Deployed de6c025 with MkDocs version: 1.0.4

index.html

@@ -299,5 +299,5 @@
 
 <!--
 MkDocs version : 1.0.4
-Build Date UTC : 2020-11-11 08:25:49
+Build Date UTC : 2020-11-12 06:02:35
 -->

security/fundamentals/index.html

@@ -290,7 +290,16 @@
 <ul>
 <li>Applications regularly fail to process transactions for many reasons. How they fail can determine if an application is secure or not.</li>
 </ul>
-<p><img alt="image2" src="../images/image2.png" />
+<p>```</p>
+<p>is_admin =  true;
+try {
+    code_which_may_faile();
+     is_admin = is_user_assigned_role("Adminstrator");
+}
+catch (Exception err) {
+log.error(err.toString());
+}</p>
+<p>```
 - If either codeWhichMayFail() or isUserInRole fails or throws an exception, the user is an admin by default. This is obviously a security risk.</p>
 </li>
 <li>
@@ -360,15 +369,21 @@
 </ul>
 <h3 id="ciphers">Ciphers</h3>
 <ul>
-<li>
-<p>Ciphers are the cornerstone of cryptography. A cipher is a set of algorithms that performs encryption or decryption on a message. An encryption algorithm (E) takes a secret key (k) and a message (m), and produces a ciphertext (c). Similarly, a Decryption algorithm (D) takes a secret key (K) and the previous resulting Ciphertext (C). They are represented as follows:</p>
-<p><img alt="image3" src="../images/image3.png" /></p>
-</li>
-<li>
-<p>This also means that in order for it to be a cipher, it must satisfy the consistency equation as follows, making it possible to decrypt.</p>
-<p><img alt="image4" src="../images/image4.png" /></p>
-</li>
+<li>Ciphers are the cornerstone of cryptography. A cipher is a set of algorithms that performs encryption or decryption on a message. An encryption algorithm (E) takes a secret key (k) and a message (m), and produces a ciphertext (c). Similarly, a Decryption algorithm (D) takes a secret key (K) and the previous resulting Ciphertext (C). They are represented as follows:</li>
 </ul>
+<pre><code>
+E(k,m) = c
+D(k,c) = m
+
+</code></pre>
+
+<ul>
+<li>This also means that in order for it to be a cipher, it must satisfy the consistency equation as follows, making it possible to decrypt.</li>
+</ul>
+<pre><code>
+D(k,E(k,m)) = m
+</code></pre>
+
 <p>Stream Ciphers:</p>
 <ul>
 <li>The message is broken into characters or bits and enciphered with a key or keystream(should be random and generated independently of the message stream) that is as long as the plaintext bitstream.</li>
@@ -564,7 +579,7 @@ Certificate chain
 <li>What the OpenSSL command line doesn’t show here is the trust store that contains the list of CA certificates trusted by the system OpenSSL runs on.</li>
 <li>
 <p>The public certificate of GlobalSign Authority must be present in the system’s trust store to close the verification chain. This is called a chain of trust, and figure below summarizes its behavior at a high level.</p>
-<p><img alt="image12" src="../images/image12.png" /></p>
+<p><img alt="image122" src="../images/image122.png" /></p>
 </li>
 <li>
 <p>High-level view of the concept of chain of trust applied to verifying the authenticity of a website. The Root CA in the Firefox trust store provides the initial trust to verify the entire chain and trust the end-entity certificate.</p>
@@ -582,10 +597,7 @@ Certificate chain
 <ul>
 <li>There are 3 versions of TLS , TLS 1.0, 1.1 &amp; 1.2</li>
 <li>TLS 1.0 was released in 1999, making it a nearly two-decade-old protocol. It has been known to be vulnerable to attacks—such as BEAST and POODLE—for years, in addition to supporting weak cryptography, which doesn’t keep modern-day connections sufficiently secure.</li>
-<li>
-<p>TLS 1.1 is the forgotten “middle child.” It also has bad cryptography like its younger sibling. In most software it was leapfrogged by TLS 1.2 and it’s rare to see TLS 1.1 used.</p>
-<p><img alt="image13" src="../images/image13.png" /></p>
-</li>
+<li>TLS 1.1 is the forgotten “middle child.” It also has bad cryptography like its younger sibling. In most software it was leapfrogged by TLS 1.2 and it’s rare to see TLS 1.1 used.</li>
 </ul>
 <h3 id="perfect-forward-secrecy">“Perfect” Forward Secrecy</h3>
 <ul>

security/network_security/index.html

@@ -387,7 +387,9 @@ Correspondence between layers of the TCP/IP architecture and the OSI model. Also
 <li>Nmap is often used to determine alive hosts in a network, open ports on those hosts, services running on those open ports, and version identification of that service on that port.</li>
 <li>More at http://scanme.nmap.org/</li>
 </ul>
-<p><img alt="image16" src="../images/image16.png" /></p>
+<pre><code>nmap [scan type] [options] [target specification]
+</code></pre>
+
 <p>Nmap uses 6 different port states:</p>
 <ul>
 <li><strong>Open</strong> — An open port is one that is actively accepting TCP, UDP or SCTP connections. Open ports are what interests us the most because they are the ones that are vulnerable to attacks. Open ports also show the available services on a network.</li>
@@ -743,9 +745,18 @@ IDS sensors can be software and hardware based used to collect and analyze the n
   <img alt="image20" src="../images/image20.png" /></p>
 </li>
 <li>
-<p>Abuse of the normal operation or settings of these flags can be used by attackers to launch DoS attacks. This causes network servers or web servers to crash or hang.
-  <img alt="image21" src="../images/image21.png" /></p>
+<p>Abuse of the normal operation or settings of these flags can be used by attackers to launch DoS attacks. This causes network servers or web servers to crash or hang.</p>
 </li>
+</ul>
+<pre><code>| SYN  | FIN  | PSH   | RST  | Validity|  
+|------|------|-------|------|---------|
+| 1    |1     |0      |0     |Illegal Combination
+| 1    |1     |1      |0     |Illegal Combination
+| 1    |1     |0      |1     |Illegal Combination
+| 1    |1     |1      |1     |Illegal Combination
+</code></pre>
+
+<ul>
 <li>The attacker's ultimate goal is to write special programs or pieces of code that are able to construct these illegal combinations resulting in an efficient DoS attack.</li>
 </ul>
 <p>SYN FLOOD</p>

security/threats_attacks_defences/index.html

@@ -274,13 +274,16 @@ the typical time to live (TTL) for cached entries is a couple of hours, thereby
 <li>Blackholing traffic:</li>
 <li>Blackhole route is a network route, i.e., routing table entry, that goes nowhere and packets matching the route prefix are dropped or ignored. Blackhole routes can only be detected by monitoring the lost traffic.</li>
 <li>Blackhole routes are best defence against many common viral attacks where the traffic is dropped from infected machines to/from command &amp; control masters.</li>
-<li>Infamous BGP Injection attack on Youtube</li>
+<li>
+<p>Infamous BGP Injection attack on Youtube</p>
+</li>
+<li>
+<p>EX: In 2008, Pakistan decided to block YouTube by creating a BGP route that led into a black hole. Instead this routing information got transmitted to a hong kong ISP and from there accidentally got propagated to the rest of the world meaning millions were routed through to this black hole and therefore unable to access YouTube.</p>
+</li>
+<li>Potentially, the greatest risk to BGP occurs in a denial of service attack in which a router is flooded with more packets than it can handle. Network overload and router resource exhaustion happen when the network begins carrying an excessive number of BGP messages, overloading the router control processors, memory, routing table and reducing the bandwidth available for data traffic.</li>
+<li>Refer : <a href="https://medium.com/bugbountywriteup/bgp-the-weak-link-in-the-internet-what-is-bgp-and-how-do-hackers-exploit-it-d899a68ba5bb">https://medium.com/bugbountywriteup/bgp-the-weak-link-in-the-internet-what-is-bgp-and-how-do-hackers-exploit-it-d899a68ba5bb</a></li>
+<li>Router flapping is another type of attack. Route flapping refers to repetitive changes to the BGP routing table, often several times a minute. Withdrawing and re-advertising at a high-rate can cause a serious problem for routers, since they propagate the announcements of routes. If these route flaps happen fast enough, e.g., 30 to 50 times per second, the router becomes overloaded, which eventually prevents convergence on valid routes. The potential impact for Internet users is a slowdown in message delivery, and in some cases packets may not be delivered at all.</li>
 </ul>
-<p><img alt="image24" src="../images/image24.png" />
-- EX: In 2008, Pakistan decided to block YouTube by creating a BGP route that led into a black hole. Instead this routing information got transmitted to a hong kong ISP and from there accidentally got propagated to the rest of the world meaning millions were routed through to this black hole and therefore unable to access YouTube.
-- Potentially, the greatest risk to BGP occurs in a denial of service attack in which a router is flooded with more packets than it can handle. Network overload and router resource exhaustion happen when the network begins carrying an excessive number of BGP messages, overloading the router control processors, memory, routing table and reducing the bandwidth available for data traffic.
-- Refer : <a href="https://medium.com/bugbountywriteup/bgp-the-weak-link-in-the-internet-what-is-bgp-and-how-do-hackers-exploit-it-d899a68ba5bb">https://medium.com/bugbountywriteup/bgp-the-weak-link-in-the-internet-what-is-bgp-and-how-do-hackers-exploit-it-d899a68ba5bb</a>
-- Router flapping is another type of attack. Route flapping refers to repetitive changes to the BGP routing table, often several times a minute. Withdrawing and re-advertising at a high-rate can cause a serious problem for routers, since they propagate the announcements of routes. If these route flaps happen fast enough, e.g., 30 to 50 times per second, the router becomes overloaded, which eventually prevents convergence on valid routes. The potential impact for Internet users is a slowdown in message delivery, and in some cases packets may not be delivered at all.</p>
 <p>BGP Security</p>
 <ul>
 <li>Border Gateway Protocol Security recommends the use of BGP peer authentication, since it is one of the strongest mechanisms for preventing malicious activity.</li>
@@ -330,7 +333,15 @@ the typical time to live (TTL) for cached entries is a couple of hours, thereby
 <li>A successful exploit will allow attackers to access, modify, or delete information in the database.</li>
 <li>It permits attackers to steal sensitive information stored within the backend databases of affected websites, which may include such things as user credentials, email addresses, personal information, and credit card numbers</li>
 </ul>
-<p><img alt="image25" src="../images/image25.png" /></p>
+<pre><code>SELECT USERNAME,PASSWORD from USERS where USERNAME='&lt;username&gt;' AND PASSWORD='&lt;password&gt;';
+
+Here the username &amp; password is the input provided by the user. Suppose an attacker gives the input as &quot; OR '1'='1'&quot; in both fields. Therefore the SQL query will look like:
+
+SELECT USERNAME,PASSWORD from USERS where USERNAME='' OR '1'='1' AND PASSOWRD='' OR '1'='1';
+
+This query results in a true statement &amp; user gets logged in. This example depicst the bost basic type of SQL injection
+</code></pre>
+
 <h3 id="sql-injection-attack-defenses">SQL Injection Attack Defenses</h3>
 <ul>
 <li>SQL injection can be protected by filtering the query to eliminate malicious syntax, which involves the employment of some tools in order to (a) scan the source code.</li>

sitemap.xml

@@ -2,157 +2,157 @@
 <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>None</loc>
-     <lastmod>2020-11-11</lastmod>
+     <lastmod>2020-11-12</lastmod>
      <changefreq>daily</changefreq>
     </url>
 </urlset>