• Home

  • Documents

  • Assuring Data Security through Penetration Testing.pdf
10
Abstract  Database is the heart of most of the web applications, as it stores data necessary for a website and application to “Survive” `and run the business. Undoubtedly, it needs to be guarded well! Yet, even after implementing various security measures, the story of database hacking and data breach is rather conspicuous and extensive. One wonders, why? Probably, evolution of technology with substantial focus on ease of use, enlarged network environment with network based applications and lower skill level needed for manipulations has made online world more insecure and vulnerable to attacks. The objective of this paper is to present an overview on various types of hacking attacks and its impact on the applications which are dependent on the database, as well as our business. The paper also discusses mitigation strategies and use of tools to conduct penetration test to uncover vulnerabilities in the system and make it secured  further and better resistant t o hacking attacks.  Keywords: Database and data security, Hacking attacks, Mitigation Strategies, Tools, Best  Practices. INTRODUCTION The term data refers to qualitative or quantitative attributes of a variable or set of variables. Data (plural of "datum") are typically the results of measurements and can be the basis of graphs, images, or observations of a set of variables. Data are often viewed as the lowest level of abstraction from which information and then knowledge are derived [1]. These derivatives of data are quite significant to us and particularly in organisations since information and knowledge are the cardinal elements for running nearly all the processes efficiently and beneficially. The useful and critical data is generally stored in the relational databases discovery. This data helps in crucial decision- making and is widely used by the organisations to either for further processing or knowledge stay ahead of their competitors. Hence, databases and data are soul of an organisation and their security is of utmost importance. Technology is growing at a rapid pace and past few years have seen a steep rise in the availability of electronic resources. Technologies such as mobile  phones, laptops, PCs, Internet, websites,  and extensively networked environment have added another dimension to information technology industry. This new dimension introduces various means at hackers disposal to commit attacks at multiple numbers of locations. Crimes can occur easily as the pace at which the new technology is developing is far ahead than the pace of making the new technology secured.  Internet and websites are now backbone of information exchange system and we can see it in our daily routine/every aspect of life. Both at organisational as well as individual levels we extensively use e-mail services, banking and financial services, social networking sites, online shopping services. This involves exchange of critical information and data on internet and this information can easily be misused for illegal  purposes if it is not secured properly. Information and Data security   the safeguarding of computer systems and the integrity, confidentiality, and availability of the data they contain [2]    has long been recognized as a serious issue. Its importance is growing as computer usage advances in vast aspects of modern life. In addition cyber- attacks or breaches of information security, appear to increase in frequency and, few are willing to ignore the possibility that severity of future attacks could be much worse than what has been observed till date. This paper presents valuable insight into types of hacking attacks, mitigation strategies to avoid them, a new model of data security and finally a case study demonstrating Penetration testing of XYZ Corporation (name withheld) with the use of the various available tools to conduct the testing  process along with really thought-provoking results showing how successfully running websites are vulnerable and exploitable. Assuring Data Security through Penetration Testing

Assuring Data Security through Penetration Testing.pdf

Embed Size (px)

Citation preview

Page 1: Assuring Data Security through Penetration Testing.pdf

8/12/2019 Assuring Data Security through Penetration Testing.pdf

http://slidepdf.com/reader/full/assuring-data-security-through-penetration-testingpdf 1/10

Page 2: Assuring Data Security through Penetration Testing.pdf

8/12/2019 Assuring Data Security through Penetration Testing.pdf

http://slidepdf.com/reader/full/assuring-data-security-through-penetration-testingpdf 2/10

Page 3: Assuring Data Security through Penetration Testing.pdf

8/12/2019 Assuring Data Security through Penetration Testing.pdf

http://slidepdf.com/reader/full/assuring-data-security-through-penetration-testingpdf 3/10

Page 4: Assuring Data Security through Penetration Testing.pdf

8/12/2019 Assuring Data Security through Penetration Testing.pdf

http://slidepdf.com/reader/full/assuring-data-security-through-penetration-testingpdf 4/10

Page 5: Assuring Data Security through Penetration Testing.pdf

8/12/2019 Assuring Data Security through Penetration Testing.pdf

http://slidepdf.com/reader/full/assuring-data-security-through-penetration-testingpdf 5/10

Page 6: Assuring Data Security through Penetration Testing.pdf

8/12/2019 Assuring Data Security through Penetration Testing.pdf

http://slidepdf.com/reader/full/assuring-data-security-through-penetration-testingpdf 6/10

Page 7: Assuring Data Security through Penetration Testing.pdf

8/12/2019 Assuring Data Security through Penetration Testing.pdf

http://slidepdf.com/reader/full/assuring-data-security-through-penetration-testingpdf 7/10

Page 8: Assuring Data Security through Penetration Testing.pdf

8/12/2019 Assuring Data Security through Penetration Testing.pdf

http://slidepdf.com/reader/full/assuring-data-security-through-penetration-testingpdf 8/10

Page 9: Assuring Data Security through Penetration Testing.pdf

8/12/2019 Assuring Data Security through Penetration Testing.pdf

http://slidepdf.com/reader/full/assuring-data-security-through-penetration-testingpdf 9/10

http://www.google.com./#hl=en&q=site:exploit-db.com+Oracle&oq=site:exploit-db.com+Oracle&aq=f&aqi=&aql=&gs_sm=e&gs_upl=3981l7988l0l8188l13l12l0l7l0l0l266l843l0.2.2l4l0&bav=on.2,or.r_gc.r_pw.,cf.osb&fp=f2e8586c1621c682&biw=1920&bih=991
http://metasploit.com/
http://metasploit.com/
Page 10: Assuring Data Security through Penetration Testing.pdf

8/12/2019 Assuring Data Security through Penetration Testing.pdf

http://slidepdf.com/reader/full/assuring-data-security-through-penetration-testingpdf 10/10


INSITU TESTING - Civil Engineering Department - EMUcivil.emu.edu.tr/courses/civl451/2015-2016f/INSITU TESTING.pdf · Standard Penetration Test (SPT) • One of the most basic forms

INSITU TESTING - Civil Engineering Department - EMUcivil.emu.edu.tr/courses/civl451/2015-2016f/INSITU TESTING.pdf · Standard Penetration Test (SPT) • One of the most basic forms

Documents
Ethernet Service OAM LB Testing.pdf

Ethernet Service OAM LB Testing.pdf

Documents
Webinar_2014-02-CP System Testing.pdf

Webinar_2014-02-CP System Testing.pdf

Documents
ROAD AND BUILDING MATERIALS TESTING.pdf

ROAD AND BUILDING MATERIALS TESTING.pdf

Documents
agile testing.pdf

agile testing.pdf

Documents
HydroTurf Tech Note_CSU Hydraulic Testing.pdf

HydroTurf Tech Note_CSU Hydraulic Testing.pdf

Documents
Inspection - Examination and Testing.pdf

Inspection - Examination and Testing.pdf

Documents
flame testing.pdf

flame testing.pdf

Documents
CEHv8 Module 20 Penetration Testing.pdf

CEHv8 Module 20 Penetration Testing.pdf

Documents
P632 Relay differential testing.pdf

P632 Relay differential testing.pdf

Documents
Antimicrobial Susceptibility Testing.pdf

Antimicrobial Susceptibility Testing.pdf

Documents
Fibre Testing.pdf

Fibre Testing.pdf

Documents
s' MASH PILE TESTING.pdf

s' MASH PILE TESTING.pdf

Documents
454B - SOFTWARE TESTING.pdf

454B - SOFTWARE TESTING.pdf

Documents
ACOUSTIC EMISSION TESTING.pdf

ACOUSTIC EMISSION TESTING.pdf

Documents
Mechanical properties & Testing.pdf

Mechanical properties & Testing.pdf

Documents
Handbook of Material Testing.pdf

Handbook of Material Testing.pdf

Documents
PROFIENCY OF ULT TESTING.pdf

PROFIENCY OF ULT TESTING.pdf

Documents
Magnetic Particle Testing.pdf

Magnetic Particle Testing.pdf

Documents
Radiographic Testing.pdf

Radiographic Testing.pdf

Documents
Oracle Real Application Testing.pdf

Oracle Real Application Testing.pdf

Documents
Assuring Moments - listed company · 2018-03-28 · Assuring Moments

Assuring Moments - listed company · 2018-03-28 · Assuring Moments

Documents
GUIDELINES FOR CONCRETE DURABILITY TESTING.PDF

GUIDELINES FOR CONCRETE DURABILITY TESTING.PDF

Documents
cytotoxicity testing.pdf

cytotoxicity testing.pdf

Documents
black box testing.pdf

black box testing.pdf

Documents
Accelerated corr testing.pdf

Accelerated corr testing.pdf

Documents
TCS_54_Visual Testing.pdf

TCS_54_Visual Testing.pdf

Documents
critical language testing.pdf

critical language testing.pdf

Documents
Liquid Penetrant Testing.pdf

Liquid Penetrant Testing.pdf

Documents
Method statement Sonic Integrity Testing.pdf

Method statement Sonic Integrity Testing.pdf

Documents