Cyber security is the shielding of web associated systems, for example, hardware,

software, and information from cyber dangers. The training is utilized by people and
ventures to defend against unapproved access to the servers and other electronic
systems.
Various elements of cyber security are given below:
 Application Security
 Information Security
 Network Security
 Disaster Recovery Planning
 Operational Security
 End-user Security

Let’s see an explanation of the elements in detail:

1. Application Security: Application security is the principal key component of cyber
security which adds security highlights inside applications during the improvement
time frame to defend against cyberattacks. It shields sites and online applications from
various sorts of cyber security dangers which exploit weaknesses in source code.
Application security is tied in with keeping software applications away from dangers.
The general focus of application security is on cloud service-based organizations.
Due to misconfiguration of settings the data of the cloud gets insecure. The
fundamental reason for cloud application misconfiguration are:
 Absence of attention to cloud security approaches
 Absence of sufficient controls and oversight
 Utilization of such a large number of connection points to oversee.
Vulnerabilities of Application: Denial-of-service (DoS) and Distributed denial-of-
service(DDoS) attacks are used by some isolated attackers to flood a designated server
or the framework that upholds it with different sorts of traffic. This traffic in the end
keeps real users from getting to the server, making it shut down. A strategy called SQL
injection (SQLi) is used by hackers to take advantage of database flaws. These
hackers, specifically, can uncover user personalities and passwords and can also
create, modify and delete data without taking permission of the user.
Types of Application Security: The types of Application Security are
Authentication, Authorization, Encryption, Logging, and Application security testing.
Tools of Application Security: The various tools of application security
are firewall, antivirus, encryption techniques, web application firewalls that protect
applications from threats.

2. Information Security: Information Security is the component of cyber security

that denotes the methods for defending unapproved access, use, revelation,
interruption, modification, or deletion of information. The protection of the companies
data, code, and information that is collected by the company from their clients and
users is protected by Information security. The primary standards and principles of
Information security are Confidentiality, Integrity, and Availability. Together it is
called as CIA.
 Confidentiality: The protection of information of authorized clients which allows
them to access sensitive information is known as Confidentiality. For example,
assuming we say X has a password for my Facebook account yet somebody saw
while X was doing a login into the Facebook account. All things considered, my
password has been compromised and Confidentiality has been penetrated.
 Integrity: The maintaining of consistency, accuracy, and completeness of the
information is known as Integrity. Information cannot be modified in an
unapproved way. For example, in an information break that compromises the
integrity, a programmer might hold onto information and adjust it prior to sending
it on to the planned beneficiary. Some security controls intended to keep up with
the integrity of information include Encryption, Controls of Client access, Records
Control, Reinforcement, recovery methodology, and Detecting the error.
 Availability: The information which can be accessed any time whenever
authorized users want. There are primarily two dangers to the accessibility of the
system which are as per the following:
 Denial of Service
 Loss of Data Processing Capabilities
3. Network Security: Network security is the security given to a network from
unapproved access and dangers. It is the obligation of network heads to embrace
preventive measures to safeguard their networks from potential security dangers.
Network security is one more element of IT security which is a method of defending
and preventing unapproved access into computer networks.
 Network Security Strategies: There are numerous strategies to further develop
network security and the most well-known network security parts are as per
following: Firewalls, Antivirus, Email Security, Web Security, Wireless Security.
 Network Security Software: There are different types of tools that can shield a
computer network like Network firewall, Cloud application firewall, Web
application firewall, etc.
4. Disaster Recovery Planning/Business Continuity Planning: The planning that
describes the continuity of work in a fast and efficient way after a disaster is known
as Disaster Recovery Planning or Business Continuity Planning. A disaster recovery
technique should begin at the business level and figure out which applications are
generally vital to run the activities of the association. Business continuity planning
(BCP) is tied in with being ready for cyber danger by distinguishing dangers to the
association on schedule and examining how activities might be impacted and how to
conquer that.
The primary objectives of disaster recovery planning include:
1. Protect the organization during a disaster
2. Giving a conviction of security
3. Limiting the risk of postponements
4. Ensuring the dependability of backup systems
5. Giving a standard to testing the plan.
6. Limiting decision-production during a disaster
 Disaster Recovery Planning Categories: The categories of Disaster Recover
Planning are
 Data Center disaster recovery
 Cloud applications disaster recovery
 Service-based disaster recovery
 Virtual disaster recovery
 Steps of Disaster Recovery Planning: The steps are:
 Acquire Top Management Commitment
 Planning panel establishment
 Performing risk management
 Establish priorities for handling and tasks
 Decide Recovery Strategies
 Data Collection
 Record a composed plan
 Build testing rules and methods
 Plan testing
 Support the plan
5. Operational Security: The process that encourages the managers to see the
activities according to the viewpoint of a hacker to protect sensitive data from various
threats is known as Operational Security (OPSEC)n or Procedural security. Operations
security (OPSEC) is utilized to defend the functions of an association. It tracks basic
data and resources to distinguish weaknesses that exist in the useful technique.
 Steps of Operational Security: There are five stages to deal with the operational
security program, which are as per the following:
 Characterize the association’s delicate data
 Distinguish the types of dangers
 Investigate security openings and weaknesses
 Evaluation of Risks
 Execution of accurate countermeasures
 Practices of Operational Security: The best practices of Operational Securities
are:
 Implement exact change management processes
 Limit access to network devices
 Minimum access to the employees
 Carry out double control
 Task automation
 Reaction and disaster recovery planning
6. End User Education: End-user training is most the significant element of computer
security. End users are turning into the biggest security threat in any association since
it can happen whenever. One of the primary errors that lead to information breaks is
human mistakes. An association should prepare its workers about cybersecurity. Each
representative should know about phishing attacks through messages and interfaces
and can possibly manage cyber dangers.
Threats of End-User: There are many reasons, that danger can be made. The end-
user dangers can be made in the following ways:
 Utilizing of Social Media
 Text Messaging
 Utilization of Email
 Applications Download
 Creation and irregular uses of passwords

Introduction to information security

Information security is the practice of protecting information by mitigating
information risks. It involves the protection of information systems and the
information processed, stored and transmitted by these systems from unauthorized
access, use, disclosure, disruption, modification or destruction. This includes the
protection of personal information, financial information, and sensitive or confidential
information stored in both digital and physical forms. Effective information security
requires a comprehensive and multi-disciplinary approach, involving people,
processes, and technology.
Information Security is not only about securing information from unauthorized access.
Information Security is basically the practice of preventing unauthorized access, use,
disclosure, disruption, modification, inspection, recording or destruction of
information. Information can be a physical or electronic one. Thus Information
Security spans so many research areas like Cryptography, Mobile Computing, Cyber
Forensics, Online Social Media, etc.
Effective information security requires a comprehensive approach that considers all
aspects of the information environment, including technology, policies and
procedures, and people. It also requires ongoing monitoring, assessment, and
adaptation to address emerging threats and vulnerabilities.
Why we use Information Security?
We use information security to protect valuable information assets from a wide range
of threats, including theft, espionage, and cybercrime. Information security is
necessary to ensure the confidentiality, integrity, and availability of information,
whether it is stored digitally or in other forms such as paper documents. Here are some
key reasons why information security is important:
1. Protecting sensitive information: Information security helps protect sensitive
information from being accessed, disclosed, or modified by unauthorized
individuals. This includes personal information, financial data, and trade secrets,
as well as confidential government and military information.
2. Mitigating risk: By implementing information security measures, organizations
can mitigate the risks associated with cyber threats and other security incidents.
This includes minimizing the risk of data breaches, denial-of-service attacks, and
other malicious activities.
3. Compliance with regulations: Many industries and jurisdictions have specific
regulations governing the protection of sensitive information. Information security
measures help ensure compliance with these regulations, reducing the risk of fines
and legal liability.
4. Protecting reputation: Security breaches can damage an organization’s reputation
and lead to lost business. Effective information security can help protect an
organization’s reputation by minimizing the risk of security incidents.
5. Ensuring business continuity: Information security helps ensure that critical
business functions can continue even in the event of a security incident. This
includes maintaining access to key systems and data, and minimizing the impact
of any disruptions.

Information Security programs are build around 3 objectives, commonly known as

CIA – Confidentiality, Integrity, Availability.

1. Confidentiality – means information is not disclosed to unauthorized individuals,

entities and process. For example if we say I have a password for my Gmail
account but someone saw while I was doing a login into Gmail account. In that
case my password has been compromised and Confidentiality has been breached.
2. Integrity – means maintaining accuracy and completeness of data. This means
data cannot be edited in an unauthorized way. For example if an employee leaves
an organisation then in that case data for that employee in all departments like
accounts, should be updated to reflect status to JOB LEFT so that data is complete
and accurate and in addition to this only authorized person should be allowed to
edit employee data.
3. Availability – means information must be available when needed. For example if
one needs to access information of a particular employee to check whether
employee has outstanded the number of leaves, in that case it requires
collaboration from different organizational teams like network operations,
development operations, incident response and policy/change management.
Denial of service attack is one of the factor that can hamper the availability of
information.
Apart from this there is one more principle that governs information security
programs. This is Non repudiation.

 Non repudiation – means one party cannot deny receiving a message or a

transaction nor can the other party deny sending a message or a transaction. For
example in cryptography it is sufficient to show that message matches the digital
signature signed with sender’s private key and that sender could have a sent a
message and nobody else could have altered it in transit. Data Integrity and
Authenticity are pre-requisites for Non repudiation.

 Authenticity – means verifying that users are who they say they are and that each
input arriving at destination is from a trusted source.This principle if followed
guarantees the valid and genuine message received from a trusted source through
a valid transmission. For example if take above example sender sends the message
along with digital signature which was generated using the hash value of message
and private key. Now at the receiver side this digital signature is decrypted using
the public key generating a hash value and message is again hashed to generate the
hash value. If the 2 value matches then it is known as valid transmission with the
authentic or we say genuine message received at the recipient side
 Accountability – means that it should be possible to trace actions of an entity
uniquely to that entity. For example as we discussed in Integrity section Not every
employee should be allowed to do changes in other employees data. For this there
is a separate department in an organization that is responsible for making such
changes and when they receive request for a change then that letter must be signed
by higher authority for example Director of college and person that is allotted that
change will be able to do change after verifying his bio metrics, thus timestamp
with the user(doing changes) details get recorded. Thus we can say if a change
goes like this then it will be possible to trace the actions uniquely to an entity.

Challenges of Information Security :

Information security faces many challenges and issues, including:
1. Cyber threats: The increasing sophistication of cyber attacks, including malware,
phishing, and ransomware, makes it difficult to protect information systems and
the information they store.
2. Human error: People can inadvertently put information at risk through actions
such as losing laptops or smartphones, clicking on malicious links, or using weak
passwords.
3. Insider threats: Employees with access to sensitive information can pose a risk if
they intentionally or unintentionally cause harm to the organization.
4. Legacy systems: Older information systems may not have the security features of
newer systems, making them more vulnerable to attack.
5. Complexity: The increasing complexity of information systems and the
information they store makes it difficult to secure them effectively.
6. Mobile and IoT devices: The growing number of mobile devices and internet of
things (IoT) devices creates new security challenges as they can be easily lost or
stolen, and may have weak security controls.
7. Integration with third-party systems: Integrating information systems with
third-party systems can introduce new security risks, as the third-party systems
may have security vulnerabilities.
8. Data privacy: Protecting personal and sensitive information from unauthorized
access, use, or disclosure is becoming increasingly important as data privacy
regulations become more strict.
9. Globalization: The increasing globalization of business makes it more difficult to
secure information, as data may be stored, processed, and transmitted across
multiple countries with different security requirements.

Introduction to Data and Network security

Network security is defined as the activity created to protect the integrity of your
network and data. Every company or organization that handles a large amount of data,
has a degree of solutions against many cyber threats.
Any action intended to safeguard the integrity and usefulness of your data and network
is known as network security. This is a broad, all-encompassing phrase that covers
software and hardware solutions, as well as procedures, guidelines, and setups for
network usage, accessibility, and general threat protection.
The most basic example of Network Security is password protection which the user
of the network chooses. In recent times, Network Security has become the central
topic of cyber security with many organizations inviting applications from people who
have skills in this area. The network security solutions protect various vulnerabilities
of the computer systems such as:
1. Users
2. Locations
3. Data
4. Devices
5. Applications

Level of Network Security

The basic principle of network security is protecting huge stored data and networks in
layers that ensure the bedding of rules and regulations that have to be acknowledged
before performing any activity on the data.
These levels are:
 Physical Network Security
 Technical Network Security
 Administrative Network Security
These are explained below:
1. Physical Network Security: This is the most basic level that includes protecting
the data and network through unauthorized personnel from acquiring control over the
confidentiality of the network. The same can be achieved by using devices like
biometric systems.
2. Technical Network Security: It primarily focuses on protecting the data stored in
the network or data involved in transitions through the network. This type serves two
purposes. One is protected from unauthorized users, and the other is protected from
malicious activities.
3. Administrative Network Security: This level of network security protects user
behavior like how the permission has been granted and how the authorization process
takes place. This also ensures the level of sophistication the network might need for
protecting it through all the attacks. This level also suggests necessary amendments
that have to be done to the infrastructure.

Types of Network Security

The few types of network securities are discussed below:
 Access Control
 Antivirus and Anti-Malware Software
 Cloud Security
 Email Security
 Firewalls
 Application Security
 Intrusion Prevention System(IPS)
1. Access Control: Not every person should have a complete allowance for the
accessibility to the network or its data. One way to examine this is by going through
each personnel’s details. This is done through Network Access Control which ensures
that only a handful of authorized personnel must be able to work with the allowed
amount of resources.
2. Antivirus and Anti-malware Software: This type of network security ensures that
any malicious software does not enter the network and jeopardize the security of the
data. Malicious software like Viruses, Trojans, and Worms is handled by the same.
This ensures that not only the entry of the malware is protected but also that the system
is well-equipped to fight once it has entered.
3. Cloud Security: This is very vulnerable to the malpractices that few unauthorized
dealers might pertain to. This data must be protected and it should be ensured that this
protection is not jeopardized by anything. Many businesses embrace SaaS
applications for providing some of their employees the allowance of accessing the
data stored in the cloud. This type of security ensures creating gaps in the visibility of
the data.
4. Email Security: Email Security is defined as the process designed to protect the
Email Account and its contents safe from unauthorized access. For Example, you
generally see, fraud emails are automatically sent to the Spam folder. Because most
email service providers have built-in features to protect the content.
5. Firewalls: A firewall is a network security device, either hardware or software-
based, which monitors all incoming and outgoing traffic and based on a defined set of
security rules accepts, rejects, or drops that specific traffic. Before Firewalls, network
security was performed by Access Control Lists (ACLs) residing on routers.

6. Application Security: Application security denotes the security precautionary

measures utilized at the application level to prevent the stealing or capturing of data
or code inside the application. It also includes the security measurements made during
the advancement and design of applications, as well as techniques and methods for
protecting the applications whenever.
7. Intrusion Prevention System(IPS): An intrusion Prevention System is also known
as Intrusion Detection and Prevention System. It is a network security application that
monitors network or system activities for malicious activity. The major functions of
intrusion prevention systems are to identify malicious activity, collect information
about this activity, report it, and attempt to block or stop it.

Parameters CYBER SECURITY INFORMATION SECURITY

It is all about protecting information from

It is the practice of
unauthorized users, access, and data
Basic protecting the data from
modification or removal in order to
Definition outside the resource on
provide confidentiality, integrity, and
the internet.
availability.

It is about the ability to

protect the use of It deals with the protection of data from
Protect
cyberspace from cyber any form of threat.
attacks.
Parameters CYBER SECURITY INFORMATION SECURITY

Cybersecurity to protect
Information security is for information
Scope anything in the cyber
irrespective of the realm.
realm.

Information security deals with the

Cybersecurity deals with
Threat protection of data from any form of
the danger in cyberspace.
threat.

Cybersecurity strikes
Information security strikes against
against Cyber crimes,
Attacks unauthorized access, disclosure
cyber frauds, and law
modification, and disruption.
enforcement.

Information security professionals are the

Cyber security foundation of data security and security
professionals deal with professionals associated with it are
Professionals the prevention of active responsible for policies, processes, and
threats or Advanced organizational roles and responsibilities
Persistent threats (APT). that assure confidentiality, integrity, and
availability.

It deals with threats that

may or may not exist in
It deals with information Assets and
the cyber realm such as
Deals with integrity, confidentiality, and
protecting your social
availability.
media account, personal
information, etc.

Acts as first line of Comes into play when security is

Defence
defence. breached.

Primarily deals with Addresses a wider range of threats,

digital threats, such as including physical theft, espionage, and
Threats
hacking, malware, and human error
phishing

Protects the confidentiality, integrity, and

Protects against
availability of all types of information,
unauthorized access, use,
Goal regardless of the medium in which it is
disclosure, disruption,
stored
modification, or
Parameters CYBER SECURITY INFORMATION SECURITY

destruction of digital
information

Relies on a variety of
Uses a range of technologies, including
technologies, such as
encryption, access controls, and data loss
Technologies firewalls, antivirus
prevention tools
software, and intrusion
detection systems

Requires specialized
knowledge of computer Requires knowledge of risk management,
Skills systems and networks, as compliance, legal and regulatory issues,
required well as programming and as well as technical knowledge
software development
skills

Emphasizes the protection of information

Emphasizes protecting assets, which includes data but also other
Focus on the data itself, regardless information such as intellectual property,
data of where it is stored or trade secrets, and confidential customer
how it is transmitted information

Deals with constantly Deals with a wide range of threats,

evolving threats, such as including physical security breaches,
Threat
new forms of malware insider threats, and social engineering
landscape
and emerging attacks
cybercrime techniques

Difference between Network Security and Cyber Security:

S.
No. Parameters Network Security Cyber Security

Network security is a feature that Cyber security is a system that

protects data as it travels through and protects a company’s device
1. Definition
across an organization’s network. As and server data. In other
S.
No. Parameters Network Security Cyber Security

a result, it protects firm data from words, it serves as an extra

nefarious employees who are not layer of defense against cyber
authorized to view specific sensitive criminals.
information.

It protects the data residing in

It protects the data flowing over the the devices and servers.
network. Network security ensures to Cyber security ensures the
protect the transit data only. It protects protection of entire digital
anything in the network realm. data. It protects anything in
2. Data the cyber realm.

It is a subset of information
It is a subset of cyber security.
3. Hierarchy security.

It deals with the protection

It deals with the protection from DOS from cyber-attacks and
attacks, viruses, and worms. cybercrimes that includes
4. Viruses phishing and pre-texting.

Cyber Security strikes against

Network Security strikes against
Strikes cyber crimes and cyber
trojans.
5. against frauds.

It secures the data traveling across the It deals with the protection of
6. Security network by terminals. the data resting.

Multi-factor authentication, software Secure sensitive data, online

updates, and rigorous password authentication, and up-to-date
regulations are all part of network information are all examples
7. Examples security. of cybersecurity precautions.
 S.
No. Parameters Network Security Cyber Security

Network Security Engineer and Cyber Security Architect and

Popular job Network Security Architect are two Cyber Security Analyst are
8. titles popular job titles. two popular career titles.

A cyber security specialist is

The job role of a network security
an expert in the protection,
professional lies in safeguarding an
detection, and recovery of
organization’s IT infrastructure.
9. Job role cyber security threats.

VULNERABILITY AND EXPLOITS

These two are connected with each other, but not the same. A vulnerability is any
weakness or flaw in a software system. But not all vulnerabilities can be exploited
to deliver malware into a computer system. For example, if your other security
system prevents outside interference, i.e., someone can do nothing with it. In other
words, an exploit is what occurs when cybercriminals take an advantage of the
vulnerability without your permission and even knowledge.

Vulnerability refers to a weakness in a software system or network that can be exploited by

attackers to gain unauthorized access, disrupt system operations, or compromise data. Exploits
are the means by which attackers capitalize on these vulnerabilities to carry out malicious
activities.

Types of Exploits

New exploits are discovered every day. Exploits are divided into known and
unknown exploits, according to whether someone is patched the vulnerability.

 Known exploits are the ones, which have been already explored and patched by developers.
All known exploits you can find and try in the Exploit Database. It’s an archive of exploits
and vulnerable software. This is a resource for penetration testers, and vulnerability
researchers, where they can find the needed information thanks to an easy navigating system.
You should not confuse it with the CVE list. The CVE (Common Vulnerabilities and
 Exposures) is the list of all known vulnerabilities and exposures. Exploit databases are used to
test CVEs.

After the vulnerability was publicly announced, software developers push out patches via
security updates. It’s critical to update your system as soon as possible. There was a situation
with WannaCry and NotPetya. Both attacks were made after Microsoft has already patched the
vulnerability. These attacks were able to cause billions of dollars in damage.

 Unknown exploits or Zero-Day exploits are created by cybercriminals as soon as they have
found a vulnerability. They use this exploit to attack the victims on the same day as the
vulnerability was discovered. When a Zero-Day attack happens, developers have no time to
patch it. They need some time to update the software and meanwhile, all users are in danger.

Exploits and Databases

Databases also can be exploited as average software. It’s crucial to keep it updated and patched,
as far as databases contain a lot of sensitive information and private data about your customers,
employees, and business.
Some examples of what cybercriminals can do:
 Delete and modify all available data;
 Destroy data and even backups;
 Use data to keeping track of business operations;
 Elevate privileges with forgotten default accounts;
 Attack other systems on the same network.

FINDING VULNERABILITIES AND EXPLOITS

There are numerous tools and methods available to identify vulnerabilities and potential
avenues of exploitation. These tools and methods are essential for organizations and individuals
to proactively protect their systems and data from cyber threats.

There are several ways to find vulnerabilities and exploits in a system. Here are a few methods:

1. Vulnerability scanning: This involves using automated tools to scan a system or

network for known vulnerabilities. These tools can identify weaknesses such as outdated
software, misconfigured settings, or unpatched security flaws.

2. Penetration testing: Also known as ethical hacking, penetration testing involves

simulating a cyber attack to identify vulnerabilities in a system. This can be done using
both automated tools and manual techniques to uncover potential exploits.
3. Code review: For software and applications, conducting a thorough review of the source
code can reveal vulnerabilities that might be exploited by attackers. This involves
analyzing the code for errors, logic flaws, and other security issues.
4. Security research: Staying updated on security news, industry reports, and security
advisories can provide insight into new vulnerabilities and exploits that have been
discovered. This can help organizations proactively address potential security threats.
5. Threat modeling: By systematically assessing the security of a system and identifying
potential attack vectors, organizations can anticipate where vulnerabilities might exist
and make informed decisions on how to address them.
Once vulnerabilities have been identified, it's important to address them to mitigate potential
exploits. This can involve applying software patches, updating configurations, implementing
security best practices, and conducting regular security assessments to stay ahead of emerging
threats.
Finding vulnerabilities and exploits requires a combination of automated tools, manual
techniques, and ongoing vigilance to protect systems and networks from potential security
threats. Regular security assessments, staying informed about new vulnerabilities, and
maintaining a proactive approach to security are essential for safeguarding against exploits.

Vulnerability Assessment vs. Penetration

Testing
Vulnerability assessment is more focused on identifying vulnerabilities and weaknesses,
while penetration testing involves actively exploiting those vulnerabilities to assess their real-
world impact. Vulnerability assessments help organizations identify areas that need attention
and prioritize fixes, while penetration testing helps organizations understand the potential
consequences of successful attacks and improve their incident response capabilities.
Key features of a vulnerability assessment:

 Scanning: Automated tools are used to scan the target system for known vulnerabilities.
 Identifying Weaknesses: The assessment identifies security weaknesses and provides a
prioritized list of vulnerabilities.
 No Exploitation: Vulnerability assessment does not involve actively exploiting
vulnerabilities; it focuses on identification and reporting.
 Remediation Recommendations: The assessment results typically include
recommendations for remediation and mitigation.

Key features of penetration testing:

 Active Exploitation: Penetration testing involves actively attempting to exploit

vulnerabilities to assess their impact.
 Realistic Scenarios: Testers simulate real-world attack scenarios to identify potential entry
points and the extent of damage that could occur.
 Manual and Automated Testing: Both manual techniques and automated tools are used to
identify and exploit vulnerabilities.
 Limited Scope: Penetration testing usually focuses on specific target systems or components.
 Actionable Insights: Penetration testing provides actionable insights into the effectiveness
of security measures and the potential impact of successful attacks.

Vulnerability Assessment Types

Several types of vulnerability assessments can be conducted, including:

1. Network-Based Vulnerability Assessment

A network-based vulnerability assessment identifies vulnerabilities in network devices

such as routers, switches, firewalls, and other network infrastructure components. The
primary goal of a network-based vulnerability assessment is to identify weaknesses in the
network that attackers could exploit to gain unauthorized access, steal data, or launch attacks.

2. Application-Based Vulnerability Assessment

An application vulnerability assessment identifies vulnerabilities in software applications,

including web applications, mobile applications, and desktop applications.
These assessments typically involve testing the application for common vulnerabilities, such
as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
Application vulnerability assessments can be performed using both automated and manual
methods.

3. API-Based Vulnerability Assessment

API vulnerability assessment is conducted to identify and mitigate potential security risks in
APIs. This process identifies vulnerabilities and weaknesses in the API’s design,
implementation, and deployment. The goal is to ensure that the API is secure, reliable, and
resilient to attacks.

4. Host-Based Vulnerability Assessment

A host-based vulnerability assessment identifies vulnerabilities in individual host systems,

including servers, workstations, and laptops.

These assessments typically involve scanning the host system for known vulnerabilities, such
as missing security patches or outdated software. Host-based vulnerability assessments can
be performed using both automated and manual methods.

5. Wireless Network Vulnerability Assessment

A wireless network vulnerability assessment focuses on identifying vulnerabilities in

wireless networks, including Wi-Fi networks. These assessments typically involve testing
the wireless network for common vulnerabilities, such as weak encryption, default
passwords, and rogue access points.

Wireless network vulnerability assessments can be performed using specialized software

tools and techniques.

6. Physical Vulnerability Assessment

A physical vulnerability assessment identifies vulnerabilities in physical security measures,

such as locks, surveillance cameras, and access control systems. These assessments typically
involve physical inspections of the facility and its security measures.

7. Social Engineering Vulnerability Assessment

A social engineering vulnerability assessment identifies vulnerabilities in human

behaviour, such as phishing attacks and other social engineering techniques.
This vulnerability assessment type typically involves simulated attacks against employees to
test their awareness of security threats and their ability to identify and respond to them.

8. Cloud-Based Vulnerability Assessment

A cloud-based vulnerability assessment identifies vulnerabilities in cloud infrastructure and

services, such as Amazon Web Services (AWS) and Microsoft Azure. These assessments
scan the cloud infrastructure for known vulnerabilities and test the security of cloud
applications and services.

What Is Penetration Testing?

Penetration testing (pentesting), is a cybersecurity technique used by organizations to identify

and remediate security vulnerabilities. Organizations hire ethical hackers to imitate the
tactics and behaviors of external attacks. This makes it possible to evaluate their potential
to compromise computer systems, networks, or web applications.

1. Network Penetration Testing

Network penetration testing finds and exploits the most exposed vulnerabilities in
network infrastructure such as servers, firewalls, and switches. This type of testing can
help protect your business from common network-based attacks, such as:

 Firewall misconfiguration and firewall bypass

 IPS/IDS evasion
 Router attacks
 DNS-level attacks
 Zone transfer attacks
 Switching or routing-based attacks
 SSH attacks
 Proxy server attacks
 Attacks on unnecessary open ports
 Database attacks
 Man-in-the-middle (MitM) attacks
 FTP/SMTP-based attacks
2. Web Application Penetration Testing
Web application penetration testing is used to find vulnerabilities in web-based applications. It
uses a three-step process:

1. Reconnaissance—discovering information about web servers, operating systems,

services, resources, and more used by the web application
2. Discovery—finding vulnerabilities in the web applications and planning attack vectors
to be used in the penetration test.
 3. Attack—exploiting a vulnerability to gain unauthorized access to the application or its
data.
Penetration testing of web applications can identify security vulnerabilities in databases, source
code, and backend networks of web-based applications. It can not only identify vulnerabilities
but also help prioritize them and provide solutions to mitigate them.

3. Wireless Penetration Testing

Wireless communications are services that allow data to move in and out of networks and
must be protected from unauthorized access and data exfiltration. Wireless penetration
testing is used to identify risks associated with wireless networks and evaluate weaknesses
such as:

 Deauthentication attacks
 Misconfiguration of wireless routers
 Session reuse
 Unauthorized wireless devices
4. Physical Penetration Testing
If a threat actor has physical access to a server room or other sensitive facility, they can
potentially compromise the entire network, which can have devastating effects on business,
customers, and partnerships. Physical penetration testing can help secure an organization’s
physical assets from threats such as social engineering, tailgating, and badge cloning.

Physical penetration testing finds weaknesses in physical controls such as locks, doors,
cameras, or sensors, and allows the organization to quickly remediate defects.

5. Social Engineering Penetration Testing

When it comes to security, users are often considered the weakest link of the security chain,
and are a common target for attackers. Social engineering penetration testing focuses people
and processes in the organization and the security vulnerabilities associated with them. It is
performed by ethical hackers who attempt social engineering attacks which are commonly
experienced in the workplace, such as phishing, USB dropping, and spoofing.

The goal is to identify vulnerable individuals, groups, or processes, and to develop pathways
for improving security awareness.

6. Client-Side Penetration Testing

Client-side penetration testing tests can uncover security vulnerabilities in software running on
client computers, such as web browsers, media players, and content creation software packages
(such as MadCap Flare, Adobe Framemaker, or Adobe RoboHelp). Attackers often
compromise client-side software to gain access to company infrastructure.

Perform client-side testing to identify specific network attacks, such as:

 Cross-site scripting attacks (XSS)

 Clickjacking attacks
 Cross-origin resource sharing (CORS)
  Form hijacking
 HTML injection
 Open redirection
 Malware infection

7. IoT Penetration Testing

IoT penetration testing looks for security vulnerabilities in connected ecosystems, including
vulnerabilities in hardware, embedded software, communication protocols, servers, and web
and mobile applications related to IoT devices. The types of tests conducted on hardware,
firmware, and communication protocol depend on the connected device. For example,
some devices may require data dumping through electronic components, firmware analysis, or
signal capture and analysis.

8. Mobile App Penetration Testing

Mobile application penetration testing is performed on mobile applications (excluding mobile
APIs and servers), including both static and dynamic analysis:

 Static analysis extracts source code and metadata and performs reverse engineering to
identify weaknesses in application code.
 Dynamic analysis finds application vulnerabilities while the application is running on
a device or server.
9. Red Team Penetration Testing
Red team penetration is an advanced testing technique based on military training exercises.
It uses an adversarial approach, allowing organizations to challenge their security
policies, processes, and plans. Blue teaming, or “defensive security,” involves detecting and
withstanding red team attacks and real-life adversaries.

Red teaming combines physical, digital, and social contexts to simulate a comprehensive real-
life attack scenario, making it distinct from standard penetration testing. It encompasses tasks
related to the various types of penetration testing. While a standard pentest aims to identify as
many vulnerabilities as possible in a set timeframe, it is typically limited by artificial
restrictions such as the task scope.