Showing posts from March, 2023

Computer Security Incidents and their Types

What is a Computer Security Incident? A computer security incident is an event related to the breach of data and security of a system due to failed protective measures. Computer security incident involves unauthorized access, use, breach, modification, or destruction of data. Types of Computer Security Incidents  Following are some types of computer security incidents: 1. Unauthorized Access Attack This type of security incident involves unauthorized access to a system by a malicious attacker or person. Cybercriminals can access the accounts of users to extract personal information like Bank details, Addresses, Contact details, etc, and use this information for causing harm. Two-factor authentication reduces the chances of unauthorized access attacks. 2. Privilege Escalation Attack This type of security incident happens when an attacker gains unauthorized access to a computer and also takes admin privileges or blocks the privileges of the original admin. This security incident allows

W3AF: Introduction, Architecture and Features

What is W3AF? W3AF stands for web application attack and Audit framework. It is an open-source framework. It is an open-source framework for auditing and exploiting web applications. It provides facts about security vulnerabilities and bugs for use in penetration testing. The scanner offers a graphical user interface and a command line interface. It is written in python programming language and compatible will all major operating systems like windows, Linux, FreeBSD, etc. Architecture of W3AF The W3AF framework is divided into three parts: 1. The core coordinates the whole process and provides libraries for use in plugins. 2. The user interfaces, allow the user to configure and start scans. 3. The plugins, which find links and vulnerabilities. Features of W3AF 1. It provides web service support. 2. It exploits SQL injection (blind), O.S Commanding, remote file inclusions, local file inclusions, XSS, and more. 3. It provides good harmony among plug-ins. 4. It has a discovery plugin

Penetration Testing: Definition, Phases and Types

What is Penetration Testing? A simulated cyber attack performed on a computer system to check for exploitable vulnerabilities is called penetration testing or simply pen testing. Through regular penetration testing, we can discover new vulnerabilities in the system that are missed or omitted during a vulnerability assessment. Also, this helps the organization to set up a more secure computer and network system in the working ecosystem. Phases of penetration testing 1. Planning and Reconnaissance This phase includes gathering information about the target system through public and private sources like networks, domain names, mail servers, etc. This helps the pen testers to get preliminary information about the target system. 2. Scanning In this phase, pen testers use various tools to examine the target system vulnerabilities. Pen testers can scan the application's code in a running state and how it behaves during testing. 3. Gaining access In this phase, pen testers use web applic