1. What is social Engineering? And different phases in Social Engineering attack?

Social engineering refers to the method of influencing and persuading people to

reveal sensitive information in order to perform some malicious action. With the help of social
engineering tricks, attackers can obtain confidential information, authorization details, and
access details of people by deceiving and manipulating them.

Phases of social engineering attacks

 Research on the target company
The attacker before actually attacking any network, gather information in order to find
possible ways to enter to the target network. Social engineering is one such technique
to grab information. The attacker initially carries out researches on the target company
to fin basic information such as kind of business. Organization location, number of
employees, etc during this phase, the attacker may conduct dumpster diving. Browse
through the company website, find employee details etc

 Select victim
After performing in depth research on the target company. The attacker chooses the key
victim attempt to exploit to grab sensitive and useful information. Disgruntled
employees of the company are a boon to the attacker . the attacker tries to find these
employees and lure them to reveal their company information. As they are dissatisfied
with the company, they may be willing to leak or disclose sensitive data of the company
to the attacker

 Develop relationship
 Exploit he relationship
2. What is computer based social Engineering?
Computer – based social engineering depends on computers and internet
systems to carry out the targeted action. The following are the ways by which
the attacker can perform computer-based social engineering:
 Phishing
 Fake Email:
 Pop –up windows attack: A pop-up windows appears and it displays an
alert that the network was disconnected and need to re-login. Then a
malicious program installed by the attacker extracts the target’s login
information and sends it to the attacker’s email or to a remote. This
type of attack can be accomplished using Trojan and viruses.

3. How we can prevent insider threats?

 Preventing techniques are recommended in order to avoid final loss and threat
to the organization’s systems from insider or competitors.
The following are recommended to overcome insider threats:
 Separation and rotation of duties.
Responsibilities must be divided among various employees, so that if a
single employee attempts to commit fraud, the result is limited in
scope.
Particular job must be allotted to different employees at different times
so that a malicious employee cannot damage an entire system.
 Least privileges
The least number of privileges must be assigned to the most critical
assets of an organization. Privileges must be assigned based on
hierarchy.
 Controlled access
Access control must be implemented in various parts of an organization
to restrict unauthorized users from gaining access to critical assets and
resources.
 Logging and auditing
Logging and auditing must be performed periodically to check if any
company resources are being misused.
 Legal policies
Legal policies must be enforced to prevent employees from misusing the
resources of an organization, and for preventing the theft of sensitive
data.
 Archive critical data
A record of an organization’s critical data must be maintained in the
form of archives to be used as backup resources, if needed.

4. Explain briefly the countermeasure for social engineering?

 The following are the countermeasures that can be adopted to protect users or
organizations against social engineering attacks:
 Training
Periodic training sessions must be conducted to increase awareness on
social engineering. An effective training program must include security
policies and techniques for improving awareness.
 Operational Guidelines
Confidential information must always be protected from misuse.
Measures must be taken to protect the misuse of sensitive data.
Unauthorized users must not be given access to these resources.
 Access Privileges
Access privileges must be created for group such as administrators,
users, and guests with proper authorization. They are provided with
respect to reading, writing, accessing files, directories, computers, and
peripheral devices.
 Classification of Information
Information has to be categorized on a priority basis as top secret,
proprietary, for internal use only, for public use, etc.
 Proper Incidence Response System
There should be proper guidelines to follow in case of a social
engineering attempt.
 Background Checks of Employees and Proper Termination Process.
Before hiring new employee, check background for criminal activity.
Follow a process for terminated employees, since they may pose a
future threat to the security of an organization. Because the employees
with a criminal background and a terminated employee are easy targets
for procuring information.

5. Explain at least five web-based application threats?

Web application threats are not limited to attack based on URL and
port80.Despite using ports, protocols, and the OSI layer, the integrity of
mission – critical application must be protected from possible future attacks.
Vender who want to protect their products’ application must be able to deal
with all method of attack.
The various of web application threats are as following:
 Cookie Poisoning
By changing the information inside the cookie, attackers bypass the
authorization process and once they gain control over the network, they
can either modify the content, use the system for the malicious attack,
or steal information from the user’s system.
 Directory Traversal
Attacks exploit HTTP by using directory traversal and they will be able to
access restricted directories, they execute commands outside of the web
server’s root directory.
 Invalid Input
In order to bypass the security system, attackers tamper with the http
requests, URL, headers, form fields. Hidden fields, query strings etc.
Users’ login IDs and other related data get stored in the cookies and this
becomes a source of attack for the intruders. Attackers gain access to
the victim’s system using the information present in cookie. Examples of
attacks caused by invalidated input include SQL injection, cross- site
scripting (XSS), buffer overflows, etc.
 SQL Injection
This is type of attack where SQL commands are injected by the attacker
via input data; then the attacker can tamper with the data.
 Information Leakage
Information leakage can cause great losses for a company. Hence, all
sources such as systems or other network resources must be protected
from information leakage by employing proper content filtering
mechanisms.
  Buffer Overflow
A web application’s buffer overflow vulnerability occurs when it fails to
guard its buffer properly and allows writing beyond its maximum size.
 Log Tampering
Logs are maintained by web application to attack usage patterns such as
user login credential, admin login credentials, etc. Attackers usually
inject, delete, or tamper with web application logs so that they can
perform malicious actions or hide their identities

 Cross-site Scripting (XSS)

An attacker bypasses the clients ID security mechanism and gains access privileges, and the
n injects malicious scripts in to the web pages of a particular website. These malicious
scripts can even re w rite the HTML content of the website.

6. What is Dos and DDoS Attack?

 A DoS attack tries to make a web resource unavailable to its users by flooding the target
URL with more requests than the server can handle. That means that during the attack
period, regular traffic on the website will be either slowed down or completely
interrupted.
 A Distributed Denial of Service (DDoS) attack is a DoS attack that comes from more than
one source at the same time. A DDoS attack is typically generated using thousands
(potentially hundreds of thousands) of unsuspecting zombie machines. The machines
used in such attacks are collectively known as “botnets” and will have previously been
infected with malicious software, so they can be remotely controlled by the attacker.
According to research, tens of millions of computers are likely to be infected with botnet
programs worldwide.

7. How to defend against XSS Attack?

The following are the defensive technique to prevent XSS attacks:
 Check and validate all the form fields, hidden fields, headers, cookies,
query string, and all the parameters against a rigorous specifying.
 Implement a stringent security policy.
 Web servers, application servers, and web application environments are
vulnerable to cross-site scripting. It is hard to identify and remove XSS
flaws from web application. The best way to find flaws is to perform a
 security review of the code, and search in all the places where input
from an HTTP request comes as an output through HTML.
 A variety of different HTML tags can be used to transmit a malicious
JavaScript. Nessus, Nikto, and other tools can help to some extent for
scanning websites for these flaws. If vulnerability is discovered in one
website, there is a high chance of it being vulnerable to other attacks.
 Filter the script output to defeat XSS vulnerabilities which can prevent
them from being transmitted to users.
 The entre code of the website has to be reviewed if it has to be
protected against XSS attacks. The sanity of the code should be checked
by reviewing and comparing it against exact specifications. The areas
should be checked as following: the headers. As well as cookies, query
string form fields, and hidden fields. During the validation process, there
must be no attempt to recognize the active content, neither to remove
the filter nor sanitize it.
 Input fields should be limited to a maximum since most script attacks
need several characters to get started.

8. What is SQL injection and SQL injection Attacks?

SQL injection is a type of web application vulnerability where an attacker can
manipulate and submit a SQL command to retrieve the database information. This type of
attack mostly occurs when a web application executes by using the user-provided data without
validating or encoding it. It can give access to sensitive information such as social security
numbers, credit card numbers, or other financial data to the attacker and allows an attacker to
create, read, update, alter, or delete data stored in the backend database

SQL injection attacks/threats

 Spoofing identity: Identity spoofing is a method followed by attackers. Here people are
deceived into believing that a particular email or website has originated from the source
which actually is not true.
 Changing prices: One more of problem related to SQL injection is it can be used to
modify data. Here the attackers enter into an online shopping portal and change the
prices of product and then purchase the products at cheaper rates.
  Tamper with database records: The main data is completely damaged with data
alteration; there is even the possibility of completely replacing the data or even deleting
the data.
 Escalation of privileges: Once the system is hacked, the attacker seeks the high
privileges used by administrative members and gains complete access to the system as
well as the network.
 Denial-of-service on the server: Denial-of-service on the server is an attack where users
aren't able to access the system. More and more requests are sent to the server, which
can't handle them. This results in a temporary halt in the services of the server
9. Difference between Symmetric and Asymmetric encryption?
 The basic difference between these two types of encryption is that symmetric
encryption uses one key for both encryption and decryption, and the asymmetric
encryption uses public key for encryption and a private key for decryption
 Symmetric encryption is less complex and execute faster but asymmetric inscription is
complex and slower in execution
 Asymmetric more secure than symmetric encryption as it uses two keys for the process.
 symmetric encryption algorithms include AES-128, AES-192, and AES-256. But
asymmetric encryption techniques include RSA, DSA, and PKCS
 Symmetric encryption is an old technique, while asymmetric encryption is the newer
one.
10. Describe briefly Public key infrastructure [PK]?

Today, organizations rely on PKI to manage security through encryption. Specifically, the most common
form of encryption used today involves a public key, which anyone can use to encrypt a message, and a
private key (also known as a secret key), which only one person should be able to use to decrypt those
messages. These keys can be used by people, devices, and applications.

Public Key Infrastructure (PKI) is a security architecture developed to increase

the confidentiality of information being exchanged over the insecure internet.
It includes hardware, software, people, policies, and procedures to create,
manage, distribute, use, store, and revoke digital certificates.
In cryptograph, the PKI helps to bind public keys with corresponding user
identities by means of a certificate authority (CA)
The following are the components of PKI:
 A certificate authority (CA) that issues and verifies digital corticates.
 A certificate management system for generation, distribution, storage,
and verification of certificates.
 One or more directories where the certificates (with their public keys)
are held.
 A registration authority (RA) that acts as the verifier for the certificate
authority.