Top Trending Topic In Cyber Security Part -2|Shadow Cyber Security
6. Cloud Testing Security
also be operating off of the cloud, Building a cloud based business
information assets of the cloud makes a lot of the sense in terms of
operational efficiency as well as cost effectiveness.Cloud providers
are bound by certain security regulations and have some place to
protect your data privacy but it isn't enough by any stretch of the
imagination.
-What is cloud penetration Testing
Cloud pentest is performed under strict guidelines from the cloud
service providers like AWS and GCP. Cloud penetration testing is
the process of exploiting security vulnerability in your infrastructure
by simulating a controlled for cyber attack.
Penetration Testing Differ from Penetration Testing
It is just performing a simulated attack on your cloud services to test their security,In layman's terms,PENETRATION TESTING is the process of performing offensive security tests on a system .service,and network to find security weaknesses in it.
Purpose of cloud Penetration Testing
Infrastructure/software/platform as an entity but rather as an service,
there are several technical and legal challenges to performing cloud
penetration tests .The prime purpose of this is to find security issues
in tour cloud service before the hackers do.
The most common cloud vulnerabilities
There are quite a few vulnerabilities that can lead to a compromised cloud account ,the most prominent ones are mentioned below:
1.Sever misconfigurations
The most common cloud server Misconfigurations are improper permissions not encrypting the data, differentiation between public and private data.
Cloud service misconfigurations are the most common cloud vulnerability today (misconfigured S3 Buckets ,in particular).
The most famous case was that of the Capital One data leak which of the compromises of the data of roughly 100 million americans and 6 million canadians.
2.Insecure APLs
something using HTTP methods like PUT,POST,DELETE in APls improperly can allow hackers to upload malware on your server or delete data .Improper access control and lack of input sanitization are also the main causes of APls getting compromised which can be uncovered during penetration testing.
3.outdated software
This makes the cloud services outdated which hacker identify using automated scanners As a result cloud services using outdated software are compromised by a large number.
Outdated software contains critical security vulnerability that can be compromise your cloud services.
4.Weak credentials
The attacker can use automated tools to make guesses thereby making way into your account using those credentials.Since people tend to reuse password and use easily rememberable password,these attacks are fairly common.Using common or weak password can make your cloud accounts vulnerable to brute force attacks.This fact can be verified during cloud penetration testing.
-Testing is done in cloud
One approach to cloud testing includes the use of specific tools for a individual tests,such as a performance testing,load testing,stress testing and security.
Cloud testing can be valuable to organisations in a number of ways.For organisations testing cloud resources ,this can ensure optimal availability ,performance and security of data , minimize downtime of the associated infrastructure or platform.
Organisations test cloud based saas products to ensure applications are functioning properly.
7.System Penetration Testing
The process typically identifies that target systems and particular goal, than reviews available information and undertakes various means to attain that goal, a penetration test target may be a white box (about which background and system information are providedin advance to the tester ) or a black box (about which only basic information ,other than the company name is provided).
Security issues that the penetration tests uncovers should be reported to the system owners penetration tests reports may also assess potential impacts to the a organization and suggest counter measures to reduce the risk.
Penetration tests are a component of a full security audit .For example ,the payment card industry data security standard requires penetration testing on a regular schedule and after system change. Penetration testing also can support risk assessment as outlined in the risk management framework.
A penetration test colloquially known as a pen test or ethical hacking , is an authorised simulated cyber attack on a computer system .
There are different types of penetration testing,depending upon the
goal of the organisation which include ,Network (external and
internal),wireless,web application ,social engineering ,and
Remediation verification.
8.Malware Family threats protection
Types of malware include Trojan horses, ransomware,worms and
computer viruses. These malicious program steal,alter,encrypt and
delete sensitive data or monitor end user's computer activity and
hijack core computing functions.
Depending on the type of malware and its goal this harm may present itself differently to the users and the endpoint.In some cases the effective malware has is relatively mind and in others.
Malware can effect network ,It designed to harm those devices and networks/or their users in some way.No matter the method,all types are malware designed to exploit devices at the expense of the users or the benefit of the hacker, the person who has deployed and design the malware.
-Types of malware
Different type of malware have unique characteristics. Types or malware including follows:-
1.Spyware collects the information ,data on device and users, as well as observers the users activity without their knowledge.
2.A Trojan horse is designed to appear as a legitimate the software program to gain access to a system.Once activated following installation trojans can execute their malicious activity.
3.A worm that can self replicate without the host program and typically spreads without any interaction from the malware authors.
4.A rootkit obtains administration level access to victim's system.
5.keyloggers,also called system monitors track nearly everything a uses does on their computer,includes emails ,opened webpages ,keystrokes and programs.
6.Adware tracks a user's browser and download history with the intent to display pop up and banner advertisement that lure the user into making purchase.
7.A virus is the most common type of malware that can execute itself,spread by infecting other programs and files.
Users may be able to detect malware if they observe usual activity
such as a sudden loss of disk space,repeated crashed,unusually slow
speeds or freezes , an increase in unwanted internet activity.
9.Social Media Security Provider
Social media security the process of analysing active social media data so as to safeguard against threats and the security.
Risk you need to be aware of are:-
-cyber bullying (bullying using digital technology )
-identity theft
-invasion of a privacy
-child seeing offensive messages and images
-the presence of strangers who may be there to groom others members
What is media abuse
The social media and technology abuse(also referred to as digital abuse) is defined by the National domestic violence hotline as the use of technology such as texting ,harass,stalk ,social networking to bully and intimidate a partner.
In a healthy relationship, respectful communication includes any online activity.It is never ok for someone to do or say anything that makes you feel bad,lowers your self esteem and manipulates you.
Social media and technology abuse(Also referred to as digital abuse)
is defined by the national domestic violence hotline as the use of technologies such as texting and social networking to bully.
-How Safe is social media security
It is highly unlikely that anyone in the world is actively managing or
at least worrying about,their social media security minute by
minute,If you are like most people ,you use the same password for
all accounts.
10.Social Engineering
Social engineering is a manipulation technique that exploits human
error to gain private information,access and valuables.In cyber
crime,these "human hacking"scams tend to lure unsuspecting users
into exposing data,spreading malware infections,giving access to
restricted systems.
Social engineering is an attack vector that relies heavily on human interaction and often involves manipulating people into breaking normal security procedures or best practices to gain unauthorised access to systems,physical locations,network for financial gain.
Social engineering is a popular tactic among attackers because it is often easier to exploit people than it is to find a network or software vulnerability.Hackers will often use social engineering tactics as a first step in a larger campaign to infiltrate a system.
-social engineering work
The first step in a most social engineering attack is to the attackers is
for the attacker to perform research and reconnaissance the target
and possible business partners among other information.The first
step in most social engineering attack for the attacker to perform
research and reconnaissance on the target, If the target is an
enterprise,for instance the hacker may gather intelligence on the
organisational structure,common lingo used within the industry,
internal operations, among other information.
---------------------------
OUR COMPANY SERVICES
Visit website:-
http://shadowcybersecurity.com
My company name - shadow cyber security
our service is :-
1. web-application-penetration testing
2. network penetration testing
3. mobile app penetration testing
4. latest security patches
5. customer cyber solutions
6. iot penetration testing
7. cloud testing security
8. system penetration testing
9. malware family threads protraction
10. social media security provide
11. social engineering security
12. website/app design and development
these time cyber attack increase every year all company regular basis
for any cyber security advise ya question plz contact
phone no 8700320447
website- http://shadowcybersecurity.com
FOLLOW ON SOCIAL MEDIA
INSTAGRAM
FACEBOOK
TWITTER
https://instagram.com/shadowcybersecurity?igshid=YmMyMTA2M2Y=
https://www.facebook.com/shadowcybersecurit/
https://twitter.com/shadowcybersec4?t=Mayn6rtAfb87iPcVB2oJBg&s=08
Post a Comment
Post a Comment