Penetration Testing Using Open Source Technologies.pptx

assistant professor: HARMANJOT sINGh Assistant professor Chandigarh group of collage, landran Database management system Chandigarh Business School of Administration LANDRAN (MOHALI) Department of Science and Computing

UNIT I

Introduction of DBMS A Database Management System (DBMS) is software that allows users to manage databases efficiently. It facilitates data storage, retrieval, and manipulation [ 4 ].

Data Modeling for a Database Data modeling is the process of creating a visual representation of a database's structure, including data types, relationships, and constraints

Three-level Architecture of DBMS The three-tier architecture separates the database system into three layers: the external level (user interface), the conceptual level (logical structure), and the internal level (physical storage) [ 6 ].

UNIT II

Relational Database A relational database organizes data into tables (relations) where data is represented in rows and columns. It uses keys to establish relationships between tables [ 6 ].

· Relational Algebra and Calculus Relational algebra is a procedural query language used to manipulate relational databases using operations like selection, projection, and join [ 6 ].

SQL Fundamentals SQL (Structured Query Language) is used for managing relational databases. It includes Data Definition Language (DDL), Data Manipulation Language (DML), Transaction Control Language (TCL), and Data Control Language (DCL) [ 2 ].

Countermeasures for Windows OS Vulnerabilities 1. **Regular Patching and Updates**: Keep the OS and all installed software up-to-date with the latest security patches. 2. **Strong Authentication**: Implement strong password policies and use multi-factor authentication. 3. **Least Privilege Principle**: Grant users the minimum level of access required for their role. 4. **Network Segmentation**: Separate critical systems from less secure areas of the network to limit the spread of attacks. 5. **Security Software**: Use antivirus and endpoint protection tools to detect and mitigate threats.

Linux OS Vulnerabilities 1. **Privilege Escalation**: Bugs in the Linux kernel or misconfigured services can lead to unauthorized privilege escalation. 2. **Remote Code Execution**: Exploits that allow attackers to execute arbitrary commands remotely. 3. **Weak Configurations**: Insecure default settings or poorly configured services. 4. **Buffer Overflow**: Vulnerabilities in applications that can be exploited to execute arbitrary code. 5. **Unpatched Software**: As with Windows, failing to apply updates leaves systems vulnerable.

UNIT IiI

Introduction to Penetration Testing Introduction to Penetration Testing Penetration testing, or pen testing, is a simulated cyber attack against your computer system to check for exploitable vulnerabilities. It is an essential practice for identifying and mitigating security risks before malicious actors can exploit them

Security Assessments Security assessments are evaluations of an organization's information system's security posture. They involve identifying, assessing, and prioritizing risks and vulnerabilities. Penetration testing is one type of security assessment, alongside others like vulnerability assessments and security audits.

Types of Penetration Testing 1. **Network Penetration Testing**: Evaluates the security of the network infrastructure, including routers, switches, and firewalls. 2. **Web Application Penetration Testing**: Focuses on identifying vulnerabilities in web applications, such as SQL injection and cross-site scripting (XSS). 3. **Wireless Network Penetration Testing**: Assesses the security of wireless networks, including Wi-Fi access points and wireless protocols. 4. **Social Engineering Penetration Testing**: Tests the susceptibility of an organization's employees to social engineering attacks like phishing. 5. **Physical Penetration Testing**: Examines the physical security controls of an organization, such as locks, cameras, and access controls.

Phases of Penetration Testing 1. **Planning and Preparation**: Define the scope, objectives, and rules of engagement. Obtain necessary permissions and gather initial information. 2. **Information Gathering and Reconnaissance**: Collect data about the target using both passive and active methods. 3. **Vulnerability Analysis**: Identify potential vulnerabilities in the target systems through scanning and manual analysis. 4. **Exploitation**: Attempt to exploit identified vulnerabilities to gain unauthorized access or control over the target systems. 5. **Post-Exploitation**: Determine the impact of the exploited vulnerabilities and assess the potential for further exploitation. 6. **Reporting**: Document the findings, including vulnerabilities identified, methods used, and recommendations for mitigation. 7. **Remediation and Retesting**: Work with the organization to fix the identified vulnerabilities and perform follow-up tests to ensure they have been properly mitigated.

Tools Penetration testing tools are essential for efficiently and effectively identifying and exploiting vulnerabilities. Here are some key categories and examples: 1. **Scanning Tools**: - ** Nmap **: A powerful network scanning tool for discovering hosts and services on a network. - **Nessus**: A comprehensive vulnerability scanner that identifies security issues in systems and networks. 2. **Exploitation Tools**: - ** Metasploit **: A popular framework for developing and executing exploits against target systems. - ** BeEF (Browser Exploitation Framework)**: Focuses on exploiting vulnerabilities in web browsers. 3. **Password Cracking Tools**: - **John the Ripper**: A fast and flexible password-cracking tool. - ** Hashcat **: An advanced password recovery tool that supports a wide range of hashing algorithms.

Cont … 4. **Traffic Analysis Tools**: - ** Wireshark **: A network protocol analyzer for capturing and analyzing network traffic. - ** tcpdump **: A command-line packet analyzer for monitoring network traffic. 5. **Web Application Testing Tools**: - **Burp Suite**: An integrated platform for performing security testing of web applications. - **OWASP ZAP (Zed Attack Proxy)**: An open-source tool for finding vulnerabilities in web applications. 6. **Wireless Network Testing Tools**: - ** Aircrack-ng **: A suite of tools for assessing Wi-Fi network security. - **Kismet**: A wireless network detector and sniffer.

UNIT III

Normalization Normalization is the process of organizing data in a database to reduce redundancy and dependency by organizing tables into related groups and defining their relationships. It ensures data integrity and avoids anomalies during database operations

Types of normalization.. First Normal Form (1NF)**: Ensures that each column contains atomic (indivisible) values, and there are no repeating groups [[3](https://www.javatpoint.com/dbms-normalization)]. 3. **Second Normal Form (2NF)**: Requires that the table is in 1NF and all non-key attributes are fully dependent on the primary key [[3](https://www.javatpoint.com/dbms-normalization)]. 4. **Third Normal Form (3NF)**: The table must be in 2NF, and no transitive dependencies should exist; that is, no non-key attribute should depend on another non-key attribute [[3](https://www.javatpoint.com/dbms-normalization)]. 5. **Boyce-Codd Normal Form (BCNF)**: A stricter version of 3NF where every determinant is a candidate key [[1](https://www.geeksforgeeks.org/normal-forms-in-dbms/)]. 6. **Fourth Normal Form (4NF)**: Ensures that a table does not contain any non-trivial multi-valued dependencies, meaning no set of attributes functionally determines a set of multi-valued attributes [[2](https://www.geeksforgeeks.org/introduction-of-4th-and-5th-normal-form-in-dbms/)].

UNIT IV

Database Database Recovery : Techniques like redo logging, undo logging, and checkpoints ensure data integrity and recoverability in case of system failures [ 2 ]. Concurrency Management : Involves techniques like locking, timestamping, and multiversion concurrency control (MVCC) to manage simultaneous access to data without conflicts [ 5 ]. Database Security : Essential for protecting data from unauthorized access or modification through measures like encryption, access control, and authentication [ 6 ]. Integrity and Control : Ensures that data remains accurate and consistent over its entire lifecycle, enforced through constraints, validations, and auditing [ 6 ]. Structure of a Distributed Database : Typically consists of multiple interconnected databases spread across different locations, coordinated by a distributed DBMS to provide a unified view of data [ 4 ]. Design of Distributed Databases : Involves strategies like replication, fragmentation, and allocation to optimize performance, reliability, and availability across distributed environments [ 1 ].

Chandigarh Business School of Administration LANDRAN (MOHALI) Department of Science and Computing

Penetration Testing Using Open Source Technologies.pptx

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Penetration Testing Using Open Source Technologies.pptx

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

8-top-ai-courses-for-customer-support-representatives-in-2025.pptx

7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx

25-essential-ai-courses-for-user-support-specialists-in-2025.pptx

8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx

Know for Certain

PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx