Unit-2 Application Security

What is a software?
“software is like a big collection of all sorts of computer programs, while an application is just one of
those programs, designed for a specific purpose’’.

What is an Application?
An application, commonly referred to as an "app," is a software program designed to perform a specific
task on a computer or mobile device.

What is Application security?

Application security is the process of testing security features within applications to prevent security
loopholes against threats such as unauthorized access and modification.

Email (short for electronic mail) is a digital method by using it we exchange messages
between people over the internet or other computer networks

we can send and receive text-based messages, often an attachment such as documents, images,
or videos, from one person or organization to another.

Email security
Email security can be defined as the use of various techniques to secure sensitive
information in email communication and accounts against unauthorized access, loss, or
compromise.

1. Phishing:.
Phishing got its name from “phish” meaning fish; Phishing is when someone creates a fake website or
sends fake emails that look real, like they're from a bank or a company you trust. They do this to trick you
into giving them your personal information

The main motive of the attacker behind phishing is to gain confidential information like
 Password
 Credit card details
 Social security numbers
 Date of birth
Example- The original logo of the email is used to make the user believe that it is indeed the original email.
But if we carefully look into the details, we will find that the URL or web address is not authentic.

2. Malware Attachments:
Malware attachments are like sneaky viruses hiding in emails or downloads. They're files that seem
harmless, like documents or photos, but when you open them, they infect your device.
 For example, you might get an email with a file attached that looks like an invoice or a job offer. But
if you open it, it could secretly install malware on your computer, stealing your data or causing
damage
3. Spoofing:
 Faking the sender's email address to make it look like the email is from someone
trustworthy, aiming to deceive you. Example: You receive an email that appears to be from a
friend, but upon closer inspection, you notice that the sender's email address has been
spoofed to look like your friend's address. The email asks for personal information or money.

4. Ransomworm:
 Definition: A ransomworm is a type of malware that spreads across computer networks by
exploiting vulnerabilities and encrypts files on infected computers. It then demands a
ransom payment in exchange for decrypting the files.
 Simple Explanation: Ransomworm is a type of malware that sneaks into computers, locks up
files, and demands money to unlock them.
Example: Imagine you click on an email attachment that looks innocent, but it secretly
installs a virus on your computer. This virus encrypts all your files, making them unreadable,
and then demands you pay money to get the decryption key.

5. Man-in-the-Middle (MitM) Attack:

 Definition: A man-in-the-middle attack occurs when a malicious actor potentially alters
communication between two parties without their knowledge.
 Example: Suppose Alice wants to send a confidential message to Bob over an insecure
network. An attacker, Eve, positions herself between Alice and Bob, intercepting their
communication. Alice thinks she's sending the message directly to Bob, but Eve can read or
modify the message before forwarding it to Bob. Similarly, when Bob responds, Eve can
intercept and manipulate his response before forwarding it to Alice, creating the illusion of a
private conversation between Alice and Bob while the attacker eavesdrops on their
communication.

6. Email Bombing:
 Definition: Email bombing is a form of cyber attack where a victim's email inbox is flooded
with a large volume of emails, overwhelming the email server and disrupting normal
communication.
 Example: An attacker send thousands of emails to a victim's email address within a short
period of time, causing their inbox to become overloaded and rendering it unusable for
legitimate communication.
7. Whaling:
 Definition: Whaling is a type of phishing attack that specifically targets high-profile
individuals within an organization, such as executives or senior management, with the goal
of stealing sensitive information or financial resources.
  Simple Explanation: Whaling is a sneaky trick where scammers go after the big fish, like
CEOs or important people in a company, to steal valuable information.
 Example: An attacker might send a personalized email to the CEO of a company, posing as a
trusted colleague or business partner, and requesting urgent access to confidential company
data or financial transactions. If the CEO falls for the scam and provides the requested
information, the attacker gains unauthorized access to sensitive resources.

8. Spam
Spam (also known as junk mail) is an unsolicited email. In most cases, spam is a method of
advertising. However, spam can send harmful links, malware, or deceptive content. The end goal is
to obtain sensitive information such as a social security number or bank account information.

9. Scareware
 Scareware persuades the user to take a specific action based on fear.. These windows convey forged
messages stating that the system is at risk or needs the execution of a specific program to return to
normal operation.
 In reality, no problems exist, and if the user agrees and allows the mentioned program to execute,
malware infects his or her system.

Simple Explanation: Scareware is like a fake warning that tries to scare you into doing something,
like buying useless software or giving away personal information.

10. Adware
 Adware typically displays annoying pop-ups to generate revenue for its authors.
 It can then send pop-up advertising relevant to those sites. Some versions of software
automatically install Adware.

Simple Explanation: Adware is like a persistent salesman that bombards you with annoying ads, often
without your permission.

How To Protect Yourself from Email Attacks?

1. Think Before You Click
 Avoid clicking on links or downloading attachments in emails from unknown or suspicious
senders.
2. Verify Sender Identity
 Check the sender's email address and domain for legitimacy before taking any action.
3. Use Strong Passwords

 Create strong, unique passwords for your email accounts and consider enabling multi-factor
authentication (MFA) for extra security.
4. Watch Out for Phishing:
 Be wary of emails asking for personal information or urgent actions, especially if they seem
unexpected or too good to be true.
5. Enable Spam Filters:

 Use email spam filters provided by your email service or install reputable anti-spam software
to filter out malicious emails.
 6. Update Software Regularly:
 Keep your email software, operating system, and antivirus programs up to date to patch
security vulnerabilities.
7. Educate Yourself:
 Learn about common email scams and tactics used by attackers to trick you into revealing
sensitive information.
8. Report Suspicious Emails:
 If you receive a suspicious email, report it to your email provider or IT department to help
protect others from similar attacks.
9. Encrypt Sensitive Emails:
 Use encrypted email protocols or services when sending sensitive information to ensure it
stays private.
10. Trust Your Instincts:

 If an email seems fishy or too good to be true, it probably is. When in doubt, don't click, and
verify the email's legitimacy through other means.

What is Database security?

 Database security involves protecting databases from unauthorized access, misuse,

corruption, or loss of data.
 It's crucial because databases often contain sensitive and valuable information, such
as personal data, financial records, intellectual property, and business secrets.

Threats to Database

1. Insider Threats:

Simple Explanation: Insider threats come from people within the organization who have access to the
database, whether intentionally or unintentionally.

Example: An employee who has access to sensitive customer data downloads it onto a USB drive and sells it
to a competitor. This is a case of a malicious insider threat.

2. Human Error:

Simple Explanation: Human error refers to mistakes made by people, such as using weak passwords or
accidentally deleting important data.

Example: A database administrator accidentally deletes a crucial database table while performing routine
maintenance, leading to data loss and potential disruptions to business operations.

3. Exploitation of Database Software Vulnerabilities:

Simple Explanation: Attackers exploit weaknesses or bugs in the database software to gain unauthorized
access or cause damage.

Example: A hacker discovers a vulnerability in a popular database management system and exploits it to
gain access to sensitive customer information stored in the database.

4. SQL/NoSQL Injection Attacks:

Simple Explanation: Attackers inject malicious code into database queries, typically through web
application forms, to manipulate or extract data.

Example: A hacker enters SQL code into a website's login form to bypass authentication and gain access to
the database, allowing them to steal usernames and passwords.

5. Denial of Service (DoS/DDoS) Attacks:

DoS
 DoS (Denial of Service) Attack: This is when a
single attacker uses one computer to flood a
server or network with excessive traffic,
making it unavailable to legitimate users.
DDoS
 DDoS (Distributed Denial of Service) Attack:
This is when multiple attackers or a network
of compromised computers flood a server or
network with traffic, making it even more
challenging to mitigate due to the
distributed nature of the attack.

 DoS: Can be easier to mitigate because the  DDoS: Harder to defend against due to the
attack comes from a single source. distributed nature, making it challenging to
block the traffic without affecting legitimate
users.

 Example- Imagine you have a single person
calling a pizza restaurant repeatedly. They
call so often that the phone line is always
busy, and legitimate customers can’t place
their orders. This single caller represents a
DoS attack. The restaurant's phone line
(server) is overwhelmed by one person
(attacker).
 Example- Now, imagine instead of one
person, there is an organized group of
thousands of people from all over the world
who continuously call the pizza restaurant
simultaneously. The phone lines are not just
busy; they are completely overwhelmed, and
no legitimate customers can get through at
all. This represents a DDoS attack. The
restaurant's phone lines (server) are
overwhelmed by a large number of people
(botnet) attacking simultaneously.

6) Trapdoors (Back Door)

A trapdoor provides unauthorized access to a system without the knowledge of the system's
regular users or administrators.
Example- Hardcoded Password:- A password built into a device or software that can't be
easily changed.
Example: Some Wi-Fi routers come with a preset admin password that anyone can use if
they know it.

What is an Active Attack and Passive attacks?

Active Attack
Definition: An active attack is a type of cyber attack in which a hacker attacks a system and modifies the
data or the information per his requirements to perform malicious tasks.

Key Points:

 Direct Interaction: The attacker actively interacts with the target system or network.
 Modification or Disruption: The goal is to change or disrupt how the system or network works.
 Threats to Integrity and Availability: Such attacks can damage the accuracy of data (integrity) and
make the system or network unavailable to users (availability).
 Significant Damage: The consequences can include major harm and financial losses for the targeted
organization.

Types of active attacks

1. Masquerade
Explanation: Pretending to be someone else to gain unauthorized access to a system.
Example: A hacker uses stolen login credentials to access a company’s internal system, pretending
to be an employee.

2. Repudiation
Repudiation refers to the ability to deny the authenticity of a transaction or communication.
Non-repudiation ensures that a party in a communication cannot deny the authenticity of their
signature on a document or the sending of a message they originated.
Example: A person makes an online purchase and then falsely claims they did not authorize the
transaction to avoid paying for the goods.

3. Denial of Service (DoS)

Explanation: Overloading a system or network to make it unavailable to users.
Example: An attacker sends a huge number of requests to a website, causing it to crash and
preventing legitimate users from accessing it.

Passive Attack
Definition: A passive attack is a cyber attack in which a hacker attacks a system and copies or reads the
contents of the message or the information available but does not modify the information.
No Alteration: The attacker does not change or disrupt the data or system operations.
Goal: The main aim is to access sensitive or confidential information without being detected.

Types of passive attacks

Eavesdropping: In this type of attack, the hacker listens in on other people’s conversations without their
knowledge.
Traffic analysis: In this attack, the attacker can monitor the traffic between two or more communication
nodes to obtain information about the communication patterns and behavior of the system .

Active Attacks Passive Attacks

Modification of information occurs Modifying the information does not happen during a
during an active attack. passive attack.

Active attack poses a threat to integrity Confidentiality is at risk from passive attacks.
and availability.

During an active attack, the focus is on During a passive attack, the focus is on avoiding harm.
detection.

System resources can be modified System resources do not alter when in the passive
during an active attack. attack.

Data security considerations

Data security considerations encompass the principles, practices, and technologies implemented to protect
data from unauthorized access, disclosure, alteration, destruction, or other forms of compromise.

1) Backup:
 Regular backups should be performed to ensure that data can be recovered in the event of
loss, corruption, or cyber attacks.
 Utilize encryption for backup data to protect it from unauthorized access during
transmission and storage.
 Implement a backup strategy that includes both onsite and offsite backups to mitigate risks
such as natural disasters or physical theft.
  Test Your Backups: Check your backups regularly to make sure they actually work and you
can restore your data if needed.
 Automate if Possible: Set up your backups to happen automatically so you don't forget to do.

Example- A small business implements a backup strategy for its customer database, financial
records, and employee information. They schedule daily backups of these critical data to an
onsite server and replicate these backups to a cloud storage provider.

2. Archive Storage:
 Differentiate between backup and archive data. Backup data is typically more recent and
actively used, while archive data is older and less frequently accessed but still important for
compliance or historical purposes.
 Old but Important: Archive storage is for old data that you still need but don't use very often.

 Secure Your Archives: Keep archive data safe with strong security measures like encryption
and limited access.

 Keep Track: Keep a record of what you've archived and where it's stored so you can find it if
you need it later.

Example- A healthcare organization is required to retain patient records for a minimum of

seven years after the last patient encounter for compliance with regulatory requirements.
They implement an archive storage solution where patient records that are older than two
years are moved from their primary database to a secure, encrypted storage system with
restricted access.

3. Disposal of Data:
 Get Rid of Unneeded Data: Delete data you don't need anymore to reduce the risk of it being stolen
or causing problems.
 Delete Securely: Make sure to delete data securely so it can't be recovered by anyone else.
 Destroy Physical Copies: If data is on physical things like hard drives or papers, destroy them
properly so nobody can get the information.

For example: A financial institution regularly upgrades its IT infrastructure and needs to dispose of
decommissioned hardware, including hard drives containing sensitive customer information.

What is a Firewall?
 A firewall can be defined as a special type of network security device or a software program that
monitors and filters incoming and outgoing network traffic based on a defined set of security rules.
 It acts as a barrier between internal private networks and external sources (such as the public
Internet).

The primary purpose of a firewall is to allow non-threatening traffic and prevent malicious or unwanted
data traffic for protecting the computer from viruses and attacks.
Firewall working
A firewall operates like a security checkpoint, monitoring and filtering incoming and outgoing traffic based
on a set of rules. Here's a simplified breakdown of its process:
* Packet Inspection: The firewall examines each data packet traveling across the network. This packet
contains information like sender, receiver, and the type of data being transferred.
* Rule Matching: The firewall compares the packet against its predefined security rules. These rules
specify which traffic is allowed and which is blocked.

* Action Taken: Based on the rule match, the firewall takes action. It might allow the traffic to pass
through, reject it, or drop it silently.

Types of Firewall

1) Packet Filters (Static Firewalls)

 Controls network access by checking source and destination IP addresses, protocols, and ports of
incoming and outgoing data packets.
 Example: If a packet comes from an unknown IP address, it gets blocked.

2) Stateful Inspection Firewalls (Dynamic Packet Filtering)

 Monitors the state of active connections and decides which network packets to allow through the
firewall based on the context of the traffic.
Example: Only allows a packet if it’s part of a valid session between two devices.

Difference
Stateful Firewalls
 Track the state of active connections and make decisions based on the context of the traffic.
 These firewalls remember and track the details of ongoing connections.

Stateless Firewalls
Make decisions based on individual packets without considering the state of connections.
These firewalls check each data packet individually without remembering past interactions.
3) Application Layer Firewalls
 Examines data at the application layer (e.g., HTTP requests) and blocks harmful applications.
 Example: Blocks a suspicious website trying to access your network.

4) Circuit-Level Gateways
 Function: Provides security for TCP and UDP connections by working at the session layer.
 Example: Ensures a secure session between a client and a server, like when accessing a secure
website.

Firewall Anti-Virus
Purpose: Acts like a security guard at the entrance Purpose: Acts like a doctor for your computer.
of your network.

Function: Blocks or allows data traffic based on set Function: Scans and removes viruses and other
rules. malicious software.

Focus: Protects your network from unauthorized Focus: Protects individual devices from malware
access and harmful traffic. infections.

Examples of Use: Preventing hackers from entering Examples of Use: Detecting and removing viruses,
your network, blocking unwanted connections. spyware, and ransomware on your computer.

Functions/Advantages of Using Firewalls

1. Protection from Unauthorized Access: Firewalls can block traffic from certain IP addresses or
networks, preventing hackers and malicious actors from easily accessing your network or system.

2. Prevention of Malware and Other Threats: Firewalls can identify and block traffic associated with
known malware and other security threats, helping to protect your network from attacks.

3. Control of Network Access: Firewalls allow you to restrict access to specific servers or applications
to authorized individuals or groups, ensuring that only the right people can use certain network
resources.

4. Monitoring of Network Activity: Firewalls can track and log all network activity, making it easier to
spot unusual or suspicious behavior.

5. Regulation Compliance: Many industries require the use of firewalls to meet legal or regulatory
standards, ensuring your network security practices comply with necessary rules.

Summary
 Firewall: Guards the network's entrance, controlling what comes in and goes out.
 Antivirus: Protects the inside of a device, scanning for and removing harmful software.
 The advantages of using a VPN include:

 Enhanced Security: VPNs encrypt your internet connection, making it difficult for hackers or
unauthorized parties to intercept your data.
 Privacy Protection: By masking your IP address and encrypting your internet traffic, VPNs help
maintain your online privacy and anonymity.
 Access to Restricted Content: VPNs allow you to bypass geographical restrictions and access
content or services that may be blocked in your location.
 Secure Remote Access: VPNs enable secure remote access to corporate networks, allowing
employees to work from home or while traveling without compromising security.
 Safe Public Wi-Fi Usage: When connected to public Wi-Fi networks, VPNs ensure that your data
remains protected from potential threats and cyber attacks.

VPN (Virtual Private Network)

VPN stands for Virtual Private Network. It allows you to connect your computer to a private network,
creating an encrypted connection that masks your IP address to securely share data and surf the web,
protecting your identity online.

Advantages

Unlimited Streaming:

 VPNs help unlock streaming services so you can watch your favorite shows and sports games from
anywhere.

Better Gaming Experience:

 VPNs add security and convenience to gaming, protecting you from competitors trying to disrupt
your gameplay and improving your connection for smoother gaming sessions.
 They also let you access exclusive games not available in your region.

Anonymous Torrenting:

 VPNs hide your IP address, keeping your identity private while downloading copyrighted content
through torrents.

Faster Internet Speed:

 VPNs prevent your Internet Service Provider (ISP) from slowing down your connection by keeping
your online activities anonymous, leading to faster download speeds, especially for large files.

Securing Public Wi-Fi:

 VPNs encrypt your internet connection, protecting your data from hackers and eavesdroppers when
using public Wi-Fi networks like those in coffee shops or airports.
Intrusion Detection System (IDS)
 An Intrusion Detection System (IDS) is like a security guard for your computer network.
 It watches over the network traffic and looks for any suspicious or harmful activities.
 When it detects something fishy, it immediately alerts the system administrator. Essentially, it's software that
keeps an eye on your network to protect it from unauthorized access and potential attacks by identifying and
flagging any unusual behavior or violations of security policies.

Advantages
1. Detects Malicious Activity:

IDS can catch suspicious activities on your network and alert administrators before they cause harm.

2. Improves Network Performance:

By identifying issues, IDS helps optimize network performance, ensuring smoother operations.

3. Meets Compliance Requirements:

IDS aids in meeting regulatory standards by monitoring network activity and generating compliance
reports.

4. Provides Insights:

IDS offers valuable insights into network traffic, helping identify weaknesses and enhance overall
security.