Tools to be more secured

From GEST-S482 Digital Business
Jump to navigation Jump to search

Tools to be more secured

Password

The best thing to do for your password is that it should change every X time and it must be stored outside your computer. For example, Ledger provides such a Hardware Wallet.

Mail address

As you should know, GMail read your mail, if it bothers you should perhaps consider changing your email address. One firm that makes privacy and security in the center is Protonmail. You can create an email address for free and all your emails are encrypted. Moreover, you can check all your login and logout and see if it matches with your IP address. Therefore, it is easy to know if you have been hacked.

VPN

The goal of a VPN is to provide a secure passage for users’ data over thenon-secure Internet. It enables companies to use the Internet as the virtualbackbone for their corporate networks by allowing them to create securevirtuallinks between their corporate office and branch or remote officesvia the Internet. The cost benefits of VPN service have promptedcorporations to move more of their data from private WANs to Internet-based VPNs.

ProtonVPN provides also a VPN that is better than NordVPN because this latest sells your information. Another free provider of VPN is a browser called Opera.

Operating system

If you really care about your privacy, Microsoft or even MacOS spy on you. So everything you make to protect yourself on your computer is not very useful. So, you can install Ubuntu (moreover you will be independent of these big firms)

Top 10 OWASP

The OWASP Top 10 is a standard awareness document for developers and web application security. It is recognized by developers as the first step towards more secure coding.

Top 10 Web Application Security Risks :

  1. Injection: SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution
  2. Broken authentication: Broken authentication is an umbrella term for several vulnerabilities that attackers exploit to impersonate legitimate users online. Broadly, broken authentication refers to weaknesses in two areas: session management and credential management.
  3. Sensitive data exposure: Sensitive data exposure occurs when an application, company, or other entity inadvertently exposes personal data. Sensitive data exposure differs from a data breach, in which an attacker accesses and steals information.
  4. XML external entities (XXE): XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access.
  5. Broken access control: Broken access control vulnerabilities exist when a user can in fact access some resource or perform some action that they are not supposed to be able to access.
  6. Security misconfiguration: Security Misconfiguration is simply defined as failing to implement all the security controls for a server or web application, or implementing the security controls, but doing so with errors. According to the OWASP top 10, this type of misconfiguration is number 6 on the list of critical web application security risks.
  7. Cross-site scripting (XSS): Cross-site scripting (XSS) is a type of security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
  8. Insecure deserialization: Insecure deserialization is when user-controllable data is deserialized by a website. This potentially enables an attacker to manipulate serialized objects in order to pass harmful data into the application code. It is even possible to replace a serialized object with an object of an entirely different class.
  9. Using components with known vulnerabilities
  10. Insufficient logging & monitoring

For more information visit the OWASP website.

Where to go?

Main page Exercises - Next Session The different webs