project At Home)
29 07/01/2024 Monday Tested Our Project In Every Systems
30 08/01/2024 Tuesday Deployed Our Project After All Testing
31 09/01/2024 Wednesday Represented Our Project OWASP Calculation
Infront Our Guide And Other Interns
32 11/01/2024 Friday Awarded With An Internship Completion
Certificate

Page 33 of 35
Conclusion

Cybersecurity is an ever-evolving field crucial to safeguarding digital assets and ensuring the
integrity, confidentiality, and availability of information in an increasingly interconnected
world. As technology advances, so do the threats, making it imperative for organizations and
individuals to remain vigilant and proactive in their approach to cybersecurity.

In conclusion, effective cybersecurity requires a multi-faceted strategy encompassing robust

policies, vigilant monitoring, advanced technologies, and a well-trained workforce. It's not
merely a matter of deploying the latest security tools but also fostering a culture of security
awareness and continuous improvement.

Organizations must adopt a proactive stance, anticipating and mitigating potential threats
before they materialize. This includes investing in cutting-edge technologies such as artificial
intelligence and machine learning to detect and respond to threats in real-time.

Furthermore, collaboration between governments, private sector entities, academia, and

international organizations is essential to combatting cyber threats effectively. Information
sharing and coordinated responses can enhance the collective resilience of the global
community against cyber attacks.

Ultimately, cybersecurity is everyone's responsibility, from individual users to multinational

corporations. By prioritizing cybersecurity, embracing best practices, and staying informed
about emerging threats, we can collectively create a safer digital environment for generations
to come.

Page 34 of 35
References

Cybersecurity Agenda for the 45th President. (2017, January 5). Retrieved
from https://www.csis.org/news/cybersecurity-agenda-45th-president

Applications Now Available for City Colleges of Chicago’s New Cyber Security “Boot
Camp”. (2017, March 18). Retrieved
from http://www.ccc.edu/news/Pages/Applications-Now-Available-for-City-Colleges-
of-Chicagos-New-Cyber-Security-Boot-Camp-.aspx

ApprenticeshipUSA Investments. (2017, June 22). Retrieved

from https://www.dol.gov/featured/apprenticeship/grants

Assante, M., Tobey, D. (2011, February 4). Enhancing the Cybersecurity Workforce.
Retrieved from http://ieeexplore.ieee.org/document/5708280/

Cyber Discovery | NICERC. (2016). Retrieved from https://nicerc.org/events/cyber-

discovery/

Page 35 of 35