Infosec
Ref:
- CIS Benchmark: 140+ configuration guidelines for various technology
- OWASP: Security community
- ISO/IEC 27001
- PCI DSS
- Security Testing Guide v4
- SOC2
Color Wheel Team
- Red Team: Offensive security
- Blue Team: Defensive security
- Yellow Team: the builder
- Purple Team (Red + Blue): Integrating defensive tactics with offensive result
- Orange Team (Red + Yellow):
- Green Team (Blue + Yellow)
- White Team
Domain
- Application security
- Cloud security
- Cryptography
- Infrastructure security
- Incident response: monitors for and investigates potentially malicious behavior
- Vulnerability management: scanning an environment for weak points (such as unpatched software) and prioritizing remediation based on risk
Certificate
- CompTIA
- CISSP (Certified Information Systems Security Professional)
Web Application
OWASP Top 10 Application Security Risks:
- A1: Injection
- A2: Broken authentication
- A3: Sensitive data exposure
- A4: XML external entities (XXE)
- A5: Broken access control
- A6: Security misconfiguration
- A7: Cross-site scripting (XSS)
- A8: Insecure deserialization
- A9: Using components with known vulnerabilities
- A10: Insufficient logging and monitoring
Networking
- sshguard: protect brute-force by monitoring system logs, defecting attack, block attack using firewall
- DNS Blocklists
Secure Coding
Penetration Test
Vulnerability assessments and penetration tests follow much of the same process, as they both start with the:
- Reconnaissance: This involves gathering information about the web application through direct and indirect means, such as analysing DNS records, web search results and other information that is available. The objective is to identify the attack surface.
- Application Mapping: This involves spidering or accessing the web/mobile app and identifying deficiencies in the web server and software configuration.
- Discovery: Vulnerabilities such as information leakage, insecure authentication are identified. At this point a vulnerability assessment is complete, but the penetration test takes the process a step further.
- Exploitation: This is where attempts are made to exploit the identified vulnerabilities to simulate real world attacks.
- Reporting: Writing down the proof of concept, severity of the issues and impact on the system to document.
- Mitigation: Follow up with dev team, providing recommendation and other protective measures to fix the security issues.
Tools
burpsuite
,owasp ZAP
: MiTM (Man in the middle) Proxy Toolapktool
,dex2jar
,JD-gui
: Android apps reverse engineering toolkitssqlmap
: Automated tool for testing SQL Injectionsdrozer
,qark
: Android app components security testing toolsDirBuster
: Tool for Brute-forcing directories in web applicationsnmap
: Discovering services, open ports running on remote systemarachni
: Web based automated security scanner
STRIDE (Threat Modeling)
- (Threat Modeling: uncover vulnerabilities without looking at code)[https://www.youtube.com/watch?v=Fmp9UFjPiJs]
Reference: (Wiki)[https://en.wikipedia.org/wiki/STRIDE_(security)]
Description:
- Spoofing: Pretending to be someone you are not
- Tampering: Modifying Data
- Repudiation: “I didn’t do it, nobody saw me do it, can’t prove anything”
- Information Disclosure: Leakage of Information that should be private
- Denial of Service: Stopping something from working or responding
- Elevation of Privilage: Upgrading from user to administrator access
Mitigation Perfective:
- Spoofing: Strong authentication
- Tampering: Encryption
- Repudiation: Strong authentication and authorization
- Information Disclosure: Encryption
- Denial of Service: Resilience
- Elevation of Privilage: Authorization
Root Cause Analysis
Other names:
post-mortem
: (literal: after death)
Ref:
Investigation Method:
- The “5-Whys” Analysis
- Barrier Analysis
- Change Analysis
- Causal Factor Tree Analysis
- Failure Mode and Effects Analysis
- Fish-Bone Diagram or Ishikawa Diagram
- Pareto Analysis
- Fault Tree Analysis