Q Session Hijacking attacks and countermeasures. Illustrate some common exploits for session hijacking. Home, - Discuss Session Hijacking attacks and countermeasures Question: A penetration tester is a professional with the skills of the hacker. They are hired by organizations to perform real world attack simulations to evaluate the security of the ICT systems in an organization. Assume that you are a pen tester hired to identify and exploit the vulnerabilities to gain access to systems and data in an organization. Showcase the impact of the following attacks: a. Session Hijacking attacks and countermeasures. Illustrate some common exploits for session hijacking Answer: a) The impact of session hijacking is severe. The attacker can gain access to the sensitive credentials of the user with the use of the session hijacking attack. The access to the web application of the user can be gained with the use of this attack. The financial records of the business and the records of the customers can be accessed by the attacker with this attack. Hackers can encrypt the data of the user with this attack and can demand high amount of ransom. Counter measures1) The two factor authentication of the user must be there who is using the session.2) The server and the browser must be encrypted end to end in order to protect from this attack .3) The automatic logging off must be used after the ending of the session.4) Session time out provision must be there after the particular time.5) Session id must be used in order to enhance security. Common exploits1) Packet sniffing2) XSS vulnerabilities such as injection of the client side scripts3) Use of malicious websites4) Man in the middle attack5) Use of the predictable token b. Session Fixation attacks and counter measures Answer: b) Session attack can result in the hijacking of the valid session of the user. The session id of the user can be obtained by the attacker by using this attack. The unauthenticated access to active session of the user can be gained by the attacker by using this attack. Packet sniffing method is used by the attacker to pursue this attack. Counter measures1) Generation of the new session id on each request of the session2) Automatic logging off session3) Time out of session after specific time. c. Cross Site Scripting attacks and counter measures Answer: c) Cross scripting attack can provide the attacker access to the sensitive information of the user. The malicious code can be injected by the attacker into the web application by using this attack. Malware can be injected by the attacker by using this attack. The sensitive data of the user can be accessed and used for benefit purpose in order to pursue their motives. Counter measures1) Frequent penetration testing of the web application in order to detect the vulnerabilities in the application.2) The malicious links must not be clicked by the users.3) The data which is coming into the system must be filtered using the devices such as firewall.4) The data must be encoded on output.5) The appropriate content security policy must be used by the organization. Related: Comment on the role of malware in cyber-attacks Use of machine learning in cyber security Demonstrate the use of CRUNCH tool Discuss Session Hijacking attacks and countermeasures Discuss predictive data analysis in cyber security Advise a Preventative system against data breach
Related :- Q Demonstrate the use of CRUNCH tool demonstrate the use of crunch tool - build a predictive model which takes in the above 4 parameters and predicts whether golf will be played on any given day. Q Use of machine learning in cyber security use of machine learning in cyber security - What were some spam filtering techniques used before the introduction of ML techniques for spam detection. Q Comment on the role of malware in cyber-attacks comment on the role of malware in cyber-attacks - Cyber Security and Analytics - Define and evaluate the classification techniques for malware analysis. Q What are the key features of the objection what are the key features of the objection - what are the key features of the objection and appeal process against the commissioner's decision Q What will be the likely outcome against Bill what will be the likely outcome against bill - Business And Corporate Law - determine if these companies are ideal to invest in on behalf of their clients. Q Calculate the taxable value of fringe benefit calculate the taxable value of fringe benefit - calculate the taxable value of the fringe benefit using the statutory formula Q Discuss statutory provisions and common law discuss statutory provisions and common law - discuss amounts would be as an allowable deduction against assessable income Q What are the relevant franking account entries what are the relevant franking account entries - what are the relevant franking account entries for abc co and xyx co Q Difference between net capital loss and capital loss? difference between net capital loss and capital loss - what difference between net capital gain and capital gain and between net capital loss and capital loss Q What is Butler Tourism Area Life cycle? What is Butler Tourism Area Life cycle? Explain and give an example from the tourism context.