Open Source Software

Open source software is software in which the source code is also available along with
the software. Moreover, the users have the right to view, modify, and enhance this
code. Furthermore, no license is required for the software. The software can be cost-
free or chargeable. besides, the user can also share the software without any license
violation. Examples are Android, Linux, Apache Server, Ionic, MySQL, etc. People
buy this software due to certain reasons. These reasons are as follows:

 The results are of quite high quality.

 Users can easily change the software according to requirements.

 It is more secure.

 Long term use.

 Transparency.

 Affordable.

 Help in developing skills.

Examples of Open Source Software
1. Operating System

Examples of open source operating system are as follows:

 Linux

 Android

 ReactOS
 Free BSD
2. Web Servers

Examples of open source web servers are as follows:

 Apache HTTP Server

 Apache Tomcat
  Lighttpd

 Node.js
3. Database Systems

Examples of open source database systems are as follows:

 MySQL

 SQLite

 Apache Hive

 Maria DB
4. Mobile Development Frameworks

Examples of open source mobile development frameworks are as follows:

 Ionic

 React Native

 Flutter

 Xamarian
5. QA Automation Tools

Examples of open source QA automation tools are as follows:

 Selenium

 Watir
6. Office Software Suites

Examples of open source office software suites are as follows:

 Apache OpenOffice

 Libre Office
7. Content Management Systems

Examples of open source content management systems are as follows:

  WordPress

 Django

8. Open source office software

 Abiword
 Libre office
 MySQL
 Ingres

Open Source Software Closed Source Software

Source code is available to the users The source code is not available to the users.

Short-form is OSS. Short-form is CSS.

The access specifier for OSS is ‘public’. The access specifier for CSS is ‘private’.

Only the owner of the software can modify or

Users can view and modify the source code.
view the source code.

It is less costly. It is more costly.

 All types of developers can provide Only the owner or the organization of software
improvement for the software. can hire developers to improve the code.

A license is not required. It is compulsory to have a license.

The owner of the software is responsible if

No one is responsible for any failure.
anything happens to the software.

Examples are Android, Linux, Apache Server, Examples are Skype, Java, Adobe flash, WinRAR,
Ionic, MySQL, etc. macOS, etc.

Frequently Asked Questions(FAQs)

Q1. What is open source software?

A1. Open source software is software in which the source code is also available along
with the software. Moreover, the users have the right to view, modify, and enhance this
code.

Q2. What are the examples of open source software?

A2. Examples are Android, Linux, Apache Server, Ionic, MySQL, etc.

Q3. What are the features of OSS?

A3. The features are as follows:

 The results are of quite high quality.

 Users can easily change the software according to requirements.

  It is more secure.

 Long term use.

 Transparency.

 Affordable.

 Help in developing skills.

Q4. What is freeware?

A4. Freeware is available to users free of cost. Moreover, there are no rights of the user
on the source code. Besides, the user cannot distribute the software further.

Q5. What is the difference between open source and closed source software?

A5. The basic difference is that in OSS the source code is available to users along with
the software and no license is compulsory. On the other hand, closed source software
requires a proper license. Also, the user doesn’t have any right over the source code.

Difference between Open Source Software and

Proprietary Software

Open Source Software Proprietary Software

Source code is available to the users The source code is not available to the users.

Short-form is OSS. Short-form is CSS (closed source software).

The access specifier for OSS is ‘public’. The access specifier for proprietary software is ‘private’.
 Only the owner of the software can modify or view the
Users can view and modify the source code.
source code.

It is less costly. It is more costly.

All types of developers can provide Only the owner or the organization of software can hire
improvement for the software. developers to improve the code.

A license is not required. It is compulsory to have a license.

The owner of the software is responsible if anything

No one is responsible for any failure.
happens to the software.

Examples are Android, Linux, Apache Server,

Examples are Skype, Java, Adobe flash, WinRAR, macOS, etc.
Ionic, MySQL, etc.

Freeware (not to be confused with free software) is a type of proprietary software that is
released without charge to the public.

Depending on the freeware's copyright, you may or may not be able to reuse it in software
you're developing. The least restrictive no-cost programs are programs without copyright --
i.e., free software -- that are in the public domain.
Freeware is often created by independent developers and made available for download on their
own websites or through third-party app stores. Many popular programs started out as freeware
before becoming open source software.

The term freeware was first coined by Andrew Fluegelman when he released his PC software
program PC-Talk in 1980 as freeware. Fluegelman wanted others to use and enjoy his program
without having to pay for it. He allowed others to distribute PC-Talk as long as they didn't sell it
or change the code.
What's the difference between freeware and free software?

The main difference between freeware and free software is that free software is released under a
license that allows users to change and distribute the software, whereas freeware is copyrighted
and cannot be modified or distributed.

What's the difference between freeware and open source software?

While freeware may be free, it's not open source software. Open source software is always free
to use, change and distribute -- with some conditions.

Freeware may or may not come with source code. If the source code is not available, users won't
be able to change the program. Many freeware programs are only free for personal use. If users
want to use them for commercial use, they'll need to buy a license.

Open source software is usually developed in a public, collaborative way. Anyone can contribute
to the code and make changes as they see fit. The most famous example of open source software
is Linux.

 Examples of Freeware:
1. GIMP
2. Adobe Reader
3. Yahoo Messenger
4. Moodle
5. Cripple ware
6. Core FTP
7. Audio Grabber
8. Nagware
9. Shovelware
10. CCleaner
 11. Libre office
12. Recuva
13. Winzip
14. Audacity
15. ImgBurn
16. Team viewer
17. GetRight
18. Codelobster
19. MSN Messenger
20. Google talk
21. Moodle
22. Skype
23. Instant messaging and the Google toolbar

Shareware
Shareware is software that is available free of cost but only up to a certain time limit.
Furthermore, after the time limit, the user has to pay the money to use the full-featured
version of the software. Since, after the time limit, the software deactivates itself. Its
main advantage is that users can understand and know about the software before
buying it.

Besides, the user can share the software free of cost during the trial period. Therefore,
we can say that these are demo or trial versions of the original software. Hence, the
name is also demoware or trial software. The idea of using the software is ‘try before
you buy’. These are usually famous for gaming software since the developers provide
them to so that users can try any new game. Therefore, it helps to gain popularity for
their software. Examples are WinZip, Adobe Acrobat 8 Professional, GetRight, etc.

Types of Shareware
There are several types of shareware software. They are as follows:

1. Adware

Adware stands for “advertising-supported software”. This software basically displays

advertisements to earn revenue for the developer. Moreover, we can say that they
usually display unwanted advertisements. These appear either during the installation
process or while using the software interface.
Besides, this software also shares some information from your system with the vendor.
So that they can display ads according to the user’s interest. Therefore, in a way, they
act as malicious software.

Examples are Adblock Plus, Skype, Fireball, Appearch, DeskAd, Gator, etc.

2. Demoware

It is a trial version of the software that provides a demo or trial of the software. It
further divides into two categories. They are as follows:

a) Crippleware
This software provides only a certain number of features until the user does not
purchase the full version of the software. Furthermore, there is a time limit until which
the user can use the software but only with limited features. Besides, it may block
certain features like saving or printing the files. Also, it may provide some unwanted
features like watermarks on the pictures and videos.

b) Trialware
In this software, the user can use all the features of the software within the time limit.
Hence, it provides full usage and the right to know the software fully. After the trial
period gets over the user can either use only certain features (crippleware) or the whole
software deactivates. If the user further wants to use the software he should buy the
license to unlock the software.

3. Donationware

It is the type of software that provides the full-featured version to the user and requests
the user to pay an optional amount. Furthermore, this means that the payment is just
optional. Moreover, this payment is usually for a non-profit organization or it can be
for the developer to support the future of the software. The amount of payment may be
denoted by the developer himself or it can be as per the user’s choice. Hence, this
software is usually for earning revenue for a non-profit cause.

4. Nagware

This software continuously reminds the user to pay for the software. They
continuously display alert messages or dialogue boxes either on starting the software or
while using the application. Besides some software also applies watermarks on files
clearly stating that the files are of an unlicensed copy of the software.

Moreover, there may be some messages which will disappear only when the user pays
the amount. Therefore, these messages continuously annoy users. Hence, their name is
also begware, annoyware, or begscreen. Examples are WinZip, WinRAR, Spotify,
etc.

5. Freemium

This software provides the full-featured version of the software. But, at the same time,
the user has to pay an amount for the premium version. The premium version of the
software contains some advanced features of the software. Therefore, all the basic
features are free of cost but the special features are provided only after purchasing the
license. For example CCleaner. These are also called as ‘lite’ version of the software.

Advantages of Shareware
Advantages of shareware are as follows:

 It is initially free for the customers.

 The user can fully understand the capabilities and flaws of the software.

 One will not have to pay money for software he doesn’t like.

 A lot of overhead expenses of printing and packaging of software are saved

for the author.
Disadvantages/Threats of Shareware
There are many threats to using shareware. They are as follows:

 Malware: Hackers can fool users using adware and make them download
malicious software.

 Security Vulnerabilities: The shareware is usually more at risk. Since there

is no license in the beginning and there are no updates therefore if the
software is left unused on the system it may pose risk to the system.
  Sponsored Software: Some shareware may download a secondary
program which can cause a threat to the system.

 Data Leaks: Some software is such which can send the data of the system
to the author which can be a great threat.

 No access after the trial period.

Freeware
Users can use this software without any cost. Furthermore, it does not mean that the
source code is also available along with the software. No such right to read or modify
the source code is given. Moreover, users cannot distribute this software. We can say
that these are closed source software.

Advantages of freeware are as follows:

 Available to users free of cost.

 Distribution is free of cost.

Examples are Adobe PDF, Yahoo Messenger, Google Talk, MSN messenger, etc.

Difference between Freeware and Shareware

Freeware Shareware

Software is free of cost. Free of cost but only for a certain time duration.

It is usually fully functional and all the features are

Only certain features are available for the trial period.
available.

Distribution is free of cost. Free distribution may require the author’s permission
 There is no time limit for usage. There is a certain trial period usually 30 days.

Examples are MSN Messenger, Adobe PDF, Yahoo

Examples are WinZip, Getright, etc.
Messenger, etc.

Q1. What is shareware?

A1. Shareware is software that is available free of cost but only up to a certain time
limit. Furthermore, after the time limit, the user has to pay the money to use the full-
featured version of the software.

Q2. What is the other name for shareware?

A2. Its name is also demoware or trial software.

Q3. What are the types of shareware?

A3. Types of shareware are as follows:

 Adware

 Demoware: Crippleware and Trialware

 Donationware

 Nagware

 Freemium
Q4. Give examples of shareware.
A4. Examples of shareware are as follows:

 WinZip

 Adobe Acrobat 8 Professional

 GetRight

 Adblock Plus

 Skype

 Fireball
 Appearch
Q5. What is the advantage of shareware?

A5. Its main advantage is that users can understand and know about the software
before buying it

Cyber Security is the practice of Protecting computers, mobile devices, Servers,

electronic Systems, networks, and data from malicious attacks. It’s also known
as Information Security (INFOSEC), Information Assurance (IA), or System
Security.
"Cyber security is primarily about people, processes, and technologies working together
to encompass the full range of threat reduction, vulnerability reduction, deterrence,
international engagement, incident response, resiliency, and recovery policies and
activities, including computer network operations, information assurance, law
enforcement, etc."
OR
Cyber security is the body of technologies, processes, and practices designed to protect
networks, computers, programs and data from attack, damage or unauthorized access.
 The term cyber security refers to techniques and practices designed to protect digital
data.
 The data that is stored, transmitted or used on an information system.
OR
Cyber security is the protection of Internet-connected systems, including hardware,
software, and data from cyber attacks. It is made up of two words one is cyber and other
is security.
 Cyber is related to the technology which contains systems, network and programs or
data.
  Whereas security related to the protection which includes systems security, network
security and application and information security.
Cyber security Fundamentals – Confidentiality:
Confidentiality is about preventing the disclosure of data to unauthorized parties. It also
means trying to keep the identity of authorized parties involved in sharing and holding data
private and anonymous. Often confidentiality is compromised by cracking poorly encrypted
data, Man-in-the-middle (MITM) attacks, disclosing sensitive data.
Standard measures to establish confidentiality include:
 Data encryption
 Two-factor authentication
 Biometric verification
 Security tokens
Integrity
Integrity refers to protecting information from being modified by unauthorized parties.
Standard measures to guarantee integrity include:
 Cryptographic checksums
 Using file permissions
 Uninterrupted power supplies
 Data backups
Availability
Availability is making sure that authorized parties are able to access the information when
needed.
Standard measures to guarantee availability include:
 Backing up data to external drives
 Implementing firewalls
 Having backup power supplies
 Data redundancy
Types of Cyber Attacks
A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to
alter computer code, logic or data and lead to cybercrimes, such as information and identity theft.
Cyber-attacks can be classified into the following categories:
1) Web-based attacks
2) System-based attacks
Web-based attacks
These are the attacks which occur on a website or web applications. Some of the important web-
based attacks are as follows

1. Injection Attacks

Injection attacks refer to a broad class of attack vectors. In an injection

attack, an attacker supplies untrusted input to a program. This input gets
processed by an interpreter as part of a command or query. In turn, this
alters the execution of that program.

Injections are amongst the oldest and most dangerous attacks aimed at
web applications. They can lead to data theft, data loss, loss of data
integrity, denial of service, as well as full system compromise. The primary
reason for injection vulnerabilities is usually insufficient user input
validation.

This attack type is considered a major problem in web security. It is listed

as the number one web application security risk in the OWASP Top 10 –
and for a good reason. Injection attacks, particularly SQL Injections (SQLi
attacks) and Cross-site Scripting (XSS), are not only very dangerous but
also widespread, especially in legacy applications.

What makes injection vulnerabilities particularly scary is that the attack

surface is enormous (especially for XSS and SQL Injection vulnerabilities).
Furthermore, injection attacks are a very well understood vulnerability
class. This means that there are many freely available and reliable tools
that allow even inexperienced attackers to abuse these vulnerabilities
automatically.
Types of Injection Attacks

SQL injection (SQLi) and Cross-site Scripting (XSS) are the most common
injection attacks but they are not the only ones. The following is a list of
common injection attack types.

Injection attack Description Potential impact

Code injection The attacker Full system compromise

injects
application
code written in
the application
language. This
code may be
used to
execute
operating
system
commands
with the
privileges of
the user who is
running the
web
application. In
advanced
cases, the
attacker may
exploit
additional
privilege
escalation
vulnerabilities,
which may
lead to full
web server
compromise.

CRLF injection The attacker Cross-site Scripting (XSS)

injects an
Injection attack Description Potential impact

unexpected
CRLF (Carriage
Return and
Line Feed)
character
sequence. This
sequence is
used to split an
HTTP response
header and
write arbitrary
contents to
the response
body. This
attack may be
combined with
Cross-site
Scripting (XSS).

Cross-site The attacker  Account impersonation

Scripting (XSS) injects an  Defacement
arbitrary script  Run arbitrary JavaScript in
(usually in the victim’s browser
JavaScript) into
a legitimate
website or
web
application.
This script is
then executed
inside the
victim’s
browser.

Email Header This attack is  Spam relay

Injection very similar to  Information disclosure
CRLF
injections. The
attacker sends
Injection attack Description Potential impact

IMAP/SMTP
commands to
a mail server
that is not
directly
available via a
web
application.

Host Header The attacker  Password-reset poisoning

Injection abuses the  Cache poisoning
implicit trust of
the HTTP Host
header to
poison
password-
reset
functionality
and web
caches.

LDAP Injection The attacker  Authentication bypass

injects LDAP  Privilege escalation
(Lightweight  Information disclosure
Directory
Access
Protocol)
statements to
execute
arbitrary LDAP
commands.
They can gain
permissions
and modify the
contents of the
LDAP tree.

OS Command The attacker Full system compromise

Injection injects
operating
Injection attack Description Potential impact

system
commands
with the
privileges of
the user who is
running the
web
application. In
advanced
cases, the
attacker may
exploit
additional
privilege
escalation
vulnerabilities,
which may
lead to full
system
compromise.

SQL Injection The attacker  Authentication bypass

(SQLi) injects SQL  Information disclosure
statements  Data loss
that can read  Sensitive data theft
or modify  Loss of data integrity
database data.  Denial of service
 Full system compromise.
In the case of
advanced SQL
Injection
attacks, the
attacker can
use SQL
commands to
write arbitrary
files to the
server and
even execute
OS commands.
This may lead
 Injection attack Description Potential impact

to full system
compromise.

XPath injection The attacker  Information disclosure

injects data  Authentication bypass
into an
application to
execute
crafted XPath
queries. They
can use them
to access
unauthorized
data and
bypass
authentication.

DNS Spoofing means getting a wrong entry or IP address of the requested site from
the DNS server. Attackers find out the flaws in the DNS system and take control and
will redirect to a malicious website. Have you ever stumbled across emails and
websites that seem suspicious but you aren’t sure if it has been authenticated
or not? I am sure we all have seen an email or a website that has all of the
signs of being suspicious and our spidey senses go off. I am writing this to help
explain what you saw and the potential dangers of what you could’ve been a
victim of. This article is about DNS spoofing.
DNS spoofing or DNS cache poisoning is an attack in which altered DNS
records are used to redirect users or data to a fraudulent website or link that is
camouflaged as the actual destination. An example of this would be when you
go to facebook.com on an unsecured network with no antivirus. If someone
happens to be sniffing on your open port or has already done a man-in-the-
middle attack, then they are able to corrupt the DNS records. Therefore,
redirecting you to a fake Facebook page that is a replica of the official login
page. When you type in your username and password they will be able to steal
your login credentials and inject a virus or worm into your IP address.
So going more into the details of what DNS spoofing is in the simplest of terms.
Every computer and device has an IP address and every website has a domain
name(www.google.com) that allows internet users to visit the page. The DNS or
domain name system then maps out and plots out the domain name that users
enter to the appropriate IP address to properly route the traffic. The sorting and
routing is handled by the DNS servers. DNS poisoning is when a hacker injects
a corrupt piece of DNS instructions into the DNS server and takes advantage of
an exploit in the process of redirecting traffic. The corrupt piece of DNS data
that is sent to the DNS server is now redirecting traffic to a fake login page that
looks exactly like the official page. When the users enter their credentials, it is
either being recorded through a keylogger or being sent in a .txt file to the
hacker so they have the information stored in an alternate location.
A way to interpret this process and vulnerability is to look at it in the form of
something you can relate to. Let’s say you are going to your favorite grocery
store to get groceries. You have to get rice, canned beans, some bread, deli
meat, etc. So you get to the grocery store and you see that obviously there are
aisles where different items are located(this can be related to the many
websites out there and domain names). So you grab all of your items and go to
the checkout lines. Since all of the checkout lines are full you will usually have
an attendant directing people to the next available opening in a checkout
aisle(this is the DNS servers directing and routing all traffic to the websites). So
you are directed to the next aisle and checkout and pay for all of your items but
the cashier working there was not really an employee and has stolen
everyone’s credit card information in that line(this is the hacker injecting a
corrupt DNS entry into the DNS servers and redirecting users to the fake login
page and stealing their login credentials).
In above image –

1. Request to Real Website: User hits a request for a particular website it goes
to the DNS server to resolve the IP address of that website.
2. Inject Fake DNS entry: Hackers already take control over the DNS server by
detecting the flaws and now they add false entries to the DNS server.
3. Resolve to Fake Website: Since the fake entry in the DNS server redirect the
user to the wrong website.

To Prevent From DNS Spoofing –

DNS Security Extensions (DNSSEC) is used to add an additional layer of security in
the DNS resolution process to prevent security threats such as DNS Spoofing or DNS
cache poisoning.
DNSSEC protects against such attacks by digitally ‘signing’ data so you can be
assured it is valid.

When an attacker takes over your internet session and controls your web activities, like
while you’re checking your credit card balance, paying your bills, or online shopping,
such an attack is known as session hijacking.
Session hijackers usually target browser or web application sessions. Once they access
these sessions, they could do anything that is accessible to you on the site. In effect, a
hijacker fools the website into thinking they are you.
Like a terrorist hijacking an aeroplane and putting the passengers in danger, when a
session hijacker takes over an internet session, they can cause massive trouble for the
users.