Professional Documents
Culture Documents
Topics to Revise
• CIA Triad
• Black hat vs white hat hacker
• 4 fundamental strategies in software design and coding to prevent
attacks
• Traditional vs Virtual Network
• Measures to counteract hackers in general
• SQL injection ( what is , example , how to prevent it)
• Web server and web application security
Topics to Revise
• ‘Eve in the middle’ attack and how Eve intercepts and decrypts the
message
• Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) with
examples
• Penetration Testing and importance
• Programming language security (C++, C, Java, and PHP)
• secure coding guidelines
The tools of the trade
– models to tackle
hackers
CIA Triad
The CIA developed a model
for security : Confidentiality,
Integrity, Availability
The tools of the trade – models to tackle hackers
Confidentiality Availability
• Means that the private and sensitive • Means the system’s ability to
data handled by the application remain operational even in the
cannot be read by anyone who has face of failure or attack
no authorization
Integrity
• Means the data processed by any
application is not modified by any
unauthorized channels or
unauthorized persons.
Compare and Contrast between Black Hat
Hacker and White hat hacker [ 8 marks]
Compare and Contrast between Black Hat
Hacker and White hat hacker [ 8 marks]
Black Hat Hacker ( Cracker) White Hat Hacker
Their intentions are selfish or harmful in nature. Their intentions are noble and often aim to benefit or
protect others.
Search for the security vulnerabilities to exploit them. They search for security vulnerabilities and offer
suggestions and solutions to patch them.
Write malware to hack devices, servers, and Develop security software, tools, and techniques to
websites. detect and remove malware
Conclusion : on your own e.g I think cracker is the bad guy and white hat hacker is a good guys
4 fundamental strategies in software design and coding to
prevent attacks
• The main reason penetration • Pen tests also offer insight into
tests are crucial to an which channels in your
organization’s security is that organization or application are
they help personnel learn how most at risk and thus what
to handle any type of break-in types of new security tools you
from a malicious entity should invest in or protocols
you should follow.
Programming language security (Java)
• Cross-site scripting (XSS) and SQL injection are some of the most
abundantly found security vulnerabilities in PHP. As cross-site scripting
is the most common type of web application security vulnerability it
can affect a wide variety of users.
• Although it is seen as less harmful than SQL injection, it still poses a
great risk as attackers can use it to steal session cookies which can
contain login information, granting them access to the victim’s
account.
• SQL injection poses a critical threat as it targets servers and databases
Secure Coding Guidelines
1. Validate input. Validate input from all untrusted data sources. Proper input
validation can eliminate the vast majority of software vulnerabilities.
2. Keep it simple. Keep the design as simple and small as possible
3. Practice defense in depth. Manage risk with multiple defensive strategies, so
that if one layer of defense turns out to be inadequate, another layer of defense
can prevent a security flaw from becoming an exploitable vulnerability
4. Adopt a secure coding standard. Develop and/or apply a secure coding
standard for your target development language and platform