Vulnerabilities and

Weaknesses

Prepared by: Gary June D. Benoya

 LEARNING OUTCOMES:
At the end of the session, the students should be able to:
1. Differentiate internal and external weaknesses or the vulnerability
2. Explain and discussed attacker cause buffer overflow
3. Designed counter measurement
Top five cyber security vulnerabilities
• Injection vulnerabilities
Injection vulnerabilities occur every time an application sends
untrusted data to an interpreter.

• The most popular injection vulnerabilities affect SQL, LDAP, XPath,

XML parsers and program arguments.
Top five cyber security vulnerabilities
•Buffer Overflows
A buffer overflow vulnerability condition exists when an
application attempts to put more data in a buffer
than it can hold.

• Writing outside the space assigned to buffer allows an attacker to

overwrite the content of adjacent memory blocks causing data
corruption, crash the program, or the execution of an arbitrary
malicious code.
Top five cyber security
vulnerabilities
•Sensitive Data Exposure
Sensitive data exposure occurs every time a threat
actor gains access to the user sensitive data.

Sensitive data exposure refers the access to data at

rest, in transit, included in backups and user
browsing data.
Top five cyber security vulnerabilities
• Broken Authentication and Session Management
The exploitation of a broken Authentication and Session
Management flaw occurs when an attacker uses leaks or
flaws in the authentication or session management
procedures

• (e.g. Exposed accounts, passwords, session IDs) to impersonate

other users.
Top five cyber security
vulnerabilities
• Security Misconfiguration
I consider this category of vulnerability the most
common and dangerous.
It is quite easy to discover web servers and applications
that have been misconfigured resulting in opening to
cyber-attacks.
Typical Examples of
Security Misconfiguration Flaws:

• Running outdated software.

• Applications and products running in production in
debug mode or that still include debugging modules.
• Running unnecessary services on the system.
• Not configuring problems the access to the server
resources and services that can result in the
disclosure of sensitive information or that can allow an
attacker to compromise it.
Some typical example of security misconfiguration
flaws:

•Not changing factory settings (i.e. default keys and

passwords).
• Incorrect exception management that could disclose
system information to the attackers, including stack traces.
• Use of default accounts.

The exploitation of one of these above scenarios could allow an attacker

to compromise a system.
How to be secured?

• Leave the Firewall Enabled and Configure It

Correctly
• Uninstall Java
• Keep Your Software Updated — Automatically if
Possible
• Be Careful About Programs You Download and Run
How to be secured?
• Avoid Pirated and Cracked Software
• Beware of Phishing and Social Engineering
• Don’t Reuse Passwords
• Use Secure Passwords
What makes a system secure?
• Protect with passwords.
• Design safe systems.
• Conduct screening and background checks.
• Provide basic training.
• Avoid unknown email attachments.
• Hang up and call back.
What makes a system secure?

• Think before clicking.

• Use a virus scanner, and keep all software up-to-
date.
• Keep sensitive data out of the cloud.
• Stay paranoid.
THANK YOU!!!!
THANK YOU!!!!
 Research Topic:
• How Virus works(Sample codes, how virus flow in the internet and network)
• Blockchain Security (How blockchain can play a major role in Cyber Security.)
• Cryptography( DES, AES, IDEA, SSL, TLS and all.)
• Malware Analysis and Reverse Engineering( analysis, detection, remediation, and
technical discussions on decent or broken functionality within anti-malware tools.)
• Ransomware (You can give brief of past ransomware attacks- NotPetya, Bad Rabbit,
WannaCry etc.)
• Mobile Security (Data leakage by using third part apps, avoiding fake access points
through hotspots.)
• Web Security (SQL Injection, XSS, CSRF attacks etc)
• Computer Security, Ethics and Privacy
THANK YOU!!!!