ЈЈ
Uploaded byЈаѓќеѕн Јажѕшаф
PPTX, PDF59 views

Ethical hacking

The document discusses ethical hacking, which involves assessing and maintaining the security of systems by identifying vulnerabilities without causing harm. It outlines the phases of ethical hacking, key vulnerabilities such as SQL injection and broken authentication, and the importance of reporting findings. Additionally, it covers testing scenarios, qualities of ethical hackers, and a brief history of the practice.

Embed presentation

Download to read offline
lokesh kumar Jayswal IT Sem iii ethical hacking UCER NAINI
hacking | ˈhakiNG | ; noun Hacking is an act of finding possible entry points existing in the system or computer network and accessing them for personal interests .
what is ethical hacking ? Hacking a system or network with intend to evaluate and maintain vulnerability of the targeted security.
why we do ethical hacking ? The idea of testing the security of a system by trying to break into it is essential to operational fluent of system. Whether an automobile company is crash-testing cars, or an individual is testing his or her skill at martial arts by sparring with a partner, evaluation by testing under attack from a real adversary is widely concerned globally.
how we do ethical hacking ? Ethical hacker employ the same tools and techniques as the intruders, but they would neither damage the target systems nor steal information. they would evaluate the target systems’ security and report back to the owners with the vulnerabilities they found and instructions for how to remedy them
phases of ethical hacking • Reconnaissance [ preparatory stage ] Reconnaissance is a set of processes and techniques used to covertly discover and collect information about a target system. Where an attacker learns about all of the possible attack vectors that can be used in their plan.
• Scanning and enumeration Scanning is the process where the attacker begins to actively probe a target machine or network for vulnerabilities that can be exploited. Enumeration is the ability of the hacker to convince some servers to give them information that is vital to them to make an attack. Enumeration is the ability of the hacker to convince some servers to give them information that is vital to them to make an attack. top vulnerabilities • INJECTION Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorisation.
• BROKEN AUTHENTICATION Application functions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities temporarily or permanently. • SENSITIVE DATA EXPOSURE Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser. • XML ENTERNAL ENTITIES Many older or poorly configured XML processors evaluate external entity references within XML documents. External entities can be used to disclose internal files using the file URI handler, internal file shares, internal port scanning, remote code execution, and denial of service attacks. • BROKEN ACCESS CONTROL Restrictions on what authenticated users are allowed to do are often not properly enforced. Attackers can exploit these flaws to access unauthorised functionality and/or data, such as access other users’ accounts, view sensitive files, modify other users’ data, change access rights, etc.
• SECURITY MISCONFIGURATION A result of insecure default configurations, incomplete or ad hoc configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages containing sensitive information. Not only must all operating systems, frameworks, libraries, and applications be securely configured, but they must be patched/upgraded in a timely fashion. • CROSS-SITE SCRIPTING XSS flaws occur whenever an application includes untrusted data in a new web page without proper validation or escaping, or updates an existing web page with user-supplied data using a browser API that can create HTML or JavaScript. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites. • INSECURE DESERIALIZATION Insecure deserialisation often leads to remote code execution. Even if deserialisation flaws do not result in remote code execution, they can be used to perform attacks, including replay attacks, injection attacks, and privilege escalation attacks. • USING COMPONENTS WITH KNOWN VULNERABILITIES Components, such as libraries, frameworks, and other software modules, run with the same privileges as the application. If a vulnerable component is exploited, such an attack can facilitate serious data loss or server takeover. Applications and APIs using components with known vulnerabilities may undermine application defences and enable various attacks and impacts.
• Gaining Access In this process, the vulnerability is located and you attempt to exploit it in order to enter into the system. This is the actual hacking phase in which the hacker gains access to the system in every possible ways. • INSUFFICENT LOGGING AND MONITORING Insufficient logging and monitoring, coupled with missing or ineffective integration with incident response, allows attackers to further attack systems, maintain persistence, pivot to more systems, and tamper, extract, or destroy data. Most breach studies show time to detect a breach is over 200 days, typically detected by external parties rather than internal processes or monitoring.
• Reporting Reporting is the last step of finishing the ethical hacking process. Here the Ethical Hacker compiles a report with his findings and the job that was done such as the tools used, the success rate, vulnerabilities found, and the exploit processes . This phase is the most critical phase of the all as the information is sensitive and be extremely dangerous if it fell into the wrong hands.
tests of ethical hacking • Remote network : This test simulates the intruder launching an attack across the Internet. The primary defences that must be defeated here are border firewalls, filtering routers, and Web servers. • Remote dial-up network. This test simulates the intruder launching an attack against the client’s modem pools. The primary defences that must be defeated here are user authentication schemes.
• Local network : This test simulates an employee or other authorised person who has a legal connection to the organisations network. The primary defences that must be defeated here are intranet firewalls, internal Web servers, server security measures, and e-mail systems. • Social engineering : This test evaluates the target organization’s staff as to whether it would leak information to someone. Most people are basically helpful, so it seems harmless to share data or provide unauthorised help. The only defence against this is to raise security awareness.
perspective while tests • Outsider • Semi outsider • Valid user has very limited knowledge about the target systems. The only information used is available through public sources on the Internet. has limited access to one or more of the organisations computers or networks. This tests scenarios such as a bank allowing its depositors to use special software and a modem to access information about their accounts has valid access to at least some of the organisations computers and networks.
qualities of a ethical hacker • Be completely trustworthy as a person • Must have very strong programming and computer networking skills • Has brief knowledge of various operating softwares and system • must be persistent.
history of ethical hacking • this method of evaluating the security of a system has been in use from the early days of computers. In one early ethical hack, the United States Air Force conducted a “security evaluation” of the Multics operating systems for “potential use as a two-level system. • Farmer and Venema discussed publicly first time, this idea of using the technique of the hacker to asses the security of system. With the goal raising standardising security of internet and intranet in December of 1993.
“ IBM SYSTEMS JOURNAL, VOL 40, NO. 3, 2001” - references “ https://owasp.org/www-project-top-ten/, Top 10 Web Application Security Risks ”
Any Queries ? thanking you.

More Related Content

PPTX
Security
bychian417
 
PPTX
Security vulnerability
byA. Shamel
 
PPTX
Information Security (Malicious Software)
byZara Nawaz
 
PPTX
information security(authentication application, Authentication and Access Co...
byZara Nawaz
 
PPTX
Ethical Hacking
byBugRaptors
 
PPTX
Types of Malware (CEH v11)
byEC-Council
 
PPTX
Cryptography and Network security # Lecture 3
byKabul Education University
 
PPTX
Information security ist lecture
byZara Nawaz
 
Security
bychian417
 
Security vulnerability
byA. Shamel
 
Information Security (Malicious Software)
byZara Nawaz
 
information security(authentication application, Authentication and Access Co...
byZara Nawaz
 
Ethical Hacking
byBugRaptors
 
Types of Malware (CEH v11)
byEC-Council
 
Cryptography and Network security # Lecture 3
byKabul Education University
 
Information security ist lecture
byZara Nawaz
 

What's hot

PPTX
Ethical Hacking n VAPT presentation by Suvrat jain
bySuvrat Jain
 
PDF
Ethical hacking and social engineering
bySweta Kumari Barnwal
 
PDF
Ethical hacking
byMohammad Affan
 
PPTX
Ethical Hacking Services
byVirtue Security
 
PPTX
Ethical hacking
byAlapan Banerjee
 
PPTX
Cyber Security # Lec 2
byKabul Education University
 
PPTX
What is security testing and why it is so important?
byONE BCG
 
PDF
Cyber security slideshare_oct_2020
byArun Velayudhan
 
PPT
Lect13 security
byUmang Gupta
 
PPTX
Protection from hacking attacks
bySugirtha Jasmine M
 
ODP
Network Security Topic 1 intro
byKhawar Nehal [email protected]
 
PPT
Ethical hacking-ppt-download4575
byGopal Rathod
 
PDF
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
byEdureka!
 
PPTX
CS8792 - Cryptography and Network Security
byvishnukp34
 
PPTX
What's new in​ CEHv11?
byEC-Council
 
PPTX
Ethical Hacking
byChetanmalviya8
 
PDF
Hacking and Ethical Hacking
byMasih Karimi
 
PPTX
Virus and hacker (2)mmm
byandynova
 
PPTX
Data base security and injection
byA. Shamel
 
DOC
Honeypot Essentials
byAnton Chuvakin
 
Ethical Hacking n VAPT presentation by Suvrat jain
bySuvrat Jain
 
Ethical hacking and social engineering
bySweta Kumari Barnwal
 
Ethical hacking
byMohammad Affan
 
Ethical Hacking Services
byVirtue Security
 
Ethical hacking
byAlapan Banerjee
 
Cyber Security # Lec 2
byKabul Education University
 
What is security testing and why it is so important?
byONE BCG
 
Cyber security slideshare_oct_2020
byArun Velayudhan
 
Lect13 security
byUmang Gupta
 
Protection from hacking attacks
bySugirtha Jasmine M
 
Network Security Topic 1 intro
byKhawar Nehal [email protected]
 
Ethical hacking-ppt-download4575
byGopal Rathod
 
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
byEdureka!
 
CS8792 - Cryptography and Network Security
byvishnukp34
 
What's new in​ CEHv11?
byEC-Council
 
Ethical Hacking
byChetanmalviya8
 
Hacking and Ethical Hacking
byMasih Karimi
 
Virus and hacker (2)mmm
byandynova
 
Data base security and injection
byA. Shamel
 
Honeypot Essentials
byAnton Chuvakin
 

Similar to Ethical hacking

PPTX
ethical cyber security Presentation.pptx
byancymichael123
 
PPTX
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
byShivam Sahu
 
PPTX
Ethical Hacking
byNitheesh Adithyan
 
PPTX
building foundation for ethical hacking.ppt
byShivaniSingha1
 
PPTX
EthicalHacking.pptx
byDrPrabakaranPerumal
 
PPTX
Ethical hacking
bySaqib Raza
 
PPTX
Dr.J.Jegan - Ethical Hacking - 06.12.2024.pptx
byFerozaMirajkar1
 
PPTX
Ethical hacking concept-Part 1
bySaurabh Upadhyay
 
PPTX
Cyber Security PPT
byashish kumar
 
PPTX
ethical hacking
bysamprada123
 
PPTX
Session on Cyber security and Ethical Hacking.pptx
byVicky Tyagi
 
PDF
Ceh v5 module 01 introduction to ethical hacking
byVi Tính Hoàng Nam
 
PDF
ISACA Ethical Hacking Presentation 10/2011
byXavier Mertens
 
PPTX
ethical_hacking_presentation.pptx .
byrealkingakash147
 
PDF
A REVIEW PAPER ON ETHICAL HACKING
byNathan Mathis
 
DOCX
Final report ethical hacking
bysamprada123
 
DOCX
Ethical hacking
byNitheesh Adithyan
 
DOCX
Ethical hacking
byAsaduzzaman Kanok
 
PDF
IRJET-Ethical Hacking
byIRJET Journal
 
PPT
29386971 hacking
byjoeymar143
 
ethical cyber security Presentation.pptx
byancymichael123
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
byShivam Sahu
 
Ethical Hacking
byNitheesh Adithyan
 
building foundation for ethical hacking.ppt
byShivaniSingha1
 
EthicalHacking.pptx
byDrPrabakaranPerumal
 
Ethical hacking
bySaqib Raza
 
Dr.J.Jegan - Ethical Hacking - 06.12.2024.pptx
byFerozaMirajkar1
 
Ethical hacking concept-Part 1
bySaurabh Upadhyay
 
Cyber Security PPT
byashish kumar
 
ethical hacking
bysamprada123
 
Session on Cyber security and Ethical Hacking.pptx
byVicky Tyagi
 
Ceh v5 module 01 introduction to ethical hacking
byVi Tính Hoàng Nam
 
ISACA Ethical Hacking Presentation 10/2011
byXavier Mertens
 
ethical_hacking_presentation.pptx .
byrealkingakash147
 
A REVIEW PAPER ON ETHICAL HACKING
byNathan Mathis
 
Final report ethical hacking
bysamprada123
 
Ethical hacking
byNitheesh Adithyan
 
Ethical hacking
byAsaduzzaman Kanok
 
IRJET-Ethical Hacking
byIRJET Journal
 
29386971 hacking
byjoeymar143
 

Recently uploaded

PDF
Introduction to Cloud Computing-Cloud Security by Dr. K. Adisesha
byAdiseshaK
 
PPTX
Importance of Management of Change | MaintWiz CMMS
byMaintWiz Technologies Private Limited
 
PPTX
Beyond SAP: Domain-Specific SaaS for Maintenance 4.0 | MaintWiz CMMS
byMaintWiz Technologies Private Limited
 
PPTX
Factory_Automation used in Various Factories_Unit2_Detailed.pptx
bybekhem2008
 
PDF
AI-DRIVEN CTI FOR BUSINESS: EMERGING THREATS, ATTACK STRATEGIES, AND DEFENSIV...
byAIRCC Publishing Corporation
 
PDF
Step by Step Guide to OVERHAULING GENERATORS on Ships
byMahmoud Moghtaderi
 
PDF
Operating System Concepts-Linux and Shell Programming by K. Adi
byAdiseshaK
 
PPTX
Green-ICT-and-Sustainable-Technology-Powering-a-Greener-Digital-Future.pptx
byRAJVEEPATEL13
 
PPTX
Rahul Sharma.pptx for summer internshipp
byirfan7231089794
 
PPTX
chapter 2 EMI Mitigation techniques.pptx
bybewnet
 
PDF
Meraki Cloud Management and Monitoring for Catalyst - Cisco Certificate
byVICTOR MAESTRE RAMIREZ
 
PDF
A Guide to Boiler Operation and Maintenance
byMahmoud Moghtaderi
 
PPTX
Pavement Quality Concrete Design Lecture.pptx
byAditya Rajan Patra
 
PDF
A Guide to Boiler Construction and Design
byMahmoud Moghtaderi
 
PPTX
Centrifugal Pumping Energy Efficiency .pptx
bykailashtarde2
 
PPTX
Brick- its Types , uses , advantages and limitations .pptx
bydhanashree78
 
PDF
Unit - III Analysis of Pin Jointed Plane Trusses / Frames
bynmmorkane
 
PPT
15-Ozone-pt-1-web-2010.pptSolar panel with sun position tracking
bychiragv1411005
 
PDF
EFFECT OF ULTRAVIOLET RADIATION ON STRUCTURAL PROPERTIES OF NANOWIRES
byijoejnl
 
PDF
Architecture notes Architecture notes Architecture notes
byjosellelucillecayana
 
Introduction to Cloud Computing-Cloud Security by Dr. K. Adisesha
byAdiseshaK
 
Importance of Management of Change | MaintWiz CMMS
byMaintWiz Technologies Private Limited
 
Beyond SAP: Domain-Specific SaaS for Maintenance 4.0 | MaintWiz CMMS
byMaintWiz Technologies Private Limited
 
Factory_Automation used in Various Factories_Unit2_Detailed.pptx
bybekhem2008
 
AI-DRIVEN CTI FOR BUSINESS: EMERGING THREATS, ATTACK STRATEGIES, AND DEFENSIV...
byAIRCC Publishing Corporation
 
Step by Step Guide to OVERHAULING GENERATORS on Ships
byMahmoud Moghtaderi
 
Operating System Concepts-Linux and Shell Programming by K. Adi
byAdiseshaK
 
Green-ICT-and-Sustainable-Technology-Powering-a-Greener-Digital-Future.pptx
byRAJVEEPATEL13
 
Rahul Sharma.pptx for summer internshipp
byirfan7231089794
 
chapter 2 EMI Mitigation techniques.pptx
bybewnet
 
Meraki Cloud Management and Monitoring for Catalyst - Cisco Certificate
byVICTOR MAESTRE RAMIREZ
 
A Guide to Boiler Operation and Maintenance
byMahmoud Moghtaderi
 
Pavement Quality Concrete Design Lecture.pptx
byAditya Rajan Patra
 
A Guide to Boiler Construction and Design
byMahmoud Moghtaderi
 
Centrifugal Pumping Energy Efficiency .pptx
bykailashtarde2
 
Brick- its Types , uses , advantages and limitations .pptx
bydhanashree78
 
Unit - III Analysis of Pin Jointed Plane Trusses / Frames
bynmmorkane
 
15-Ozone-pt-1-web-2010.pptSolar panel with sun position tracking
bychiragv1411005
 
EFFECT OF ULTRAVIOLET RADIATION ON STRUCTURAL PROPERTIES OF NANOWIRES
byijoejnl
 
Architecture notes Architecture notes Architecture notes
byjosellelucillecayana
 

Ethical hacking

  • 1.
    lokesh kumar Jayswal ITSem iii ethical hacking UCER NAINI
  • 2.
    hacking | ˈhakiNG |; noun Hacking is an act of finding possible entry points existing in the system or computer network and accessing them for personal interests .
  • 3.
    what is ethical hacking? Hacking a system or network with intend to evaluate and maintain vulnerability of the targeted security.
  • 4.
    why we do ethicalhacking ? The idea of testing the security of a system by trying to break into it is essential to operational fluent of system. Whether an automobile company is crash-testing cars, or an individual is testing his or her skill at martial arts by sparring with a partner, evaluation by testing under attack from a real adversary is widely concerned globally.
  • 5.
    how we do ethicalhacking ? Ethical hacker employ the same tools and techniques as the intruders, but they would neither damage the target systems nor steal information. they would evaluate the target systems’ security and report back to the owners with the vulnerabilities they found and instructions for how to remedy them
  • 6.
    phases of ethical hacking •Reconnaissance [ preparatory stage ] Reconnaissance is a set of processes and techniques used to covertly discover and collect information about a target system. Where an attacker learns about all of the possible attack vectors that can be used in their plan.
  • 7.
    • Scanning andenumeration Scanning is the process where the attacker begins to actively probe a target machine or network for vulnerabilities that can be exploited. Enumeration is the ability of the hacker to convince some servers to give them information that is vital to them to make an attack. Enumeration is the ability of the hacker to convince some servers to give them information that is vital to them to make an attack. top vulnerabilities • INJECTION Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorisation.
  • 8.
    • BROKEN AUTHENTICATION Applicationfunctions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities temporarily or permanently. • SENSITIVE DATA EXPOSURE Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser. • XML ENTERNAL ENTITIES Many older or poorly configured XML processors evaluate external entity references within XML documents. External entities can be used to disclose internal files using the file URI handler, internal file shares, internal port scanning, remote code execution, and denial of service attacks. • BROKEN ACCESS CONTROL Restrictions on what authenticated users are allowed to do are often not properly enforced. Attackers can exploit these flaws to access unauthorised functionality and/or data, such as access other users’ accounts, view sensitive files, modify other users’ data, change access rights, etc.
  • 9.
    • SECURITY MISCONFIGURATION Aresult of insecure default configurations, incomplete or ad hoc configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages containing sensitive information. Not only must all operating systems, frameworks, libraries, and applications be securely configured, but they must be patched/upgraded in a timely fashion. • CROSS-SITE SCRIPTING XSS flaws occur whenever an application includes untrusted data in a new web page without proper validation or escaping, or updates an existing web page with user-supplied data using a browser API that can create HTML or JavaScript. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites. • INSECURE DESERIALIZATION Insecure deserialisation often leads to remote code execution. Even if deserialisation flaws do not result in remote code execution, they can be used to perform attacks, including replay attacks, injection attacks, and privilege escalation attacks. • USING COMPONENTS WITH KNOWN VULNERABILITIES Components, such as libraries, frameworks, and other software modules, run with the same privileges as the application. If a vulnerable component is exploited, such an attack can facilitate serious data loss or server takeover. Applications and APIs using components with known vulnerabilities may undermine application defences and enable various attacks and impacts.
  • 10.
    • Gaining Access Inthis process, the vulnerability is located and you attempt to exploit it in order to enter into the system. This is the actual hacking phase in which the hacker gains access to the system in every possible ways. • INSUFFICENT LOGGING AND MONITORING Insufficient logging and monitoring, coupled with missing or ineffective integration with incident response, allows attackers to further attack systems, maintain persistence, pivot to more systems, and tamper, extract, or destroy data. Most breach studies show time to detect a breach is over 200 days, typically detected by external parties rather than internal processes or monitoring.
  • 11.
    • Reporting Reporting isthe last step of finishing the ethical hacking process. Here the Ethical Hacker compiles a report with his findings and the job that was done such as the tools used, the success rate, vulnerabilities found, and the exploit processes . This phase is the most critical phase of the all as the information is sensitive and be extremely dangerous if it fell into the wrong hands.
  • 12.
    tests of ethical hacking •Remote network : This test simulates the intruder launching an attack across the Internet. The primary defences that must be defeated here are border firewalls, filtering routers, and Web servers. • Remote dial-up network. This test simulates the intruder launching an attack against the client’s modem pools. The primary defences that must be defeated here are user authentication schemes.
  • 13.
    • Local network: This test simulates an employee or other authorised person who has a legal connection to the organisations network. The primary defences that must be defeated here are intranet firewalls, internal Web servers, server security measures, and e-mail systems. • Social engineering : This test evaluates the target organization’s staff as to whether it would leak information to someone. Most people are basically helpful, so it seems harmless to share data or provide unauthorised help. The only defence against this is to raise security awareness.
  • 14.
    perspective while tests • Outsider •Semi outsider • Valid user has very limited knowledge about the target systems. The only information used is available through public sources on the Internet. has limited access to one or more of the organisations computers or networks. This tests scenarios such as a bank allowing its depositors to use special software and a modem to access information about their accounts has valid access to at least some of the organisations computers and networks.
  • 15.
    qualities of a ethicalhacker • Be completely trustworthy as a person • Must have very strong programming and computer networking skills • Has brief knowledge of various operating softwares and system • must be persistent.
  • 16.
    history of ethical hacking •this method of evaluating the security of a system has been in use from the early days of computers. In one early ethical hack, the United States Air Force conducted a “security evaluation” of the Multics operating systems for “potential use as a two-level system. • Farmer and Venema discussed publicly first time, this idea of using the technique of the hacker to asses the security of system. With the goal raising standardising security of internet and intranet in December of 1993.
  • 17.
    “ IBM SYSTEMSJOURNAL, VOL 40, NO. 3, 2001” - references “ https://owasp.org/www-project-top-ten/, Top 10 Web Application Security Risks ”
  • 18.