Web application penetration testing

Safety of information is needed either in private sector or business for protection from market with competitive secrets or only for privacy. Advantages of internet and web applications is that they are accessible from everyone, but in business word data should be safe, reliable accessible. Although these are not new problems and always had different solutions to these problems, we always need to be on the cutting edge with new attacks that appear every day and to try to achieve a greater security. In this paper we present some of the most dangerous forms of risk which are risking web applications in year 2015/2016.we will demonstrate step by step how to achieve unauthorized access from web application inside server system and we will explain why is happened for our analysis that we have done. In testing stages we used some parts of real tests that we have done on several web applications, with Penetration Testing Methods which is procedure for testing and documentations including infrastructure of Networks, servers, Web applications, Wireless communications and all other technological parts. Penetration Testing is Testing Procedure for Web applications usually made on port 80 and 443.In this paper we will explain the real analyzing of tests with all the procedures for one web applications, including all the attached stages which are used in real life for testing the safety of web applications from safety testers

Internal Security threats in Information System - threat protection at all stages of the chain

External threats are threats that come from outside the organization, where they are usually carried out by hacktivists from other countries, even competition. Common methods include ransomware, phishing attacks and hacking. Insider threats originate from the organization itself and are usually carried out by a current or former employee, a contractor, a business associate, etc. Insider attacks can be malicious or unintentional. Common types of insider threats include unauthorized data transfer, abuse of employee privileges, and data sharing. Insider threats have been a concern for organizations for a long time, but with digitalization and the growth of the network, they have become even more prevalent. Over the years, some of the largest and most expensive data breaches were caused by insider actors. The Tesla data theft case, which involved large amounts of highly sensitive data being transferred to unknown third parties by a malicious insider, clearly illustrates the danger of insider threats. Similarly, Suntrust Bank suffered a data security breach caused by an employee who stole the records of 1.5 million customers. The goals of this paper are to identify vulnerabilities that consist of vulnerabilities in a system that can be exploited by attackers that can lead to dangerous impact. This paper seeks to provide clarity on the different types of insider threats you should be aware of and the controls and processes that can be used to protect against them

Social and privacy threats in social networks, challenges and the most critical issues

Online social networks are permeating every aspect of our daily lives. With their incomparable popularity, social networks have evolved from platforms for news distribution and communication and social interaction to essential tools for online content distribution, professional networking, social recommendations, marketing, and more. Due to their heterogeneous nature and complexity, there are many technical and social challenges that need to be addressed. Specifically, security and privacy are among the most critical issues in online social networks. This paper identifies the characteristic features of social networks and the impact they have on their users. The main objective is to contribute to the discussion about privacy and security by identifying potential threats and challenges in this dimension of cyberspace

Security and privacy in social networks- Cambridge Analytica and manipulation with data’’

Humans are social creatures, and social interaction is very important part of life. Back in the day the social circle used to be small, family and close friends. And for the most part, it was people nearby. With the invention of communication tools such as the fax, the phone and later the internet the circle gradually grew larger and larger, and the ways of maintaining that social communication grew more complex. In the beginning if someone wanted to share something with others, they might meetup, or maybe talk on the phone, but today they will likely share that via social media. Studies have found that about 50.64% of the world’s population is using social media[1], and that in average in Facebook, one of the most famous social networks, a person has 338 friends.Because of this, the number of private data shared in social media is tremendous, and therefore the risk of those data being inadvertently shared or leaked is also very big. Social networks are ubiquitous in today’s digital life. It is estimated that nowadays more than half of the world’s population is using social media in one form or another. This wide reach understandably causes worries of lack of privacy, of safety for us and our data. We are going to focus more on Facebook as a concrete example of what can go wrong when social media goes awry. It being one of the oldest and largest social network websites, it has had its fair share of problems that have caused massive personal data leaks.This paper will go through the possible risks that social media usage bring about, and we’ll also go through some of the big privacy scandals that have happened lately such as Cambridge Analytica. Lastly we’ll see what we as a user can do to have our personal data as safe as possible

Internal Security threats in Information System - threat protection at all stages of the chain

External threats are threats that come from outside the organization, where they are usually carried out by hacktivists from other countries, even competition. Common methods include ransomware, phishing attacks and hacking. Insider threats originate from the organization itself and are usually carried out by a current or former employee, a contractor, a business associate, etc. Insider attacks can be malicious or unintentional. Common types of insider threats include unauthorized data transfer, abuse of employee privileges, and data sharing. Insider threats have been a concern for organizations for a long time, but with digitalization and the growth of the network, they have become even more prevalent. Over the years, some of the largest and most expensive data breaches were caused by insider actors. The Tesla data theft case, which involved large amounts of highly sensitive data being transferred to unknown third parties by a malicious insider, clearly illustrates the danger of insider threats. Similarly, Suntrust Bank suffered a data security breach caused by an employee who stole the records of 1.5 million customers. The goals of this paper are to identify vulnerabilities that consist of vulnerabilities in a system that can be exploited by attackers that can lead to dangerous impact. This paper seeks to provide clarity on the different types of insider threats you should be aware of and the controls and processes that can be used to protect against them

Analyzing OSI Model Layers, Benefits and Disadvantages

Since long time ago, people understood the need and importance of standardization. It was clear that in order to cooperate and trade with each-other we need some rules on preparing or making goods. These rules are standards. Without them, the things could work only in one village, city or state, but not further. By using standards, the goods made in one part of the world can be used in the other part of the world. With development of internet and computers, the same approach applied too. For computers and networks to grow, we need to set some fundamental rules. There were are many vendors who worked on networks and computers. Without a precisely defined set of rules that everybody agrees on, we would create a chaos and the Internet as we know it would not be possible. Since the yearly days, there were initiatives to prepare standards. One of these was done by the International Standards Organization (ISO), which lead to creation of the Open Systems Interconnection model, known as “OSI Model”. In this paper will be discussed about disadvantages of OSI Model- comparison with TCP IP. The Open Systems Interconnection (ISO Model), is the most known model of explaining how network works and how data flows through networks. It is almost impossible to read or start learning about networks and not read about it. This model has seven layers (numbered from Layer 1 to Layer 7) and is widely used to explain the networks and flow of the information