Cyber

security
Internship
Introducti
At our Diploma in Computer Science and engineering program, we don't just
on
learn the theory of cyber security - we put it into practice! During our 5th
semester, we had the opportunity to dive deep into the subject in our program
specialization pathway. From understanding its importance to mastering the
principles and best practices, we were ready to tackle any challenges that
came our way..

During our internship period, we had the valuable opportunity to apply the
theoretical and practical knowledge we acquired in the previous semester.
This hands-on experience allowed us to gain real-world insights into the
challenges and complexities of cyber security in today's digital landscape
 Company
• TechShreshta Solutions LLP is a trusted and registered Limited Liability Partnership firm based
in Udupi. We have been providing exceptional software solutions since our establishment in
introduction
September 2019. Our commitment to quality and customer satisfaction sets us apart in the
industry.
• TechShreshta Solutions LLP pridesitself on its ability to deliver robust, scalable, and user-
friendly software applications.
• The organization follows a systematic and client-centric approach to software development. It
begins by thoroughly understanding the client’s objectives, business processes, and target
audience.
• located in Kundapur, Udupi, Karnataka
• Duration: 8th january 2024 to 25th April 2024
Objectives
1
Gain Hands-On Cybersecurity Experience
Develop practical skills in network monitoring
threat analysis, and incident response through
real-world projects and case studies.
Exposure to Industry Tools and Methodologies
2 Learn to leverage leading cybersecurity frameworks,
software, and automation techniques used
by professionals
3 6
Contribute to Secure IT Infrastructure
Assist the security team in hardening systems,
implementing access controls, and enhancing
overall organizational resilience.
4
Enhance Problem-Solving and Critical Thinking
Approach security challenges with a strategic mindset,
leveraging analytical and creative problem-solving skills.
Improve Threat Intelligence
5 Learn to analyze and interpret threat intelligence feeds to
identify emerging threats, vulnerabilities, and attack vectors
relevant to the organization's infrastructure and operation
Stay Updated on Emerging Trends
Stay informed about the latest trends,
threats, and technologies in cybersecurity
through continuous learning, training, and
professional development activities
Internship Responsibilities and
Roles
1. Conduct vulnerability assessments on company systems to identify
potential security risks.

2. Participate in incident response activities, including investigation,

containment, and remediation of security incidents

3. Participate in threat intelligence gathering and security monitoring

to proactively detect and mitigate cyber threats
 INTERNSHIP
WORKS
0 0 0 0 0
1
Research & Analysis
2 3 4
Tool Implementation Incident Response Project Work
5
Presentations and Reporting

Conducted in-depth Implemented and

Participated in the Collaborated with the Delivered regular updates and
research on emerging configured leading
incident response process, cybersecurity team to presentations to the leadership
cybersecurity threats, cybersecurity tools,
helping to identify, contain, design and implement team on the progress of my
analyzed incident such as firewalls,
and remediate security secure network projects, highlighting key
reports, and developed intrusion detection
breaches and architectures, conduct findings and recommendations.
risk mitigation strategies systems, and network
vulnerabilities vulnerability
monitoring software. assessments response
plans
Methodology
Penetration
Testing
We utilize industry-leading
penetration testing tools to
identify vulnerabilities in
systems and networks, providing
actionable insights to enhance
security.
Network
Monitoring
Advanced network
monitoring techniques
and tools help us proactively
detect and mitigate
cyber threats,
ensuring the integrity of
our client's infrastructure.
Incident Response
Our well-defined incident
response processes and
specialized software enable us to
swiftly identify, contain, and
remediate security incidents,
minimizing impact and
disruption.
 Open-Source Intelligence
1. Maltego: A powerful tool for gathering and connecting information for investigative tasks.

(OSINT) Tools
2. Shodan: A search engine for Internet-connected devices. It indexes banners and allows users to search for devices based on various
criteria like location, IP, and device type
3. Whois: This tool allows you to look up domain registration information. It provides details about who owns a domain, their contact
information, registration and expiration dates, and sometimes even the domain registrar's information.
4. DNSLookup (DNS Query): DNS (Domain Name System) Lookup tools help in querying DNS servers for various types of DNS
records associated with domain names
5. BuiltWith.com: This website provides insights into the technology stack used by a particular website. It can tell you what
programming languages, frameworks, content management systems, web servers, and other technologies are being used on a given
website
6. Wayback Machine: Operated by the Internet Archive, the Wayback Machine is an online archive of web pages. It allows you to view
how a website looked at different points in the past.
7. Wappalyzer: With Wappalyzer, users can gain insights into the technology stack of a website, which can be useful for competitive
analysis, understanding trends in web development, identifying security vulnerabilities, and more
 Nmap:Network Mapping and Vulnerability Scanning Tool

• A powerful, open-source network scanning and discovery tool used by cybersecurity professionals to map
network infrastructure and identify potential vulnerabilities.

• Features: Port scanning, OS detection, service/version detection, scriptable scanning, and more. Nmap offers a
comprehensive suite of capabilities for thorough network analysis.

• Nmap enables security teams to proactively assess the security posture of their networks, identify unprotected
systems, and detect potential entry points for malicious actors. It is a cornerstone of any cybersecurity toolkit.
 OWASP ZAP: Web Application Security Assessments

• An open-source web application security scanner that helps identify vulnerabilities in web applications.

• ZAP enables security professionals to proactively assess the security posture of web applications, allowing them
to identify and mitigate risks before they can be exploited.

• Key Features: Automated scanning, intercepting and modifying web requests, advanced vulnerability analysis,
and a robust plugin ecosystem for customizing and extending the tool's capabilities.
 Wireshark: The Powerful Network Analysis Tool

• Wireshark: A robust, open-source network protocol analyzer that allows detailed inspection and troubleshooting of
network traffic.

• Key Features: Live network traffic capture, deep protocol dissection, powerful filtering capabilities, and support
for a wide range of network protocols.

• Importance: Wireshark is an indispensable tool for cybersecurity professionals, enabling in-depth analysis of
network communication to identify security threats, performance issues, and protocol violations.

• Wireshark is widely used by network administrators, security professionals, developers, and researchers for tasks
such as network troubleshooting, security analysis, protocol development, and network forensics.
 BurpSui
• BurpSuite is an industry-leading web application security testing tool that provides a comprehensive solution for
identifying and addressing vulnerabilities. te
• It allows security professionals to intercept, inspect, and modify web traffic, enabling thorough assessment of web
application security.

• Key features of BurpSuite include proxy, scanner, intruder, and repeater, which work together to automate and
streamline the security testing process.

• Burp Suite is a comprehensive toolset for web application security testing, covering a wide range of techniques and
methodologies. However, it's important to use Burp Suite responsibly and ethically, respecting the terms of service
and legal boundaries when testing web applications that you don't own or have explicit permission to test.
 Buggy web application
pentesting
• bWAPP, or buggy Web Application, is a deliberately insecure web application that is designed to help security
professionals and developers practice and improve their web security skills. It's developed by Malik Mesellem and
is available for free download..

• bWAPP contains over 100 intentionally built-in vulnerabilities across various categories, including SQL injection,
Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Command Injection, Insecure Direct Object
References (IDOR), and more..

• Deployed a deliberately buggy web application to test security measures and learn
about common vulnerabilities.

• Conducted comprehensive penetration testing, exploring various attack vectors to identify weaknesses in the
application.

• Leveraged specialized tools like Burp Suite, OWASP ZAP, and Nmap to uncover and exploit vulnerabilities, such
as SQL injection, cross-site scripting (XSS), and unpatched software
 PortSwigger Academy: Exploring Real-Time
• PortSwigger Academy offers a wide range Vulnerabilities
of free, self-paced training materials, including interactive labs,
tutorials, and challenges covering various topics related to web security testing.

• Leveraged the PortSwigger Academy platform to access a curated collection of web application vulnerabilities and
exploits in a controlled, real-world environment.

• Conducted hands-on penetration testing on these vulnerable applications, applying the knowledge and tools learned
earlier, such as Burp Suite, OWASP ZAP, and Nmap.

• Gained practical experience in identifying, exploiting, and mitigating common web application vulnerabilities,
including SQL injection, cross-site scripting (XSS), and more.

• Gain hands on experience with modern website vulnerabilities by solving more than 250 websites and submitted
report the attacks.
Skills developed
Problem-Solving Teamwork
Analyzed complex cyber Collaborated closely with
security issues, researched cross-functional teams,
solutions, and implemented sharing knowledge and best
effective countermeasures to practices to develop
protect against threats. comprehensive cybersecurity
strategies.

Hands-On Experience Critical Thinking

Gained practical experience in
penetration testing, Developed the ability to think
vulnerability assessment, critically, identify risks, and
incident response, and secure make data-driven decisions to
system administration mitigate cyber security
threats.
 Conclusi
on
In conclusion, the cyber security internship has been an invaluable experience. we have
gained hands-on exposure to the latest security technologies, participated in penetration
testing, and contributed to the development of robust defense strategies. The skills and
knowledge acquired will serve as a strong foundation for our future career in the field of
cybersecurity.
we got a hands on expirence in the cyber security(web penetration) knowledge by
exploiting more than 300 vulnerable webpages.
Throught the internship we learnt corparate style works, real time works.
Thank
you!
From Techshreshta -RNS
polytechnic Interns