Security

Computer security, cyber security , digital security or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

Attacks

We will discuss here about multiple kinds of attacks.

It's important to note that the field of cybersecurity is dynamic, and new attack methods continue to emerge.
Employing robust security practices, staying informed about the latest threats, and regularly updating systems and software are essential to mitigate the risk of such attacks.

Malware

Malware encompasses various types of malicious software. It includes viruses, worms, trojans, ransomware, spyware, adware, and more.
Malware is designed to infiltrate and damage computer systems, steal data, or gain unauthorized access to resources.
Protecting against malware requires the use of up-to-date antivirus and anti-malware software, along with regular system updates and user awareness.

Brute Force

Hacking method that uses trial and error to crack passwords, login credentials, and encryption keys.
Prevent it by using strong password policy, limiting login attempts, enabling two-factor authentication, using CAPTCHAs, and blocking malicious IP addresses.

XSS (Cross Site Scripting)

An attack in which an attacker injects malicious executable scripts into the code of a trusted application or website.
Defend it by validating input data and all variable output in the page is encoded before it is returned to the user.

Clickjacking

An attack that tricks a user into clicking a webpage element which is invisible or disguised as another element.
X_FRAME header can be used to prevent it.

CSRF (Cross-Site Request Forgery)

An attack where unauthorized commands are submitted from a user that the web application trusts.
Prevent by using unpredictable tokens and use RBAC (restricting network access based on the roles of individual users within an enterprise).

SQL Injection

SQL injection attacks target web applications that use input data to construct SQL queries without proper validation.
Attackers inject malicious SQL code as input, potentially gaining unauthorized access to the application's database or executing unintended commands.

Man In The Middle Attack

Cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, as the attacker has inserted themselves between the two parties.
The attacker has access to the transmited data.

Prevent it by encrypting the data that transfered between the parties

ARP Spoofing

A type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer or server on the network.

Prevent it by using static ARP entry instead of dynamic entry.

DoS (Denial-Of-Service)

a cyberattack that makes a computer or other device unavailable to its intended users.
This is usually accomplished by overwhelming the targeted machine with requests until normal traffic can no longer be processed.
With a DoS attack, a single computer launches the attack.

‍Prevent using rate limit (a technique used to control and limit the number of requests or actions that a client or user can make within a specific time period) or with slow down, and with blocking the IP address of the attacker

DDoS (Distributed Denial-Of-Service)

It is like DoS attack excepct it uses multiple computers to initiate the attack.
Prevent using rate limit or with slow down, and use a firewall (network security devices that monitor and control incoming and outgoing network traffic based on predetermined security rules).

Social Engineering

Social engineering attacks manipulate human psychology to deceive individuals into divulging sensitive information or performing certain actions.
These attacks rely on exploiting trust, authority, urgency, or curiosity to manipulate victims into providing access or valuable data.

Phishing

It is a social engineering technique used to deceive individuals and trick them into revealing sensitive information, such as passwords, credit card details, or personal data.
Phishing attacks usually occur through fraudulent emails, websites, or messages that appear legitimate.
To prevent falling victim to phishing attacks, it is important to exercise caution when clicking on links, verify the authenticity of websites and senders, and avoid sharing sensitive information through untrusted channels.

Zero-Day Exploit

A zero-day exploit targets vulnerabilities in software, operating systems, or network infrastructure that are unknown to the vendor or unpatched.
Attackers exploit these vulnerabilities before a patch or solution is available, making it challenging for organizations to defend against them.

Penetration Testing

Penetration Testing is an authorized simulated attacking performed on a computer system to evaluate its security.
Penetration testers use the same tools, techniques, and processes as attackers to find and demonstrate the business impacts of weaknesses in a system.

Here are useful tools :

MSFconsole

Command line interface to access and work with the Metasploit Framework (framework of common security vulnerabilities and exploits).

Nikto

Scans web servers for dangerous files updated server software and other problems.

Burp Suite

Tool for performing security testing of web applications.

ZAP

Tool that scans through your web application to identity any security vulnerabilities as possible.

Sqlmap

Automates the process of detecting and exploiting SQL injection flaws.

Nmap

Network scanner.

Hydra

Brute-forcing tool that helps penetration testers and ethical hackers crack the passwords of network services.

John The Ripper

Password cracking software tool.

HTTP Security Headers

These HTTP security headers help protect against various types of attacks and enforce secure practices when interacting with the website. By properly configuring and utilizing these headers, you can enhance the security and privacy of your web application.

Remove x-power-by header.
‍

X-DNS-Prefetch-Control:
The X-DNS-Prefetch-Control header controls whether DNS prefetching is enabled in the browser.
Setting it to "on" enables DNS prefetching, which allows the browser to resolve domain names in advance to improve page loading performance.
Strict-Transport-Security:
The Strict-Transport-Security (HSTS) header informs the browser that the website should only be accessed over HTTPS (HTTP Secure).
The "max-age" directive specifies the time, in seconds, for which the browser should remember the HSTS policy.
The "includeSubDomains" directive indicates that the HSTS policy applies to all subdomains as well.
The "preload" directive allows the website to be included in HSTS preload lists maintained by browsers, further enforcing HTTPS usage.
X-XSS-Protection:
The X-XSS-Protection header helps protect against cross-site scripting (XSS) attacks.
Setting it to "1; mode=block" enables the browser's built-in XSS protection mechanism, which can block or sanitize suspicious scripts.
X-Frame-Options:
The X-Frame-Options header mitigates clickjacking attacks by controlling how a web page can be displayed within an iframe.
Setting it to "SAMEORIGIN" allows the page to be framed only by other pages from the same origin.
Permissions-Policy:
The Permissions-Policy header specifies the browser's permissions policy for various features, such as camera, microphone, geolocation, and interest cohort.
X-Content-Type-Options:
The X-Content-Type-Options header prevents MIME type sniffing, which helps protect against certain types of attacks.
Setting it to "nosniff" instructs the browser to strictly honor the declared content type and not perform MIME type sniffing.
Referrer-Policy:
The Referrer-Policy header controls how much information about the referring URL is included in the HTTP Referer header when navigating from one site to another.
Setting it to "no-referrer" ensures that no referrer information is sent, enhancing privacy and security
Content-Security-Policy:
The Content-Security-Policy header defines the content security policy for the web page, specifying the allowed sources for various types of content, such as scripts, stylesheets, images, and connections.
Setting them to same origin make the content more secured.
Content-Type and Accept:
The Content-Type and Accept headers specify the media type and character encoding of the content being sent or accepted, respectively. It is good practice to use them as a defined protocol of communication between the server and the client.
X-Powered-By:
Often by default included by popular server and/or scripting software to indicate the name and version number used when generating the HTTP response.
Remove it in order to not expose data about your server to the public.

Sockets Security

Websockets are used to establishe full-duplex, bidirectional communication between a client and server. This two-way flow is unique to WebSocket connections, and it means they can transfer data very quickly and efficiently.

Secure your Websocket with:

Use CORS - allow connections only from trusted domains/origins
Rate limit requests
Restrict payload size
Create a solid communication protocol (like json messages)
Authenticate users before WS connection establishes
Use SSL

Encryption

Encryption algorithms are used to secure data by transforming it into an unintelligible form that can only be understood by authorized parties. There are two primary types of encryption algorithms: symmetric and asymmetric.

These are concepts about symmetric encryption:

Symmetric encryption, also known as secret-key encryption, uses a single shared secret key for both encryption and decryption processes.
The same key is used by both the sender and the recipient, who must exchange the key securely before communication.
In symmetric encryption, the data is divided into fixed-size blocks, and the same encryption algorithm is applied to each block.
Common symmetric encryption algorithms include AES (Advanced Encryption Standard), DES (Data Encryption Standard), and 3DES (Triple Data Encryption Standard).
Symmetric encryption algorithms are generally faster and more efficient than asymmetric algorithms but require secure key distribution.

These are concepts about aymmetric encryption:

Asymmetric encryption, also known as public-key encryption, uses a pair of mathematically related keys: a public key and a private key.
The public key is freely distributed and used for encryption, while the private key is kept secret and used for decryption.
Data encrypted with a public key can only be decrypted using the corresponding private key, and vice versa.
Asymmetric encryption is often used for key exchange, digital signatures, and secure communication over insecure channels.
Common asymmetric encryption algorithms include RSA (Rivest-Shamir-Adleman), DSA (Digital Signature Algorithm), and ECC (Elliptic Curve Cryptography).
Asymmetric encryption is slower and computationally more expensive than symmetric encryption but provides greater security and key management convenience.

It's worth noting that many practical encryption systems combine both symmetric and asymmetric encryption for improved performance and security. This approach is often called hybrid encryption. In hybrid encryption, symmetric encryption is used to encrypt the actual data, while asymmetric encryption is used to securely exchange and protect the shared symmetric key.

In summary, symmetric encryption relies on a single shared secret key for encryption and decryption, while asymmetric encryption uses a pair of mathematically related keys, namely a public key and a private key. Both types of encryption algorithms play essential roles in securing data and communications in various applications.

Secure Coding

Here's a guide to help you develop secured code:

Validate and Sanitize Input:

Always validate and sanitize user input to prevent injection attacks like SQL injection or cross-site scripting (XSS).
Use parameterized queries or prepared statements to avoid directly embedding user input into queries.
Apply input validation to ensure data meets expected formats, lengths, and types.

Handle Errors and Exceptions Properly:

Implement appropriate error handling and exception management to prevent sensitive information leakage and maintain system integrity.
Avoid displaying detailed error messages to end-users that could provide valuable insights to attackers.
Log errors securely for auditing and troubleshooting purposes.

Implement Access Controls and Authorization:

Enforce the principle of least privilege by granting users only the necessary access rights and permissions.
Authenticate users securely and ensure strong password policies are in place.
Implement role-based access control (RBAC) to manage user privileges effectively.
Regularly review and update access controls as business requirements evolve.

Encrypt Sensitive Data:

Use appropriate encryption algorithms and protocols to protect sensitive data at rest and in transit.
Apply encryption to stored passwords, personally identifiable information (PII), and other critical data.
Securely manage encryption keys and certificates.

Keep Software Dependencies Up to Date:

Regularly update and patch software dependencies, libraries, and frameworks to address security vulnerabilities.
Monitor security advisories and subscribe to relevant mailing lists to stay informed about security updates.

Implement Secure Session Management:

Use secure session management techniques to ensure session identifiers are protected against session hijacking and session fixation attacks.
Implement session timeouts and enforce secure cookie attributes.
Use secure mechanisms for session storage.

Implement Security Headers:

Include security headers in your web application to provide additional protection against common web vulnerabilities.
Use headers like Content Security Policy (CSP), Strict Transport Security (HSTS), and X-XSS-Protection to enhance security.

Apply Defense-in-Depth Approach:

Apply multiple layers of security controls, including firewalls, intrusion detection systems (IDS), and antivirus software, to provide a layered defense against attacks.
Employ secure coding practices, perform code reviews, and use static code analysis tools to identify potential vulnerabilities.

Regularly Test and Audit Security:

Conduct regular security assessments, penetration testing, and vulnerability scanning to identify and address potential weaknesses.
Perform code reviews and security audits to ensure compliance with security best practices and standards.

Educate Developers and Users:

Promote a security-conscious culture among developers and educate them on secure coding practices.
Educate users about potential risks, such as phishing attacks, password hygiene, and the importance of keeping software up to date.

Remember, security is an ongoing process. Implementing secure code is just the beginning.
Regularly update and monitor your systems, stay informed about emerging threats, and adapt your security practices accordingly to ensure your code remains secure over time.

Up Next

As a developer, having access to reliable and comprehensive resources is invaluable. In this step, we highlight common resources that every developer should be familiar with. From online communities like Stack Overflow and GitHub to documentation, tutorials, and more, these resources provide guidance, support, and solutions to common programming challenges.