Q Identify and exploit the vulnerabilities to gain access to systems and data in an organization Home, - Identify vulnerabilities to gain access to systems Question - A penetration tester is a professional with the skills of the hacker. They are hired by organizations to perform real world attack simulations to evaluate the security of the ICT systems in an organization. Assume that you are a pen tester hired to identify and exploit the vulnerabilities to gain access to systems and data in an organization. Showcase the impact of the following attacks: a. Session Hijacking attacks and countermeasures. Illustrate some common exploits for session hijacking b. Session Fixation attacks and counter measures c. Cross Site Scripting attacks and counter measures Answer - a) There are various consequences of session hijacking. 1) Attacker can access the resources of organization as authenticated used of the system 2) Information of the authenticated owner of the system gets stolen. 3) Login credentials of the crucial entities such as the bank accounts, company accounts, credit cards are stolen. 4) Initiation of ransomware attack after hijacking of the session. Measures to prevent session hijacking 1) The user must check the HTTPS of the website before accessing the website 2) User must log out of the session after the end of the session. This will lead to termination of session. 3) Anti-virus software must be used 4) Cross site scripting attack must be prevent by using the HTTP header only. 5) Open wireless networks which are public wi fi must not be logged in. 6) Software and the browser must be updated. 7) The traffic coming to the network must be filtered. Exploits for session hijacking are 1) Insufficient encryption: The TLS layer is exploited by hackers to sniff the packets of the session in case of insufficient encryption. 2) Temporary session cookies which lead to the server as vulnerable part. 3) Easy to guess session tokens can also be exploited by hackers to pursue this attack. b) There are various consequences of session fixation attack. 1) Access to the high level privileges of the authenticated user 2) Unauthenticated modification of data 3) Loss of confidentiality of data 4) Loss of integrity of data 5) Unauthenticated access to account of victim. 6) Attacker can access the resources of organization as authenticated used of the system 7) Information of the authenticated owner of the system gets stolen. 8) Login credentials of the crucial entities such as the bank accounts, company accounts, credit cards are stolen. 9) Initiation of ransomware attack after hijacking of the session. 10) Cross site scripting attack Measures to prevent session fixation attack are a) Cookie overwriting must be prevented b) Cross scripting attacks must be prevented. c) Man in the middle attack must be prevented. d) New session identifier must be used by the user each time user login into the system. c) There are several consequences of cross site scripting attack. 1) Hijacking of the accounts of the user. 2) Stealing of the sensitive information of the customers as well as organization 3) Access to systems of the client. 4) Unauthenticated modification of data 5) Loss of confidentiality of data 6) Loss of integrity of data 7) Steal of data of session cookies 8) Increase in downtime of the web application Measures to prevent the cross site scripting attack 1) Updating of the software from time to time 2) Use of the web application firewall in order to filter the data entering the web application 3) Input fields must be sanitized 4) Form validation must be used at the side of the client and the server. Related: Define and discuss malware analysis What were some spam filtering techniques Identify vulnerabilities to gain access to systems Write a report on Cyber Attacks Classification What is Conti ransomware
Related :- Q Discuss the parol evidence rule discuss the parol evidence rule - HI6027 Business And Corporate Law - List and explain the exceptions to the parol evidence rule. Q What were some spam filtering techniques what were some spam filtering techniques - What were some spam filtering techniques used before the introduction of ML techniques for spam detection Q Define and discuss malware analysis define and discuss malware analysis, MN623 CYBER SECURITY AND ANALYTICS - Define and evaluate the classification techniques for malware analysis Q How do we make agreements how do we make agreements - It is said that we all make a variety of contracts every day. How can this be? HI6027 Business And Corporate Law. Q Investigate the Internet of Things investigate the internet of things - ict 274 e-commerce - Select one example and describe what it is and how it works in eCommerce. Q Examples of affinity portal and focused-content portal Examples of affinity portal and focused-content portal - Discuss why todays increasingly online environment has made holding people accountable Q Discuss the major types of attacks discuss the major types of attacks - discuss the major types of attacks you could expect to experience and the resulting damage to your site Q Recommendations to increase the government revenue Make recommendations to increase the government revenue from the perspectives of Inland Revenue Department, MBA 502,Customs Department and the Excise Department Q Create an Internet marketing plan create an internet marketing plan - describe how each plays a role in growing the business and write a paragraph of your marketing plan Q Discuss the role of Central Bank of Sri Lanka Discuss the role of Central Bank of Sri Lanka critically and objectively based on the current economic situation in Sri Lanka - MBA 502