Top Trending Topic In Cyber Security Part -1|Shadow Cyber Security
Cyber security is the protection of internet connected system such as hardware, software, and data from cyberthreats and also cyber crime. The practice is used by individuals , enterprises and many more to protect unauthorised access to data centers and other computerized system .Its a very important for users of internet.
Some Important topic in cyber security
1. Web Application Penetration Testing
Web application penetration testing involves a methodological series of step aimed at gathering information about the target system , finding vulnerabilities or faults in them ,researching for exploits that will succeed against those faults,vulnerabilities and compromise the web application.
Tutorial of Penetration Testing:-
1.Standard methodology available for pentest,
2.The need for pentest for web application testing,
3.Approach for web application pentest,
4.Steps to be taken to perform a penetration test,
5.What are the types of testing we can perform,
6.Tools that can be used for testing,
7.Some of the certifications for web penetration testing and
8.Some of the penetration testing service providers
-Web penetration helps end users find out the possibility for a hacker to access data from the internet find out the security of their email servers, its get to know secure the web hosting site and server are.Pen test is the most commonly used security testing technique for web applications and internet server.
Well,let's now cover the content of this article.
2. Network penetration testing-
A network penetration test is the process of identifying security vulnerability in application and system by intentionally using various malicious techniques to evaluate the network's security or lack of responses.
However,unlike a vulnerability assessment, a penetration test is an exact simulation of a potential attack to identify vulnerability that are harder to find in a network.
What are the BENEFIT of performing a network Penetration Test-
There are numerous benefits to performing network penetration tests on your systems including:-
-Testing your security posture and controls.
-Understanding the network baseline.
-Ensuring network and system security.
-Preventing network and data breaches.
Most of the time, the network's baseline is identified through the use
of scanning tools like port scanners, network scanners, and
vulnerability scanners. Understanding a network's baseline allows
the business owner to understand what security control are working ,
identify existing vulnerability , and provide them additional
information about their network.
Acting as an in depth test of the network, the network penetration test will allow businesses to better understand their network baseline , to test their network and system security controls and breaches, and ensure network security in the future.
A network penetration test is typically performed when a business has a mature security posture ,they believe they have strong security measures in place.
3.Mobile App Penetration Testing -
Next big thing in the world of software.As the number of smart
devices continues to increase, likely, the number of mobile
applications will also continue to grow.The latest innovation in
mobile devices have made many tasks quicker and easier,there's no
denying that the security of these problem solving applications is
not an easy task.
Mobile application penetration testing methodology as a security testing measure. Analyses security perimeters within a mobile environment. Derived from the traditional concept of application security methodology .
By conducting penetration testing, companies can gain insights into the source code's vulnerabilities, bottlenecks and the attack vectors beforehand.
Stages of Mobile Application Penetration Testing -
1. Discovery
2. Assessment and analysis
3. Exploitation
4. Reporting
The Mobile Application Penetration Testing Methodology is vendor neutral since it helps drive transparency and facilitates repeatability.
All the steps within the mobile application penetration testing methodology use intelligence gathering, assessment, exploitation and clear reporting to enhance the process of the penetration testing.
4. Block chain security
Blockchain security is a comprehensive risk management system for a blockchain network ,using cyber security framework , assurance services and best practice to reduce risks against attacks and fraud ,its gives protection from unauthorised internet practices.
Blockchain technology enables decentralization through the participation across a distributed network , no single point of failure and a single user cannot change the record of transaction. However,blockchain technology differ in some critical security aspects.
Blockchain security is based on principles of cryptography, decentralization and consensus, which ensure trust in transaction.The date structured into blocks and each and each block contains a transaction or bundle of transaction. Each new blocks contacts the new blocks before a cryptographic chain in such a way that it's nearly impossible to temper with. All transaction within the blocks agreed upon by a consensus mechanism, ensuring that a each transaction is true and correct and all transaction within the blocks are validated.
Blockchain Security for the enterprise
A comprehensive security strategy for an enterprise blockchain solution controls and technology unique controls.Some of the security control specific to enterprise blockchain solution include:
-Transaction Endorsement
-Smart contract security
-Secure communication
-Data Privacy
-Key management
-Identity and access Management
When building an enterprise blockchain application,It's important to consider security at all layers of the technology stack, and how to manage governance and permission for the network.
Employ experts to help you to design the complaint and secure solution and help you to achieve your business goals. Look for production grade platform for building blockchain solution that can be deployed in the technology environment of your choosing whether that is on premises or your preferred cloud vendor.
How security differ by blockchain types
Blockchain network can differ in who can participate and who
has access to the data .Network are typically labeled as either
public or private,which describes who is allowed to participate,
permissions or permissionless. which describes how
participate gain access to the network.
Public and private blockchains
Public blockchain network typically allow anyone to join .participants to remain anonymous.Bitcoin the probably the most well known example of a public blockchain, it achieve consensus through Bitcoin mining. Computers on the bitcoin network, or miners,try to solve a complex cryptographic problem to create proof of work and there by create the transaction.Outside the public keys, there are few identity and access controls in this types of network.
The organisations from a private, members only "business network".A blockchain in a permissions network achieves consensus through a process called " selective endorsement".where known users verify the transactions.This network type requires more identity and access controls. Only members with special access and permission can maintain the transaction ledger, Private and permissions network tightly controlled and preferable for a for a compliance and regulatory a reasons.However, public, permissions networks can the achieve greater distribution and decentralization.
Public Blockchain
Public Blockchains are public and anyone can join them and validate transaction.
Private
Private blockchains are restricted and usually limited to business network. A consortium, control membership and single entity.
When establishment a private blockchain,resilient and ensure that it's deployed in a secure. Business risks include financial implications,reputational factors and compliance risk. Governance risks emanate primarily from blockchain solutions decentralized nature,and they require strong controls on decision criteria,governing policies, access management and identity.
5. IOT Renetration Testing
An IOT penetration test is the assessment and exploitation of various
components present in an IOT device solution to make the device
more secure.These how typical the penetration testing engagement
looks.
Four types of penetration testing
1.Internal
, Eternal infrastructure penetration testing .
An assessment of on premise and cloud network infrastructure ,system hosts,including firewalls and device such as routers and switches.To scope a test, you will need to know the number of internal and external IPs to be tested ,number of sites, network subnet size.
2.Web Application Testing
An assessment of websites and custom applications delivered over the web ,design,development flows,looking to uncover coding that could be maliciously exploited . Before approaching a testing provider, It's mean important to ascertain number of apps that need testing,as well as the number of static pages,inputs fields to be assessed and dynamic pages.
3. Wireless penetration testing
To scope engagement,testers will need to known to number of wireless,guest networks ,locations and unique SSIDs to be assessed.
A test are specifically targets on organisation WLAN that is wireless local area network ,as well as wireless protocol including bluetooth ,Z wave and ZigBee.
4.Mobile penetration testing
To scope a test, providers will need to know the operating system type and vision they'd like an app to be tested on, number of API calls and requirement for jailbreaking and root detection.The test of mobile application on operating system including Android an IOS to identify authorisation and authentication ,data leakage and session handling issues.
Then penetration testing process can be broken down into fives stages
-Planning and reconnaissance.The first stage involves..
-Gaining Access..
-Maintaining Access..
-Scanning. The next step is to understand how the target application will respond to various intrusion attempts..
-Analysis.
Three phases of penetration testing
The penetration testing process involves three phases .
1. pre-engagement,
A successful penetration testing process involves lots of preparations
before the actual testing process begins. It is important for a every
partly involved in the testing to be informed about every new steps
taken.
2.engagement and
Penetration testing must be performed where location are no
restriction on parts or services by the internet provider.There are
many tools available these days to perform penetration testing
,However, the judgement regarding the approach ,tools etc.
3. post engagement.
There may be some vulnerability that is left undetected even after performing testing.They occur mainly due to weak development practices and ineffective security controls
Visit website:-
http://shadowcybersecurity.com
My company name - shadow cyber security
our service is :-
1. web-application-penetration testing
2. network penetration testing
3. mobile app penetration testing
4. latest security patches
5. customer cyber solutions
6. iot penetration testing
7. cloud testing security
8. system penetration testing
9. malware family threads protraction
10. social media security provide
11. social engineering security
12. website/app design and development
these time cyber attack increase every year all company regular basis
for any cyber security advise ya question plz contact
phone no 8700320447
website- http://shadowcybersecurity.com
FOLLOW ON SOCIAL MEDIA
https://instagram.com/shadowcybersecurity?igshid=YmMyMTA2M2Y=
https://www.facebook.com/shadowcybersecurit/
https://twitter.com/shadowcybersec4?t=Mayn6rtAfb87iPcVB2oJBg&s=08
Post a Comment
Post a Comment