Application Security Full Course 2026 | Application Security Tutorial For Beginners | Simplilearn

Key Takeaways

Hey everyone, welcome to application security full course by simpler. Imagine you launch your dream web app and within hours it's hacked. Scary, right? But that's the reality for thousands of app today. Cyber attackers are faster, smarter, and always looking for vulnerabilities to exploit. That's why web application security isn't just nice to know, it's missionritical. So whether you're a curious beginner or a seasoned developer, this course will help you understand how hackers think and more importantly how to stop them. From the OSAP top 10 to SQL injections, XS, CSRF, encryption and secure authentication. We will break it down all in simple plain English and with practical steps so that you can apply right away. and by the end you'll have the confidence and the skills to build web apps that don't just work but stand strong in the face of cyber attackers. Let's dive right in. Now before we commence if you are interested in building a successful career in cyber security then simply learns professional certificate program in cyber security is the perfect choice for you. This 20week program designed in collaboration with PUR University online and IBM offers over 100 hours of live expertled classes and hands-on projects where you'll master essential skills like ethical hacking, penetration testing and malware analysis while working with cuttingedge tools like metas plot ID, Burp suit and end mapap. Now with advanced modules on genai and cyber security, you will stay ahead in this fast evolving field. So what are you waiting for? Hurry up and enroll now and you can find the link below. >> Security was traditionally considered an afterthought in software development. It is becoming an increasingly important concern for all aspects of app development from design to deployment and beyond. The number of programs produced, distributed, deployed and patched across network continually increases. As a result, application security features must deal with a wide range of risks. Let's take an example. A malicious script may be mirrored on the victim's web browser or kept in a database and run whenever the user contacts the proper function depending on the kind of attack in question here. This allows malicious code to be entered in the case of an output. The major cause of this attack is faulty user input validation which allows malicious input to enter the final output. An evil user can enter a script that will be injected into the website's code. The browser will then be unable to determine whether the process code is harmful. As a result, a malicious skip is performed on the victim's browser or a bogus form is shown to the users. Are you aware of which attack this is? If not, do stay till the end to find the correct answer. Are you aware of which attack this is? If not, please stay till the end of the video to know the correct answer. Hey everyone, welcome to today's video on application security. Before we move forward, subscribe to our channel and hit the bell icon to never miss an update from us. Let's take a look at the topics to be covered today. We start by learning about application security and its different types. We learn about the most common vulnerabilities in appset followed by the importance of application security in today's cyber security space. Next, we cover some attacks against application layer security and end the video with some protection techniques to enforce application security parameters. So let's start by learning about application security from a grassroots perspective. Application security which is often known as apps protects application software from external security threats by utilizing security software hardware methodologies best practices and different processes. Organizations require application security technologies that safeguard all of their programs from internal to popular external apps on consumer mobile phones. These solutions must address the whole development cycle and provide testing after an application has been deployed to detect possible issues. Application security mechanisms must be capable of testing web pages for possible and exploitable vulnerabilities, analyzing code, and assisting in the administration of development and safety management processes. The testing solutions must also be simple and easy to install for system administrators worldwide. Consumers utilize hundreds of applications daily to access theoretically important and favored services such as e-commerce, banking, music, etc. To be productive, these professionals use a variety of software solutions as well, ranging from online word checkers to tablet based creative tools among other things. Backend software of course exists to automate essential operations and processes and decreases human labor. But to make matters worse, the quantity and complexity of these apps and their backend code is increasing. The software security problem 10 years ago was about securing desktop apps and static web pages that were natively harmless and easy to scale through and defend. Because of outsourced development, the number of legacy programs and in-house development that uses third-party open-source and commercialized off-the-shelf software modules, the software supply chain has become considerably more convoluted. Now that we understand application security on a general level, let us go through some of the different categories or the types of application security. The three major types to be covered in this section. Web application security, API security and cloudnative application security. A web application is a program available through the internet and it operates on a web server. The client is accessed using a web browser. The applications by definition must allow connections from clients across unsecured network. This exposes them to a variety of risks. Many online apps are mission critical and include sensitive customer data making them an attractive target for attackers and a top concern for any cyber security program or framework. The advent of HTTPS which offers an encrypted channel of communication guards versus man-in-the-middle attacks or MITM attacks has addressed several online application weaknesses. Many weaknesses though still persist. Many security providers have created solutions specifically geared to safeguard online applications in response to the rising challenge of web application security. A web application firewall is an example of a security technology meant to identify and prevent application layer solves in the case of web applications. When it comes to APIs, APIs that have security flaws at the root of many major data breaches. They have the potential to reveal sensitive data and disrupt vital corporate processes. API security flaws include unsufficient authentication, unintended data disclosure and a failure to apply rate restriction which allows API abuse. The requirement for API security like the necessity for web application security has led to the creation of sophisticated equipment that can discover API vulnerabilities and protect APIs in production level. The third type is cloudnative application security. Infrastructure and environments are often built up automatically in cloudnative apps depending on declarative configuration which is known as infrastructure as code or developers are tasked with developing declarative settings and application code both of which should be secure because practically everything is defined during the development stage. Shifting left is even more crucial in cloud native setups. Traditional testing techniques can help cloudnative apps but they are insufficient. Dedicated cloudnative security solutions are mandatory at this point of time which are capable of instrumenting vessels, container clusters and serverless operations, reporting on security concerns and providing developers with a quick feedback loop. Now that you have covered the different types of application security, let us go through some of the most common vulnerabilities that these frameworks face on a daily basis. First is cryptographic failure. When data is not adequately safeguarded in transit and at rest, cryptographic failures which are formerly known as sensitive data exposures occur. It has the potential to reveal credentials, health information, credit card details, and personal information as well. Depending on the type of data being protected in that particular case, injection attacks. threat actors can use injection vulnerabilities to convey malicious information to a web application interpreter. It has the potential to assemble and execute this data on the server. SQL injection is a popular type of injection which I've already covered in an introduction for this video. Another major vulnerability are outdated components. Vulnerable and out ofdate components encompass any vulnerability caused by obsolete or unmaintained software. It can happen if you construct or even use an application without first learning about its core components and versions. Authentication failures, identification and authentication failure, which are previously known as broken authentication, encompass any security issue involving user identities. Identity attacks and exploitation may be avoided by implementing secure session administration, authentication, and validation for all identities in their organization. In the next section, let us cover some of the protection mechanisms employed by cyber security firms and third party automated software to prevent the application layer from being bombarded with SQL injections and other attack. The first is a web application firewall or WF. A web application firewall monitors and filters HTTP traffic within a web application and the worldwide web. Web application firewall architecture does not address all risks, but it may be used in conjunction with other defense mechanisms. It can be used with the portfolio of security solutions to provide a comprehensive defense against diverse attack roles. It is a protocol layer 7 protection in the open systems interconnection or the OSI model paradigm that helps defend online application against attacks such as cross-ite scripting, cross-ite fraud, escape injection, and file intrusion. Unlike a proxy server which conceals the identity of client computers by an intermediary, a W functions as a reverse proxy shielding the server from exposure. It acts as a barrier in front of a web application protecting it from the internet. The clients must pass through the web application firewall before they can access the application. The second is threat assessment. A list of sensitive assets to safeguard will assist you in understanding the threat to your firm and how to minimize them. Considering how a hacker can infiltrate an application, if existing security protections are in place, and whether additional tools or defense capabilities are required, it's also crucial to keep your security expectations in check. Nothing is impenetrable, even at the most stringent security measures. It would be best if you were realistic about what you believe your team can handle in the long run. When pushed too aggressively, safety regulations and procedures might be disregarded. Remember that safety is a lengthy and time-taking project that requires the collaboration of other employees and sometimes even your customers. The next topic is privilege management. Limiting privileges is vital especially for mission critical and sensitive systems. The least privilege principle states that access to programs and data should be limited to those who require them when they require them. For two reasons, the least privilege principle is absolutely critical. The first is that hackers may compromise less privileged accounts and ensuring they do not acquire access to highly sensitive systems is critical. The second is that internal daggers are equally harmful as external adversaries. If insiders go bad, it's critical to ensure they never have more power than they need, minimizing the harm that they may be able to cause to the organization. Starting with the introduction. Before that, let's have a little course introduction. So we'll be uh doing an introduction to application security. What is application security? Where it is used. So as the name says application security includes all tasks that introduce a security software development life cycle, development teams. Its goal is to improve security practices and find fix and prevent security issues within applications. How it is done, why it is done that we will learn along the journey along with practical examples. Application security is not confined to a certain area. It's not confined to IT as it seems that it's it might be uh confined to IT industry only but no uh you might have heard about attacks uh cyber security attacks on government institutes, energy and util utilities, healthcare institutes, banking institutes. So yes, it impacts application security impacts all of these sectors. how they impact we will be seeing it while the journey is going on. Our course would start with the introduction which we are doing then the core concepts what's software security how secure software testing is done what is cryptography a very important topic and secure software life cycle management skills that we'll be covering would be web app scanning encryption application monitoring error logging or top 10 and API Security the agenda for today web app security application and web app security. All right. So what are the learning objectives for today? Again the basics core concepts of security. We'll be able to classify the best practices. We will be analyzing one case study that would be of Uber. We will see what went wrong or what went good. How application web application security would have done it better and we will categorize the requirements for a foolproof security team. What are the requirements? We'll be seeing it. So say if you have joined any organization as a cyber security specialist where would this course help you? Say you you are given the following tasks which you'll be able to do after this session. Understand the vulnerability stack. What are vulnerabilities? how they are classified, which application is impacted, where to see which vulnerabilities, uh where on the net they are visible, is there any database for vulnerabilities, how many of the these are there, what about the vulnerabilities which were there in the history, can we find them? we will be able to understand the organization's security policy. So whatever organization you are working in currently, you will be able to understand their security policy. Then you'll be able to review the core security requirements. Whenever we talk about any software, so we talk about a software, we know it is something that we use in our daily day-to-day life. Uh it is a firmware with which we access applications. What is secure software? Now the same software or same application is secured by means of following attributes. Which attributes? Reliability, resiliency, recoverability. When I talk about reliability as the name says that is the software dependable it fulfills the purpose for which it was created. For example, if I talk about social uh networking sites, the social networking softwares. So we know we at once our mind will answer okay you are talking about soft uh social connection softwares. So it's either WhatsApp, Facebook, Instagram. So these companies or these softwares have made a reliability mind setup. So whenever we talk about social engineering these softwares would revolve in our mind. When we talk about resiliency resiliency means that the software does not violate any security policy. So it's able to withstand the actions of threat agents. Resiliency means I downloaded the software today and tomorrow it's demanding ransomware to use. My files are encrypted. It's saying that you cannot move forward from this point. So resiliency should be there. It does not violate any any security policy. Reli reliability was the software is dependable recoverability as the name says. So if I remove any of the application from my phone uh I have some restore point or backup point from where I will get the entire thing back in same setup without any loss of data. So software is able to restore operations when you buy a new phone. You simply have to login into with your ID which is major it is if it is Android you have to use your Gmail ID and entire backup of applications from your previous phone to your new phone it clones it. So that talks about the recoverability. After software or secure software, we talk about web applications. What are web applications? These are nothing but software programs that run on web browsers. If I open uh say any website simply learned, what is this? This is a web application which is running in my browser. So anything any application or any software which runs on browser which runs on web is web application. Talking about the flow. Let's talk about the flow. How the data flows. I'll be using different symbols here. So let's say this is my database server or I call it DB. This is my application server. This one is the web server. So all these things combined together they work in background. So these would be the back end thing. All three of these are back end. when I talk about the applications if I am seeing this so this all is in front end because it's directly on UI on which I'm interacting with it so front end would be this would be my web browser and the system on which it is running laptop desktop or mobile whatever device it is. So I I won't be using cloud here but yes this is front end. How would be the flow move? My database server will fetch the address I searched for simply learn application server will respond that yes this is simply learn application. It will the application server will respond and the web server will then be showing this to web browser. So now simply learn is visible on web browser and that is reflected on my device which is either laptop or mobile and this thing is front end. So just an overview how web applications work. Which main components are in action starting from database server in which entire uh applications entire simply learn things are hosted. Application server on which the application is hosted. Web server responding on web browser to your laptop or mobile. application vulnerability stack. If we talk about application vulnerability stack or as the name says it will talk about application irrespective it is web application, mobile application, cloud application any vulnerability that is impact impacting this application would be a part of application vulnerability stack. So when you talk about vulnerability, what is vulnerability? Anyone want to answer it? Uh I won't be judging over it. But yes, uh just to see how many of you can answer what is a vulnerability. If I say uh any application say if I say I won't be naming any other application. If I say simply learn application is having some vulnerability. What does that means? Does mobile app also require web server in the back end? How is web server different from web browser? All right. So I'll firstly answer these two questions from Wardhan and Vasuv. So Verdan says how is web server different from web browser. Verdan web server is on which the application is hosted which is in the back end from where my web browser which is chrome it is fetching that detail from some web browser on which simply learn is hosted. So answering your question, web browser is either Chrome uh the one which is obsolete, Internet Explorer which is now not used in its place. We have Microsoft Explorer, Firefox, so Opera Mini. So all these are web browsers while web servers are Apache Apache web server. We have some web servers from Oracle. Microsoft has its own web servers. Google has its web servers. AWS has its web servers. So that's the difference between web server and web browser. Does mobile app also require web server in the back end? Uh Vasuv yes the answer is if because you also use web browsers on your mobiles. So if you are using uh browser say you want to see your report card and you want to access uh the website of your university or college. If you are using your mobile browser, you again are accessing their web server in the back end. Praep says web application and website what is the major difference? Uh both of them work on www. So web site and web application both works on our browser. In Android Studio we use web view which is like a server. Uh that's true. done vulnerability is a thing which happens integrity and availability for data. Uh so that's that shows that uh you have been good in the module one because that's from where you are answering it. That's good. All right. Answer to this in two different scenarios. one scenario uh the one I discussed uh where you are using mobile application say which is mobile Chrome which is Chrome or Firefox inside your mobile now it is the mobile application it runs on web servers uh Edge again these are mobile applications and they do have web servers on which they will show you the answers because they are browsers so yes they have servers in the background. Talking about other applications, uh although this answers your question, google.com is a website. Yes. Yes, it uh Google ultimately uses servers, database server. Google.com when you search. So searching here although it is my default page but yes google.com it is talking to its server in the back end and showing me this page. So this page is web page of Google or website of Google. So now you got your answer. Web application would be if you're using that Google application in your phone that's the application while anything which you see on web browser is a website web app server mobile app server do they run on same server that depends upon company to company if I'm having a big company like Google or Microsoft I'll have different servers so that if my web app is down my mobile app is running it doesn't impact it While uh if I'm a uh small cap company or medium cap company, I might have both on same physical server of same cloud server. So I might use AWS with different instances running for mobile and web app or I might have even if I'm smaller than that with low budget I be having single physical server with both of them running on it. So depending upon the budget I'm having, we were talking about stack. When we talk about stack, let's start from the network part. When we talk about networks, what are the things that are under attack? We either talk about routers or firewalls. When we talk about operating systems and these all are the things that you need to know to be successful in cyber security domain. Knowledge of each one of these applications would either be either be open-source or licensed which are commercial database. When you talk about DB, there are certain database that run in the background. We have Oracle, MySQL, DB2 and so on. The list goes on. But these are the major on which the attacks are targeted. What are the components? We server either Apache Microsoft IAS custom web application. What issues do we see in custom web applications? Uh this generally happens when uh there is an application already placed there. uh there's a m uh application working and it's source code is available uh say in gitlab so when you talk about it's source code is there in gitlab you try to customize it according to your wish say Uber uh is there already placed in gitlab the code is there I make some changes according to my requirement and uh generate a new taxi application with some name say my name is her breach so let let it be her breed cabs or blue cabs yellow cabs whatever so I'm using code which is already there but now I have made it customized according to my needs we can have business logic flows Or we can have technical vulnerabilities. If I'm not into uh security thing, I might change something which could induce a vulnerability in that application in that customized application not the original one because I'm now playing with it. So I might induce some technical vulnerability in it with with the changes I'm trying to do. But again that that depends upon what kind of service you are taking from the cloud provider. If the security is managed by them then you don't have to fear anything. If anything happens your data is lost. The cloud providers would compensate you but that typically never happens. Does web scrapping comes into scrapping comes into this issue as we try to extract info without permission of the company. Uh if you notice uh when I'm trying to answer your questions I'm revolving around simply learn only due to same uh thing what you are trying to question Vdan. Uh yes uh when you try to say even even when we will be attacking uh websites it would be mostly simply learn only because we won't be attacking any other website of any other company that could lead us in trouble or jail. So yes that's a very good question. If you try to fingerprint, we call it fingerprinting or footprinting. Uh when you try to collect data of any website or any company through these means, their sock team, their security team would come to know that something is something fishy is happening and yes, that might lead you in trouble. So permission of company is necessary in most of the cases. All right. Next point is single page applications. As the name says applications which run on a single page they they are called single page applications. How they work? uh say it it's it's a design approach that generates web pages dynamically with new data from the web server instead of loading entire new pages. So every time you open single page web application that it autogenerates the data from web server and it uh doesn't always go back to a web server for fresh linkages uh which could impact in its loading. So for faster loading, SPA generally uses Ajax to exchange data with the server and JavaScript to manipulate the elements on the existing page. So what does it use? SPA uses Ajax. Why? To exchange data with server. What else is used? JavaScript to manipulate the objects. Now, uh how can I know that what elements are there on any website? So, let me show you. So, talking about single page application, this is simply learn. I want to know uh what things what are the back end things working on this page. I either I go to inspect element and uh use inspect element to go one by one or I use some bookmarks. The bookmark I will be using would be weapalizer and shoddan. Talking about webalizer, it shows that simply learn is using Microsoft advertising for performance priority hence for marketing automation they using web engage sales loft. Amazon cloud front is the VAF which is CDN. Personal personalization is done on web engage version 6. So they're using pass platform as a service. So simply learn is hosted on web application uh Amazon web services. Now you know from where it's fetching the data from the analytics they using Facebook pixel, Google Analytics, Microsoft clarity loadable components jQuery, cryptojs. So it these are the JavaScript JavaScript libraries. If you want more, click on more info. I guess it would be paid. Yes, it's paid. You can export this entire information if you want. You can use same thing for other application. The other application or extension that I'll be using is shoddan. It shows so I didn't know the IP address from webizer. So shoddan showed me that okay this is the IP address of simply learn it's on cloud we know that it is AWS open ports are 80 and 443 uh in network you will be I'm not yes network you have already done enterprise infrastructure so you know open ports 80 is for HTTP 443 is for HTTPS Yes. So you can view IP details, view domain details. Moving ahead, it will show you more details. I'm not sure if it is paid now. No, it is not. So it's on Amazon. It's the ISP using CloudFront port 80 which is HTTP HTTPS. So these datas you can get from some extensions. If you are good at coding that is always a plus point because uh in web application security there are two types of testing. One is static analysis and the other is dynamic analysis. When we are doing static analysis static analysis is nothing but source code review. You review the codes for that you should be good in coding. While if you're doing dynamic testing that means websites in motion for those you you just need know how of coding and not the entire code structure. So better if you are having uh Java or Python knowledge if don't know coding that much if you are a fresher then you can learn it by heart that would help you uh in long run but if uh your job your current job doesn't require it so you may even not go along with it. I'm currently okay you are in network side. So I started uh with networks only uh I started with networks then uh uh wireless networks data networks wireless networks and now I mean cyber security it doesn't necessarily require you to know the websites uh the programming but yes it could help you all right brief on it. Okay. So, Ajax is a it is a set of web development techniques. Uh when I'm using Ajax on my client side on my system, it's used to create asynchronous web applications. So, we can send and receive data from server without interfering with the display and behavior of existing page. Even though uh this is working on your uh we are using the chat within this application, it is not impacting any other functionality while we are doing this session. So this is Ajax. We are using Ajax. It is just utilizing a bit of the entire thing without impacting anything. That dynamic thing is called Ajax. So it is not changing behavior of the existing page but we are still able to check any example of spa if possible single uh this one example is the zoom learning that we are doing uh we are using uh meeting chat without impacting any other thing in simply uh this application is again spa when I inserts anything random it will provide me the answer although I know her is nowhere inside it it will just throw an error without impacting anything else on the page so your search did not match any content it take it took a second or so without impacting this it's spa using Ajax after single page application all right let's talk more about a bit more about how single page application works. Let's see. I don't want to save it. All right. So again this is my browser. This is my server. This is my application. This is the response. So my browser will send a request. What it is doing? It is sending a request. Server will respond with HTML file. Then okay. Uh this is in response to your request that this the file. Now the application sends an AEX request to fetch data from the server. Just keep correlating. You open your Google Chrome. You searched for see simply learned server provided HTML file at first then the application sends Ajax request. Why it is sent? To fetch data from the server. So now it is just sending aex so that additional data from server is requested without any impact on this page which is already showing on browser. The final step would be web page is updated using JSON data. So JSON data is received which is then updated on your web browser. So this is how it is functioning in the background of a single page application is payment system with UPI also spa because once we reach to payment page then it sends a request to UP and keeps pulling if we have made the payment or not. So uh there's another thing running in UPA systems because there it works uh two ways. Once it is uh interacting with a server which checks that if payment is made another it is interacting with the server which checks if you have provided the proper Min or OTP. Third, it is interacting with your bank from which the payment has been made. So it's a little different. Uh it's not entirely SPA but a combination of SPA at three different levels. All these three levels that I talked is server and application generating running on same system or different is server and application generating Ajax running on same system or different since I am using this web browser simply learns to talk with me but I don't. So if I'm using this website on my local machine that means Ajax is running on this client system. So this answers your question that Ajax works on the same system on which the web browser or web app is running. JSON how it works? JSON is a message that you get say if you are all right. So if any response you are getting in JSON format you can simply use uh JSON viewer. Uh I don't have JSON sample currently but let me see if I can get it from somewhere. Okay. So say if this is the JSON data that we are getting simply use it in viewer. It will show you data in this format in tabular format that okay employee name is this salary is this and it's he or she is married. So this was the code JSON viewer simplified it in a table form. So if this helps you in your daily work. So what are the most common commonly used frameworks for developing SPA? So all these frameworks that we are talking you might have heard about it especially if someone of you is a developer. ReactJS which is JavaScript, VueJS, AngularJS. So all these frameworks are used for developing SPAS because SPA is a front end technology there. Therefore all these are the front- end utilities that we are using. So all right uh give me if you could just to check kindly provide me example of spa uh in your from your daily life from your daily life provide me an example of spa very easy even if you that that's that's the uh that's the definition of spa Okay. But uh provide an example. All right. One example is Facebook. You edit, change anything. You see videos, but it doesn't change the basic functioning. What else? Share prices display. If it is a good application, then yes. Okay. Otherwise, if it is lagging, then it is not SP. Gmail, right? Google Drive, right? WhatsApp. WhatsApp web. Okay. The answer, Twitter, perfect. The answer which I am searching for. SharePoint. Okay. All right. Can say because real time changes are there. Okay. Perfect. the answer which I wanted to Google maps. Uh no because we are not changing anything over it. Uh okay. Uh the answer which I was expecting from you people platform which is Netflix. Yes. Wancates uh location can be changed dynamically. But during that time uh once your location start and stop is set. It doesn't has to fetch anything uh anything new uh since you are connecting to internet. So that's that's what it requires. That's the ultimate thing it requires. talking about OTTD platform uh yes Jio uh Netflix Amazon Prime all these hundreds of people if if there's a match of Indian cricket team uh hot star yes so it cers load of a billion people billion devices connecting to it and still it is working without going down or showing any symptoms of uh of disconnect connection. So that's that's where spas come into existence. You are even uh some someone who is not keen into uh cricket they are working they are watching some other thing over the same application which might uh have some different load level. So catering to different loads at same YouTube. Yes. So all these are spas. All right. One question I saw currently is what is the difference between single page and multi-page applications. Uh okay, Madri says, "Shodan shows TLS 1.2 for security surf is this not a risk? The latest is 1.3." Very good question. Uh Badri, but uh sometimes it's the compatibility issues. Say the company in which I am currently working they are also using TLS 1.2 because maximum of the infra inside the company they support TLS 1.2 they haven't shifted to 1.3 due to compatibility issues of support. So that's why some companies are still working on TLS 1.2 rather than 1.3. But yeah, they do have the security team working behind keep checking which is checking it regularly that nothing of that sort happen. Uh any vulnerability which is there for 1.2 they are not exploited by anyone. Uh once they uh that is also secure but every version every latest version is more secure than the earlier one. TLS 1.1 transformed into 1.2 due to more security. The version 1.3 is more secure but it's not very compatible to the infrastructures yet. 1.2 is widely used. So Chanjit uh the answer Sunil attempted the answer and it he is pretty much right. Single page application will interact for any new changes from the web server. it will not uh load the entire page again and again while multi-page applications will for any change they will reload the entire application so they are more slow than single page applications if that answers yes uh Badri answered that also it is new page every time with the user actions CRM Is multi-age application true? I guess this uh Vas you are talking about the SAP CRM right? Are we having hybrid? Uh where where uh where are we having hybrid? I I mean I'm not getting the question. Yahoo Gmail is single page. They do not reload on receiving a new mail. they just keep new mail updated. I mean both SPA and MPA if people prefer multi-page application uh they are uh preferred while using heavy applications. So for spas are preferred for heavy applications just as we discussed about the OTT things again the budget thing if you don't have much budget you use multi-page application mpa example would be anything uh say I'm not sure how many of you have used medium which is a blog site technical blog site so if you talk about medium it is MPA any blog any e-commerce website which is Amazon Flipkart which goes to a new page. If you go to Amazon regular it is one page. Go to Amazon fresh. Yes. Sushi answered Zmetto Swiggy. These are all MPAs. Wikipedia is MPA. Very nice example of it. Are we having hybrid solution between single page and multi-page applications? Uh no. No. Uh no issues bangesh. Uh uh if an application is SPA, it is completely spa. If an application is MPA, it is completely MPA. We cannot have a part of it as SPA and a part of MPA because that part itself is divided into multiple pages. So if it is MPA, it is completely MPA. If it is SPA, completely SPA. All right. Just one question. Which one is faster? SPA or So dian that is spa no doubt about it. Amazon prime and Amazon mini all of them are spa. So you all know spa is faster. Okay we know that uh the advantages of using spa is it is speed most of resources loaded only once. Uh data is preserved we require less data. What are the disadvantages of using SBA? Uh whenever you click on that mini DB thing, it will redirect you to SPA rather than the MPA part. What about desktop application? Which application? We we are talked about SPA and uh MPA already. Which application which desktop application you are talking about? Again, that depends which application you're using. If you're using any run, uh if you're using team viewer, those are those come under MPAs. If you are using Netflix uh application desktop application then again it's SPA navigation is maybe the issue with SPA sir uh no okay what in navigation you are not exact on the point but yes near about loading uh akib it it is faster so loading is not an issue for spa loading is an issue for MPA what are the disadvantages of using spa applications Since it is faster in execution, which do you think is more prone to attacks? Is it SP or MPA? No, there are dis advantages. Answer Sunil has already answered it. So the there are kind of attacks uh injection attacks, XSS attacks which we'll be seeing in uh further uh Wang. It is it is not the exact thing but yes while while navigation while in uh the data is in transit there's there's scope of attacks because uh not the entire thing is reloading not the entire data is being fetched but only uh the data which is being transmitted can be manipulated by attackers. They can simply inject malicious scripts into it. So there was uh there was there was recent attack which was called that was a vulnerability in JavaScript Java uh which is called log 4j if anyone of you remember that 4j. This was a vulnerability which was there in every Java. It was a zero day vulnerability. every Java logging framework was having it. So whenever we talk about vulnerability and it it attacked any and every application which was working on JavaScript. So this is one of the uh example where how it got vulnerability how it got vulnerable. Okay. Uh long story short, uh JavaScript was having uh some a single line in the code which was talking about the logging thing. A little change in that line or that code or that script made it vulnerable to changes in entire globe wherever Java was being used. uh so that resulted in this vulnerability which was already present there but were never exploited. Next is microservices. When we talk about microservices, so microservices are shorter services which are running inside bigger services. It is an approach in which a single application is composed of many loosely coupled independent services. So microservices emerged to address the limitations of monolithic architectures which we will initially using such as scalability, flexibility, productivity. To answer all those things we got the concept of microservices. So what are the advantages of microservices when a single code is divided into multiple shorter codes? So updating the codes is more easy. Now updating is easier. What else? Scaling can be done of each unit independently. What else? Fault isolation. If a part or a unit is in fault, it will not impact the entire uh structure. One point which I want to see say updating is easier, scaling can be done independently, fault isolation. What else? Okay, I will give you a hint. Since these are different units. Okay, I'll just uh ask you in yes or no. Since these are in different units, can we use multiple programs in it? Multiple pro programming languages. So the answer is yes. So basic and most advantageous thing of microservices we can use different programming languages defining different structures different component structures. What do you think about disadvantages language? That is good. Yes, that's the answer. Uh Chiranji, did you get the answer now? Why it is yes. All right. So think about uh brainstorm on the disadvantages. What are the disadvantages? The answer lies here only. So the disadvantage number one is disadvantage number one which you can feel if you're using different languages in a set would yes. So the answer is complex structure complex or complicated we can say what else what will this turn into? So if we talk about Sunil, Badri, Harjender all of them they are pointing to one thing which says testing can become complicated. So when you have made a complex or complicated structure and a QA has to test it then they have to test it for different languages different things different services. So now let's let's talk about a case study uh case study of Uber. We are talking about Uber uh the taxi application of course. So Uber like other startups it created a monolithic architecture for its application but it forgot to include scability and stability in its software. Uh I guess because it didn't know it would be very popular worldwide. So it missed that scal scalability part. So it used monolithic structure. When I talk about monolithic structure, what is what it is? It is a single tired application that compiles all components all components in a single program. That means it was not working on microservices. All components were on in a single program. What are those components? What were those components? Client side user interface. Server side business logic integrations data access layer. So all of these components were now in a single program rather than running on a different services. So that made the application very heavy and it now started making problems for Uber. So for why because for even a short change uh in the application they had to go through the entire program see where that particular function is change it and failure of one program failure of one component could bring down entire system. So as the services increased, it became very difficult for Uber to sustain. That's when they shifted from single program monolithic structure to microservices. So now when they shifted to microservices the load was less because now it was decentralized every unit was independently functioning without impacting the other. So now because they were independent dependency on other features was removed and from that from that phase onwards Uber benefited by shifting its architecture from monolithic to microservices and that was a learning lesson for other uh applications which were their competitions in global market. So talking about security policy as the name says security policy is an overall general statement produced by senior management that dictates security within the organization. So what is it? What it is? An aggregate of directives, regulations, rules, practices. All of these are aggregated. that prescribes how an organization manages, protects and distributes the information, manages, protects and distribute the information for any company you are currently working in. They have their own set of policies. Some says you cannot plug in USB uh in your laptops. Some says you can plug in but it won't work. Some says no media connection is allowed be it your own phone to the laptop because you can steal the information. So this is uh how different companies frame different policies based upon their sense of security. How are these uh how to make flowchart here? Let's see. Okay. What are the how can we divide it into strategic and tactical? Let's see. So we start with laws, directives and regulations followed by the policies. followed by they call it mandatory standards. These are further followed by detailed procedures. recommended guidelines and baselines top. they follow top to bottom bottom approach. So till here it's all strategic and this part this part is strategic that means the core or VIPs they make these things CISO CTO, CDO they sit together to make laws, directives and regulations, policies while the mandatory standards, detailed procedures these are tactics based. So when we called about tactic based that means the tactical team which is there to see on mandatory standards the guidelines and baselines they are responsible for these parts the lower one talking about standards. All right. Talking about standards. Standards are nothing just okay I'll just write it here only. When you talk about standards, standards are mandatory activities, actions or rules. Designed to support higher level policies. So standards are basically designed to support these higher level laws, directives, regulations and security policies. They are very specific technical. They include specifications for what hardware you'll be using, what softwares you'll be using. Examples of standards that we talk about in uh cyber security is OASP, MIDI. These are the standards that we look after when we talk about cyber security. So, OASP, MIT, SAS 25 these are the standards. Talking about procedures, what is the difference between standard and procedure? It's generally called SOP. If you hear about SOP, it is they are not talking about the SOAP or anything else. It is standard operating procedure. Standard operating procedure. What it is? It is a detailed step-by-step sequence of activities that are necessary to perform a specific security task. If someone some of you are working in endpoint security then you know that there's certain procedure with which you check for uh the endpoint security. Uh so we have network guys here. So there are procedures with which you check for firewall rules. There are procedures with which you check for the routing table. There are procedures with which you change the routes if you are given that access. You cannot just go and change the routes uh without opening a change. So first it will go to cab which is change management board and then if it is approved then you can change the routes. So that's the soap or procedures or standard operating procedure that we call it. Procedures are at a lower level than standards. So standards are at a higher level than procedures as we can see in this flow diagram. So answer procedures and policies are dash are they uh policies and procedures are dash option A option A is unimportant. Option B is mandatory. Option C is casual. Option D is none of these. So talking about guidelines, what are guidelines? You know what is procedure? what is standards. So these are important when you sit and interview for these are more of information security things rather than cyber security things. They ask you for standards, procedure, guideline. What are the differences in guidelines you have guidelines as the name says they are just recommendations. There are the recommendations on on how standards and baseline are implemented. Oops. So guidelines are the recommendations on how standards and baselines are implemented. So that's why the guidelines are at the lowest end because it doesn't talk about something very necessary or immediate. What does it talk about? The guidelines talk about of different levels. Let's talk from the base which says why we are doing it. What are we doing? When we talk about why it is defined in policy, when we say what are we doing, those are defined by standards. How are we doing it? That is done by procedures and guidelines are just for your information. FYI is guidelines or recommendations. see how we develop a security policy. Where can we get uh an idea from where we can make a security policy? So let's see. Let's do a short activity. So we can have a little help from a tool uh a web browser only. So what we are going to do we are going to develop an application security policy uh using a template from where we are going to get the template we are going to get that template from sans.org og which template okay it's free policy templates is already there so we need to have information security policy so just click on it home security policy project so which policy do we need we are talking about application security. So let's go to application security. We have web application security policies. You can download as PDF or doc. But since uh we will be making changes according to our company company name and all. I will download doc. So it is getting downloaded. You can do it sideways. So let's do it together. So once you have done it, simply open it from the downloads web web application security policy. So you see it the entire policy you can remove the things you don't want. So web application security policy change the company name your company name change it here wherever it is company name just filter it out. You can remove the footer header and footers as per your requirement. So it will talk about everything if any new or major application is released, third party or acquired web application, patch releases, emergency releases, annual review. how we uh define the severity which are the high severity, medium severity, low severity issues. The standards that we are using is OASP. So here you will just whatever tools you are using just mention it here. You're using Kal Linux as operating system. Any other tool that you're using mention it here. Compliance policy is here. So you see standards policy and process is here. Testing guide is provided. Change these dates according to how you want it. Responsible would be your security team. Just make summary of change. What have you changed? Is it application uh updation or anything related to it. So this is from where you can make your own web application security policy. Okay. Wants to know from where should we download it as if it is sans.org. So once you move to sans.org ORG I'll just share this. All right. OASP is the standard that we used. OASP is the standard that we used for uh taking care of the vulnerabilities in our domain. When we talk about a wasp, a wasp has top 10 vulnerabilities which keep on changing every four years. So latest one was in 2021. So this is was top 10. For 2021 it was so I told you it changes every four years. So before 2021 it was 2017. Before 2017 it was 2013. So when we talk about top 10, it says what are the most impacted vulnerabilities in any web application. We talk about initially it was injection which was mostly uh impacting any web application. Now it is at number three. Now the most impacted one is broken access control. Cryptographic failures is number two. Insecure design is number four and so on. I guess you people have done it in uh enterprise the first module that you had covered with the other trainer. I guess it was part of that module. Not sure. So our next topic is what's secure software requirements. When we talk about uh core security requirements, what are the core security requirements with which your training started? What are those three requirements which should be there in any case? What are those trials? So the core software requirements are CIA. Exactly. It says confidentiality, integrity, availability. So, uh everything in cyber security or information security revolves around these core values. for confidentiality. Uh okay. Apart from these three, there are three extra uh add-ons which says authentication. We call it AAA authentication, accounting and authorization. When you talk about confidentiality that means any sensitive data should be protected at any cost. So sensitive data should be protected. How we protected? By using some encryption mechanisms. We mask passwords, other sensitive information. We we mask it. We do not store passwords or sensitive keys in clear text. we have key pass or something like those type of tools where we uh save sensitive data like passwords. We use TLS to protect against attacks just we had a short discussion about TLS 1.2 and 1.3 they are just the security measures. We do not store any sensitive information in log files because it's easily visible. The logs are very easily accessible. When we talk about integrity, integrity says okay as a person when we talk of in lame language integrity is your actions should match your words. That's that's how you say how integral a person is in cyber security. That means any data any data that was actually intended to be sent any data that was actually intended to be sent from client side to the server side should be intact. free of errors and send as it is. So if my client had to send ABC that do in caps, the receiver should receive ABC that do in same format in caps and not uh some other content which is unrelated XYZ or something like that. should not be. So in other words, all user inputs must be validated for malicious or disallowed content before processing. All published software should provide a computed digital signature to validate its correctness and completeness. So let's add that requirement here. Digital signatures. So digital signatures are tested to check if the content to be delivered is integral and it is not uh it is not amended on the way. When we talk about availability, availability says it should be available 24 + 7. So the software must meet all the requirements of the SLA of 59. that means should be available at 99.999% of the time. These are the SLAs that most companies uh adhere to. If I'm providing a service to any other company, so I would say that my service availability would be up with a 0.001% 001% downtime. So that's the availability that I'm ensuring to my client. The software must be able to support up to 300 users at any point and point of time. It should not be the case as the load increases my application is crumbling. So availability is availability also defies that application do not crumbles under the load. What else should be under availability? What do you think should be under the availability? One is restoration as early as possible. If it is a P1 or high priority issue, the restoration should be within one hour of the disruption. The last point is no adulteration, no modification allowed during transition. That is true. Disaster recovery, how do you do it? How how is disaster recovery done? You are very near to it. But backups, what's the other name? Uh okay backups is uh if you are getting impacted or you have some backup what during the attack snapshots okay a little far away but all right one word run more than multiple site what is the one word for it failover soi has answered it we call it either failover or redundancy See? Yes. Uh that's that's that only network guy will understand. Badri. Yes. High availability. That's uh failover or redundancy would be the uh main cause. Say if I'm having two routers, one of them fails, I still have the other router of some other company working for me. So that ensures the availability of services in case BT goes down is still working. Tata goes down BT is still working. So that's where redundancy comes into place. Moving forward authentication. All right. What do you understand by authentication? It says only authorized persons would be allowed. Uh I have some endpoint security for my company. If I want uh some third party to use it only those some other person from other company to use it for any reason. It should be my responsibility and only that person who it is who who it belongs to the credentials for which the credentials are created only he is allowed to use it again using MFA multiffactor authentication. So that provides the authentication part. For external users, I'm talking about MFA. For internal users, it could be single sign on because we know that they are using the company's domain. If I'm using at the rate simply.com, I am able to use engage X and learning learns simply learn both with single sign on authorization says all right you have to be very very clear the difference between what is the authentication and authorization. Talking about authorization, uh only users with admin roles will have permissions to execute operations. So authorization means the level of access you are having. Authentication means if you are allowed to do it. Authenticated users will have read and write permissions and regular users because they are allowed. Authorized would be having the maximum scope of access. If we talk about accounting, so I saw someone talking about non-repudiation that comes under accounting part. Why? I made a change uh in some server or some route in routers or some firewall uh rule. I made a change and then I'm denying it. I haven't done it. So accounting says we will simply check the logs. It will show the username of the person who has made the changes and thus supporting non reputation. I cannot deny that I have not done it because logs are showing it. So accounting is nothing but logs. And what does log show? It shows identity. What action you have taken on which objective you have taken the action. What is the time stamp? Next part we will be discussing about general security requirements. So the general requ security requirements are session management. We don't want our session to be hijacked nor we want it to get compromised in between we are doing our work errors and exception management config parameters management So when we talk about session management, so session management says AAA protocols summary on AAA protocols. Sure. So you have AAA. This one is good. Best is Wikipedia. I was at session management. When we talk about session management requirements, it says each user activity must be uniquely tracked. So if I am doing something, I'm being tracked what I'm doing in what application. So if I'm using uh identity access management, then again it is tracked what I'm doing in there. If I'm using PAM which is privilege access management, what I'm doing there is being tracked. The user should not be needed to provide their credentials once authenticated. So if and once authenticated, it would be very irritating if there if uh it's asking for credentials again and again. User session must be explicitly invalidated when user logs off or closes closes the browser. So if I talk about uh when you use your mobile applications or uh web app for banking requirements even if you click on the back button or refresh button by mistake you have to relog again and again. So that's a best of session management thing I have seen where you have to relog in again if you want to take any action which reloads the page. So that's a security thing which safeguards you from any MIDM man-in-the-middle attack. Session identifiers used to identify session must not be easily guessable not been clear text. So whatever cookies that are being sent from your system, they should not be in clear text. No one no one if someone is using man-in-the-middle tools like Burpuite, they should not be able to see what data you are uh you are transacting with your banking website in clear text. Error and exception management. Uh so all the exception must be explicitly handled using blocks. Error messages displayed to the end user will reveal only the needed information. Security exception must be audited and monitored. Uh why we are doing error and exception management? when we will be talking about the SQL injection attacks uh we will talking about from where we will know uh that the back end is an SQL server. So the error that we are we would be getting it would be showing that all right uh SQL syntax error nothing found in the DB something of that so something of that sort you'll be getting so that shows me that okay first thing that it's an SQL syntax error that means the database is SQL all my attacks now would be SQL based there are certain in payloads uh which use SQL attacks uh injection attacks, boolean algebra and all. We will be uh learning about it in our main course. So that provides me a hint that SQL is running in the background. So I will just move to as a blue teamer, as a defense teamer, I will move to the programmer or developer and ask him to not show this exception or this error that we have SQL running in the background. So attemp SQL injection right away. So I will ask him to remove that error by any means. It should not be visible on the UI. So that's how error and exception management is done. When we talk about config parameters management, the configuration file or web application such as database connections, they should be encrypted to prevent unauthorized disc. So sometimes uh some files the config files for web apps are open in plain text rather than encrypted or even some passwords are hardcoded in this software code that it cannot uh this this was one of the recent example I uh came forward while doing source code evaluation that username password was hardcoded in the code itself. So that uh any attacker would have this as a cherry on the cake that just open the source code you have your username password there only just use them login into the system and do whatever you want. All initialization and disposal of global variables should be carefully monitored. So wherever you are declaring global variables in the code, you should be very carefully declare those because those could be called from anywhere in the code. Operational security requirements. So operational security requirements most critical flaw that can impact any business or brand must be addressed immediately whenever. Okay. What is the environment in which uh we test the web apps before deploying them on prod? What is that environment called? UAT testing environment or simulated environment, staging environment, sandbox. Yeah. Uh correct sandbox. So any flaw that can impact the business and the brand must be addressed immediately after thoroughly testing in simulated or testing environment. All security incidents must be handled following an incident management process. Root cause of the incident must be identified. I'm not sure how many of you have worked on root cause analysis. So if there is any incident uh either in cyber security or networks or whatever domain generally the stakeholders demand for RCA root cause analysis. So that includes every step from the very start to the very end how it was discovered what steps were taken how it got missed what are the improvement plans. So these things are a part of operational security. Operational security. So what are the requirements in deployment environment? We have uh talked about the testing environment or UAT or sandbox. What are the requirements in deployment environment? First of all, in deployment environment, I will check if software is deployed on internet, externet or internet. Internet is which can be accessed from anywhere. Internet is your company's network inside your company's internet. Extranet is governed by the firewall. Determine if the software will be hosted in DMZ. What is DMZ? If the software is hosted in DMZ and which ports are available, which ports are open or available DMZ is nothing but demilitarized zone. very important deized very important word and when you are part of infra team you must know what is DMZ. So talking about DMZ just to check if we are having any questions demilitarized zone. Yes. But what it is say all right say this is the internet. This is the internet flowing to your company. Here it's a firewall. All right. Let it be a router first. It's a router then a connection to firewall although I guess DMZ was also uh discussed should have been discussed in the infrastructure part but again I'll share it with you what DMZ is because it is an important term. So, anything between the internet which is your ISP, anything between this ISP and your internet or your local net is DMZ or demilitarized zone. It do contains router to router connection. This router is from your ISP. This router is from your company. So this entire region in between these is called this entire region is DMC between this router which is of Bhartier or Tata or BT and this router which belongs to simply learn say this is firewall or switch and it further connects to the systems side it is separated from rest of the infra or it it is not I I won't say separated but it is a shared zone it is a shared zone between you and ISP so anything happening here would be decided by ISP and uh your company that who would be responsible for it. So this entire zone is DMZ zone which is mutually shared between it's just like the zero zone between any two company any two countries border this border lies with country A this border lies with country B this zone in between is DMZ demilitarized if that helps giving an example example that displays between your uh your network and the internet the space in between is DM0. So if you are hosting any software back to our point if you are hosting any software in DMZ if you are hosting any software in this space then again uh this is one of the risky uh things to do. So if it is here you should have this internet uh this subnet whatever subnet is this you have to keep it under scan. So you can use Nessa scan or work scan to keep checking about any uh vulnerabilities that could impact that software here in DMZ. Which privileges that will be allowed in production environment very important? What privileges are allowed? Generally privileges uh the admin or root privileges are provided only to the very important VIP of that project and not to all. We have to determine if sensitive data is floating or determine if the software will use a load balancer and or a cluster architecture. So if we are using any load balancer these all questions should come into our mind when we are talking about the operational security in development environment. So uh we still have 7 minutes for this class. I will be asking few questions to all of you. Try kindly try to answer them. Tomorrow we will be starting uh from a topic called antipiriracy requirements archiving and antipiriracy requirements. The website I'm using is way back machine. in way back machine talked about Uber. I searched how Uber used to look from the very start. I searched its browser history. It showed me every Uber website, Uber Geek, Uber Humor. But I was concerned about Uber caps which is here, Uber.com. It says that it has more than three lakh captures from 1998 to 2016. So I'm interesting to see it. When I click on 1998, December 12, 1998, this is how it looked like just like any normal uh startup taxi service, clients, services, press. Uh mind it, it is just a snapshot. It won't be interactive. If you click over it, it won't interact. When I clicked on March 2014, this is how it showed me that login, sign up, get it done, sign up for Uber, reliable feedback matters. And after that if I want to see in 2019. So this is how it looked like in 2019. And we know that now it was working on spa after 2016 and 17. You click on ride, you click on fried, you click on transit. It will work in that element without uh reloading all the pages. So this is how it looked like. Similarly, if you want to look in current state, say last year July June 23, Uber looked like this. It's still loading. Since it's fetching it from archive, the loading speed is slow. So this is what it shows you. Currently not only Uber you can have any website have it any website say want to see facebook.com or google.com any website that you want to see. So since it's working in archives, loading speed is slow. Now you see it's showing you Facebook. This is how it shows in 2024. How it was back in time in 2006. In 2006, this is how Facebook looked like. email and password one on left side corner. Now what is the main use of wayback machine? uh although it is a part of the data collection of any uh target but uh just to let you know sometimes uh during uh the upgradation of any website or any portal say if you are uh targeting any company uh I'm not talking about Facebook or uh Uber just an example uh sometimes when you see the old captures of any target say even I'll take an example of simply learn even though simply learn never existed that time but yes uh sometimes in initial uploads initial snapshots you would find any email address of uh of any ex employee of the CEO or some important figure so that email address could be used to move inside that company. I can use that email address to start my fishing attack to provide any payload inside the company. So that's why way back machine is used and what it shows now you know what it shows it shows the older and the newer versions of any website. Talking about the extensions that I asked you to download yesterday. How to download them? Simply use Sodan extension download and you'll be able to download it for Chrome, for Firefox, whatever you are using. Similarly for vapalizer simp go here download it so that's how you will be downloading the extensions loopholes unintentional yes uh if you have shared any number which I can use that is it safe to download on office laptop I guess uh no one would question it because it is not you are not attacking anything you are just getting the information say uh I'm using it on my office laptop only but I do have some other extensions also uh I have grammarly not unsafe web not unsafe web provides you an idea which uh which link is safe to use and which is which might be uh fishy So if you're having these kind of extensions, I don't think any uh company would have any issue with it because it's not used for attacking anything but just to get knowledge of the page you are visiting. You would be questioned when you try scanning any uh any company any website or any target then you'll come into action because that would be visible in their infrastructure. Someone is trying to do that. I'm very impressed that people are coming outside their comfort zone, outside their main domain and uh trying to learn about the security things that that was very impressive of this batch. Uh back to the topic that we were doing. So we had to discuss archiving requirements and antipiriracy requirements. When I talk about archiving requirements, archiving requirements says uh if we want to archive something any data if we want to archive does it comply with regulatory uh requirement or organizational policy can I archive anything and everything. So first is has to be in accordance with organizational policies. Next is the parameters. It should define uh the location, duration, format. uh generally as a cyber security engineer I recommend my office or my team to archive the data for 3 to 5 years only because anything after five years at the team level is irrelevant. It might be relevant at the upper uh stakeholders level but at the base workers level anything more than 3 to 5 years is obsolete. It cannot be used. So when we talk about archiving requirements, we will firstly think of the data or information that needs to be stored. So our scope is fixed. After that we will determine the storage space needed for it. What else? Uh if the data is transactional that is remote and online or will it be offline storage that means data at uh rest or motion or online and offline data. We will be categorizing it on these basis. If you want to store data, you want to archive data, what would what would be the best way to do it? Would it will it be good to store it as readrite or will it be good to store it as read only? Archives are always read only because if it is readrite, anyone can distort the actual data. So third one is ensure the data is not rewritable. That means it should be only read only. So one mistake that companies generally do they ignore the speed of retrieval. So when you are archiving data you should keep in mind uh how fast you can retrieve the data. It it won't be a good idea that you are backing up data you are archiving data but you have to uh it takes years to get it back months to get it back then it is of no use. So speed of retrieval is another thing that should be in your mind uh while thinking about archiving requirements. What else? What what else? The one point which I shared earlier is duration. Duration to store 3 years, 5 years depending upon what your company finds good. What else? any regulatory requirement that is required to store that data. Generally any data which talks about finance or stocks or something like that those are under regulatory requirements otherwise it it might simply be used for insiding trading uh which is illegal. So the data that has to be archived has to be under regulatory requirements. And last but not the least determine the format. You want to store it as CSV, you want to store it as PDF, you want to store it as Excel sheets only. Talking about antipiriracy requirements. So we all know what is piracy. Uh creating a clone or duplicate from a legitimate copy that comes under piracy. It's done for movies, videos, games. So how to uh not will it wrap off piracy digitally sign it? Digitally signed a software. So if you digitally sign a software there are very less chances that it could be tampered or reverse engineering could work on it. increase the complexity of source code. So if you increase the complexity of source code that would if you increase the complexity of source code that would make it difficult for uh anyone who wants to uh clone it because he knows he don't knows uh which how many microservices are running inside it. uh which micros service is talking about which unit. What else? If anyone of you have any uh anyways used piracy did piracy, you know that there's the license key. If if anyone had ever used pirated operating system, you know that license keys are either hardcoded inside that license file or you find it over the internet. So next part is do not hardcode the license keys. When you hardcode it, it's easy to use those those license keys to make it look like original. implement a dynamic license verification checks. Why dynamic checks? Because if uh someone is using license key of some other product on his example would be operating system only. Then if dynamic checks are there and we see uh license key missing for actual product being used on pirated product then uh the pirated product would face a blackout. So last would be dynamic license verification check process. Okay. Dynamic license verification check process says uh how to check if the actual license key is being used somewhere. Say if you are just checking it once passively uh once a year or once just when it was launched you checked it once that okay license key is at right place doing good. Dynamic says you have to keep repeating that check process after every random number of months days so that you got to know that yes license is being used on the actual or legitimate software and it is not misused somewhere else. So that that what's dynamic checks. After that we have sequencing and time requirements. When you talk about sequencing and time requirement, sequencing means uh there shouldn't be any reason uh in the loop uh in the code that it results in a loop. Uh sometimes there are infinite loops that can occur due to programming or logic errors. So if there's a loop preventing the program from reach reach its exit condition. For example, sometimes your system is not having any physical issue but you start it, it shows you your uh manufacturer. Say if it is HP, it shows you HP, reboots again, starts again, shows HP, reboots again, starts again, shows HP. So these kind of infinite loops from where you cannot uh get out just by restarting the systems. It utilizes your resources like CPU and memory uh which may cause system crashes or performance problems. Sometimes it's it's your operating system as a software which is the culprit. Sometimes it is something that you have downloaded. Say uh you were using some application which was having some issues which is interacting with the operating system and a loop is created. These kind of things impact the resource utilization and these loops have to be killed. Now uh if I talk about Python as a language, it has a while. Uh okay, how would a Python show any loop? any statement if it is true while true it will show say I said if it if the statement is true print this is an infinite loop now this could be anything which I say if it is true then infinite loop will start. So these kind of things in a code can invite these kind of disrupting things which could lead to your system crashes. So how to avoid these? We talk about need for data classification. When data is classified, it enhances the triad. The triad is nothing but CIA focuses on pro proper control and implementation. If you have proper control and implementation, these things would be under check. Sequencing would be under check. Hit standardize the requirements. So how to ensure this that these things are taken care of? How to make sure that these are taken care of? Uh if I don't want anyone to touch my code or to include anything like this in my code which is uh which I have authored. What I will do? I will talk about techniques like anti-tempering, anti- reversing, anti-tempering, anti-reversing and code signing. If any could if anyone could answer offuscation. What is offuscation? What is a code ofation? So when we talk about code of fusation uh in the similar way that you answered it's just making it making our code hard to read uh or hard to manipulate. So if you make your code complex or hard to read to secure yes to avoid tempering or to secure it from uh any attacker it's called code offiscation even if it get leaked or attacked by attacker since it is offiscated. No uh encryption in a lame language is password protection. So we are not uh provide it providing it password protection yet. We are just making it complex to read. So securing from attacker it is a type of security. Yes, type of security. But how we are providing that security? We are just making the code more complex or unreadable for anyone else. Means only I know which microser is running where how to call which function in which place making it more complex that only I know how it is executed. Yes. Yes. That's that's the exact in English meaning of what we are studying but same in in similar way offcation means making it hard for anyone to guess your password. So generally for corporates password of firstation means it's it should be we have the GRC people here they know what password of first question is it it is making it 18 digits it uh it should be 16 to 18 digits it should contain capitals special characters smalls yes making it mix of all of these correct so let me show you uh How you offiscate any code? Use of paraphrase with special characters. Yes, you can use paraphrase. A paraphrase is nothing that password only with special characters. Numeric. Let me show you one example. How can we obiscate any code? Say I want I have something written in JavaScript but I want to offiscate it. Do we have any tool? The answer is yes we do have it. How we can do it? Let's see obfuscator wiscator. So this tool is for Okay. So this is just an example. Uh this is a code uh which says hello world. The basic code that we all always talk about or we started our coding with these kind of codes. If I ask it to offiscate this. So now do you know what was written inside it? So this is how the quotes get offuscated. You just know that it's some function is starting and here it's a semicolon. Rest you don't know it's showing hello world somewhere here distorted. So this was my example. If you want to have any other code just try it. offiscate it. You will see the output here. So you want to you don't want to copy paste just upload your file offiscate it share it to anyone you want ask them to uh to recode it and it will show the entire actual code. So this one is a good tool for code offiscation. You can choose your options according to you. You want to change it to something other mangled dictionary. So it will do that. So now it's just in dictionary errors because I changed it here. change it to something other mangled. So it is mangled. It will now offiscate in mangled manner. So any way you like you will be able to generate any application server security or network security incident handling related policy from this page. talking about anti-reversing techniques. So as the name says can you show one more example uh example of code or on office skater? Sure. uh just have any sample code. You can get any code from GitLab but say any sample code in Python. Python program to convert Celsius to Fahrenheit. Okay. So we have this code with us. Let's have so this is the code using office skater. Okay, this is JavaScript code. So I will check for any JavaScript sample code in JS. JavaScript example to swap two variables. So we have some code for swap swapping two variables. I'm taking the commands along. So comments are included using office skater. Simply pasting it here. It could be my original code or something from stack overflow. Offiscate it. This is the output that it is generating. You see you cannot understand what it is. So this is another example. So these are J JavaScript example. Similarly you can find Python and other code examples. All right. Your query was that what is the requirement of doing it? Why are we uh offiscating the code in the very first place? So we are doing offuscation uh to make it confidential between if I don't want my code to be read by anyone else I want to be read only by Anubhub I would share it even if I share it in group chat like this one it would be in offiscated form no one would know what it is written but you know that I would communicate it with you that it's offiscated just use any ND offers skater and retrieve the actual code back. So that's where it is being used. Perfect. The offer skater itself is using uh encoding. It's encoding into whatever you are asking it to encode in. So if you see here, what is this? It is nothing just want to encode it in hexa decimal. it will encode it in eximal. If I want to encode it in some dictionary thing, it will encode it in dictionary dictionary thing. All right. So talking about anti-reversing techniques as the name says perfect uh anti-reversing techniques as the name says reversing techniques that means somewhere it's talking about reverse engineering. Now what is reverse engineering? Reverse engineering is the process of analyzing software to understand how it works towards gaining knowledge to duplicate or enhance the software. When we talk about anti-reversing for that firstly we need to know what is reverse engineering. Reverse engineering is a term which you will very casually uh listen while working in cyber security field. What does it mean? It's nothing but how you analyze the software. Software is already built. It is already there functioning well. You analyze the software to understand how it works, gaining knowledge to duplicate or enhance it. So if there are clones of say if you go on uh if you clone some software say if there's swiggy we also have Zmetto we also have other examples like easy sure which are relatively newer. So if you see they are pretty much alike. These softwares are pretty much alike. They work on similar model. They work of similar base. Similar examples are Ola Uber in drive blue caps. If you see all of these have similar UI structure even Rapido these these they are one point they are competitors another point they have similar applications. They know that they have understood the customer requirement the customer psyche even if it was started by one here it's Uber here it's either Swiggy or Zumato don't know which one started it uh but once the code was there one programming one programmer or the entire team put in efforts the code was out cloned made it for any other term any other uh company. So even if you search for any of these codes as a programmer you might find them online the earlier versions or offiscusated versions but that would be enough for you to clone it. So this is nothing but reverse engineering. You are trying to make it from something that is already there. Generally programmers what what do programmers do for any application? They have have an idea from GitLab or Stack Overflow. The codes are already there. They have it from there. customize it according to our requirement and then that's where reverse engineering is used. So me as a person working in Swiggy or Zomemetto or Uber I won't I won't feel good if my code is reversed or if reverse engineering is being done on those codes for without giving me any monetary benefit another companies made using those codes. So that's where anti-reversing comes into play. That's where reverse engineers are are stopped making these uh things because that's again is illegal because the copyright thing is already with the original author of that code. So what do you think is the best defense against this reverse engineering things? What have we studied? It's called copy paste. Okay. In layman it's called copy paste right you copy paste and then you customize it according to your wish. Okay says what is stack overflow. Stack overflow. It gives you an idea of uh codes means I have heard that programmers use tack overflow to get an idea of codes they are trying to develop. Uh in other words, we call it inspiration. We got inspired from that code. That's why we are making it better in our own infra. So code ofation is required if we copy paste code off ofation is required to stop that copy paste thing. So this is the answer of my question. My question was what is the best defense technique against reverse engineering? So answer is offiscate the code. you of us get it no one would would know what it is written there. So reverse engineering would be a bit harder. Okay. I remember a a question was there from someone uh that if everyone knows that the code is offiscated and how to deoffiscate it what is the benefit of it? If I'm sharing the offiscated code, I will not let you know that it is a code. Why would I let you know that it is a code? That's the uh that's the gist of sharing that with you. So only that only the actuality would be shared with anyone I would like to share my code with. For rest of all it is just crap which we do not understand what it is written just a random pair of strings while the one say if I want or bad to know that it is actually a code so I would let them know that just deoffiscated it it's uh offiscated in hexa or binary deoffiscated and they will get the code even If I'm sharing it in public, how would that be offiscated using deoffiscated using the same you will just upload the file here where it's written off kit just use it and if I have already shared that it's in hexa use hexa and it will show you the exact Otherwise there's uh decoder and burpuite. Once we will be doing burpuite I will show you there also how uh these kind of encoded things you can decode. So we have multiple ways of doing it. One of this is using offiscator offiscator. The other one is using encoder decoder which is again a part of burpuite. Those who are already working in cyber security field uh they know what burpuite is and how it's working. We will we will know it with the course of time while we complete this course. Hope uh the pace of the class is good today. I got feedback that it was fast yesterday but I tried to make it little lighter today. So in anti-tempering we were having anti-reversing in anti-tempering we were having anti-reversing code signing and offiscation. office question you know anti-reversing you know what is code signing anyone want to attempt code signing what is code signing the name says it all so code signing perfect uh sign on code simple right copyright exactly So code signing is the process of digitally signing the code. For example, if it is having some executables or scripts, I will have some private key of the code author. Code signing assures that au authenticity of published code besides proving integrity and anti-tempering protection. Uh uh example of it is how to show that you are the author. Yes. Yes. Hashing is part of it. Uh signing on code that those things the private and uh what digital signing is that would be covered under cryptography. after after this office things and all. There's a there's an application called Grabify only if my company allows it to run. Why is not running? How it is done? Code signing talks about uh as as we saw an answer from Arpan, it talks about the sharing of keys. So there are a combination of keys that are shared. So once you digitally signed uh the code, you are its author. The private key remains with you. only you would be able to execute that code even if you share it with others. It would be only read only and it it won't be executed unless and otherwise you share your private key which would be uh checked with the public key and executed. So how that is done we all will so cryptography will talk all about hashing MD5 hashing SHA 256 all those things we'll be covering there depends uh because there are different algorithms you can use variety of them uh DH key exchange uh I believe is what earlier uh coders used now they preferably use hash algorithm for 25 256 yes uh sa 256 is used correctly so I was talking about grabify just want to show you if it runs Yeah. Okay. I believe this is uh the URL which is not responsive on any URL connection time out. So since we are talking about uh cyber security uh and you people want to have a little hands-on let me show you something uh for hacking since hacking module is far away just an overview there's a thing called GHDB or Google hacking database so in when we talk about Google hacking database is we have variety of things there present online you can see vulnerable servers here you can see index of confidential files with juicy information again vulnerable servers are there what fil uh you can get filtered things. Uh web server error message foothold. Let's see various online devices. it would show any online device. So using one of these exploits, this is what we got. So this is some camera which is a live recording camera of Le McCrae College. I'm not sure where it is, but with the time it shows 8:55 a.m. 3rd March 8:55 a.m. That most possibly is US or Canada. You can stop sometimes. Uh you even get the controls of the camera. You can rotate it in left or right. So now you have you can see somewhere in the world using Google hacking database. This is one of the use one of the many uses. It provided you a hold of an online device. So you now as an attacker can have. So all of this is for education purposes. Kindly do not misuse anything. Try to o go overboard in things till you get more about it. You know more about it. So this is uh what I wanted to show you just to uh keep your interest intact in the topics. We'll be starting with the new topics. Next we are going to start next topic would be >> so this would be software security. Now we will be talking more about software security. So I was trying to show you what Google is capable of doing other than searching for our queries. So when you talk about Google hacking database, it shows you all the exploits uh which are available. I will just reset the filters because it's showing filtered content. So it shows you vulnerable servers, files containing juicy information, but these are of no use for me currently since I just want to show you what Google Hacking Database is capable of doing. So to show you that part, I will just filter it with any online machine. I will filter it for any online machine. So it's showing me the different online machines. There's brother printer, Xerox printer, laser jet printer. Even in these I will just want to see cameras. So not using much. I will just open first few exploits. One is from Shilpa, one is from Estakur, one is from Yesh. Now you click on these URLs. So this is someone using this URL for something else. No IP camera. I'm not a robot. here. It's requesting you for login credentials. If you want to brute force it, try uh generally available default username passwords. But that would involve. Okay. It says root password might be password. Okay. I don't want his camera to be logged. So we have other cameras also. So now you have got control of some camera in some IC area snowy area with controls here you can move it right. Okay it is requiring assignments. So for controls you would require sign in. Similarly here's another camera in bushes. Do you have admins? No, we don't have adins. So this is one of the thing that you can do using uh okay when you talk about to browser uh you think when you are visiting the dark web you are safe uh when when when you enter to browser your IP is broadcasted. So when you try that uh when you think that you would be trying to attack someone meanwhile you see that your Gmail is misbehaving. So this is my personal experience. I tried using to that was the first and last time. Uh you you will see something fishy at your end after you try using to browser. Yes, I'm talking about tor browser only. Uh how to use the DB as a hacker. We will see it. This is just this is just uh this is just a trailer. These sites record our login also. Uh no, these are just the cameras which they forgot to encrypt, forgot to provide encryption. So even if I provide you the IP address of my home camera, you won't be able to log in. Uh that's true witesh. Uh we need to be very careful in terms of handling. That's why I keep reminding that it's only for education purposes. No one would try exploiting anything. What about deep web? Deep web is nothing just uh one way to reach deep is store browser which is also called onion browser. uh I won't recommend you to download it or to move around tour uh because very professional hackers are already using those things there. So you won't even know where you get a victim while you surf deep web. All right. So any more questions? We are heading to our next topic. software security. So as the name says as the name says software security software we already know what software is how uh they are used why they are used uh they are just firmwares that we use for our day-to-day work. What we will be learning software security. We will be talking about what are broken access controls and their related vulnerabilities. We will explain cryptographic failures. We will classify various applications issues using we will talk about what are CVEes, what are CWEs. This these are nothing but common vulnerabilities. How are they named? What is their nomenclature? And we will discuss some real world scenarios. So a bit more interesting topic than what we were doing earlier. Here we would be talking about OASP top 10 sans 25 in better detail. I will remove all these tabs. Uh let's see what A wasp top 10 says. So it is nothing just a standard that we people use and it is a globally recognized standard. Globally recognized standard used for making websites secure. Just to let you know uh even though it is not part of your curriculum but I will let you know that OASP top 10 is not just for web applications but even for mobile applications. So covering because we are talking about softwares, web applications. So this is what we'll be working. We do have similar things for mobile also. So if anyone of you is more having more interest in mobile security, mobile app security then this is what you can refer to and for web. So one point that we talks about major vulnerabilities globally in how many years these are refreshed. So the answer was in front of you only when I opened that link talking more about web applications but for mobile I'll just share you the link that these are the top 10 for mobile let me share the latest one we have a a top 10 for CICD also yes we do So even when we talk about top 10 2013. So these were the top 10 in 2013 which talked about injection, broken authentication, session management, cross-ite scripting, insecure des serialization. These were the things that were impacting corporates in 2013 with injection at the top. broken authentication and session management and other things following it. When we talk about 2017 injection is still on the top broken authentication is at second while other in 2021 broken access control is at number one. Now what all these uh loopholes are, what these vulnerabilities are and how it impacts our working in cyber security. We will be discussing it in the session that's that we are going to complete. Since we are talking about a WASP 2021 2021 would start with broken access control, cryptographic failures, cryptographic failures, Injection insecure design security misconfig vulnerable and outdated components. identification and authentication failures. You'll be uh knowing it knowing them one by one. Software and data integrity failures. Security logging and monitoring and SSRF. Before I move into explaining all this, the place from where you will get the best ideas of for of everything which is port swigger. So if you write any issue say CSRF is one of the issues I will just say CSRF port swinger this tutorial would be providing me enough detail of everything and anything related to the issue. Uh this is just to let you know if in case uh you are trapped somewhere. So that's where you can simply use portiger to your defense. So back to where we were broken access control. When we talk about broken access control as the name says that the access control is broken somewhere. So unauthorized access to system functionality that resources uh and resources that creates exploitable weakness. So when there's some unauthorized access to the system and it could impact that systems functionality entirely that's where broken access control we say it is there. So what is example of it? uh I don't want anyone to log into uh a website but again someone who is very uh skillful he checked out some loophole and was able to access it. Uh we'll see how we do it. Uh there are certain vulnerable websites available on the internet which we will be using to see how we can uh take advantage of loopholes and do this broken access control thing. If I'm logged in with an ID of herprit say uh this engage.simplearn.com simply.com although this is some zoom meeting but yes if uh you say that I'm logged in into my account currently is it a way that I change here something and I'm able to login into any one of yours account so any these if I'm able to do that that means the access control is broken broken somewhere Usually it happens if there is user id present in the URL. So we try to change those ids with some other user ids. If you are able to login with that user not this URL but if some URL is having an ID which belongs to her priit say this is some ID which belongs to her pri you change it use someone else say Chiranjit's ID I know that Chiranjit's user ID is XYZ whatever it is I placed that ID here pressed enter and now this same page which says that the logged in user is not her pri but Chiranjit. So these kind of things we can do using broken access control. We will see how we do it. Uh but before doing the practical part, we will be understanding how uh these we will understand the theoret theory part first before we move into uh doing the attacks understanding what it's done, how it is done. When we talk about access control vulnerabilities, what are the most common things uh that we keep in mind? So I'm talking about access control things. When I talk about access control vulnerabilities, the example that I just shared, if I'm allowing the primary key to be changed, to another user's account. In this example, it was Harper Priit and Chiranjit, but you can use anyone's ID to get access to that user's account. And how it was done? I used bypassing the access control checks by using what did I modify by modifying the what did I modify here in this example? UID where did I modify it? Where was this modified in link and link is called as Rishi said Akib said modifying the URL. So I modified the URL and I was able to bypass the control the access control. What else does it mean? Say uh if I'm changing this account uh I'm using Sishi's account and Sishi is having admin access. I'm just a normal user and Sishi is having admin access. So, does this mean that I'm able to elevate my privilege? Simply changing the ids in the URL, I would be able to elevate the privilege because now I'm the admin. So there's one application available uh which is a vulnerable application. I'll side by side I'll try to exploit that also. It is called a wasp juice shop. So here we have this application. It includes certain challenges. We will do it one by one. Uh although this is bonus than what you you are provided from simply learn, we will be doing those labs also side by side. All right. So when I talk about this account thing I want to log in, it says all right uh just provide your email password. Okay. I'll first say that I'm not a customer yet. Let's see if I find any fault here. then we will move forward trying to register. So herpri the rate ymail.com ymail is disposable email and some password say my password is herprit h capital h a herprit 1 2 3 all right I repeat the password h a rit 1 2 three. It says password matches. Now I remove 1 2 3. Password doesn't match. Perfect. And if I remove 1 2 3 from here. So I have removed it from here. Now you see that there's misisconfiguration. So even though I have changed my password, it still says that both are matching and we can move ahead. So let's move forward. It will take my password even though it's eight digits and it is 11 digits. So one of the AASP top 10 which says misisconfiguration. So you are seeing misisconfiguration here that even though the condition is not met okay let's see will will it allow me to register registration completed completed successfully you can now login all right registration is successful you can now login now problem for me is I don't know which password will it take so let's See her breathe 1 2 3. It says no. Removing 1 2 3. So you see that the confirmed password was not taken but the one which I supplied earlier was taken as a password just to show you that I'm with the same email address that I shown you. All right. So that was misconfiguration part. Let's see if we could find something else. Let's see for injection. Okay. Trying to login. Generally we have some some developers hardcode the default credentials uh which is either admin admin either admin password all right it it is not taking any of these. It is not taking admin. It is not taking password. Can I try uh some payload? I will try doing SQL injection here. For SQL, those who know what SQL is, the languages, it works on queries. It checks for your query in the backend database that your query is true. It will execute it. If the query returns false, it will not execute that query. So let me see if I'm using boolean algebra. It says either admin or 1 is equal to 1. My password is password. It says it it identifies that it is an object. Okay, I will use hyphens to ignore anything after this and I am inside as an admin. So what is this? This is an injection attack. I'm using SQL injection here. This is how we are doing it. So this one is an injection. Okay, I would be providing you one more example. Uh, what else can we do here? What else can I do here? Customer feedback, complaint, support. Let me log out and I will do something else. Customer feedback anonymous. I hated your apple juice. And when I say this, I hate your apple juice. 621 62 12. Okay. What least rating I can give it? It is one. But the apple juice was not even worth it for one. So can I change it? Control shift I. Can I change that rating? Where is it reflecting Yes. One way is you make changes in the code itself. But I'll show you a more unique way. uh we will be using burp suite for this information to pass through. I'll just be let me use my burp suite. So one uh thing would be to check in inspect element. The other one would be using Burpuite. I'll just turn on the Burpuite and connect from another site. Okay. All right. So, Anubhub wants example from another site. So, since we are not attacking any main site, we are uh using vulnerable websites. So let's let me show you another site as requested. There's a site called test.php which is eunitics. So test.tp is the other side. So here if you try to use any because for injection you would require something to put your payload inside. So you see your payload executes. These kind of executions, these kind of injection attacks are called XSS or crossite scripting attacks. the one that we already saw for the other payload that was SQL injection attack for admin part and this one was XSS or cross-sight scripting. Here we used cross-site scripting we used script. What script did we use and where do we get these kind of scripts? You get these from GitLab. So if I use payloads for XSS, you will get all these list available online on GitHub. Similarly for SQL injection. So just go there and use these for injection attacks. Kindly do not use any kindly do not use any of these on live web applications. I don't want anyone of you to be suffering legally. Never use these on live applications without permission. What codes to use for injection? Uh for injection we are using these payloads that I shared you. Uh you have to check which payload works on which website. So cyber security is a field where you have to invest ample amount of time. So using payloads from these list would require you to invest a lot of time. So these are for excss. Similarly, if you don't want XSS attack, you want SQL injection, you will get that payload list here. So these payload lists are for SQL injection attacks. When you have provided your scope, you have to go through it which payload works over it. And yes that's that's the most time consuming thing which you'll see as a red team. What is payload? Payload is anything uh which you use for the destructive process. So you want your scope to destroy you use payload. So where else we uh use word payload? If you know we use payload in defense system. So payload is whatever is inside the rocket, whatever is inside the missile those things are payloads. So similarly payload means that data portion payload is used in a sense of destruction anything that you use to yes in networking terms it is part of the data payload. Yes, you talk uh in uh header things that payload is there in part of data in headers as Rajiv Ranjan said it is the capacity to carry malicious script query to target location for sure. Okay. So this is a tool called workswuite on which I'll be showing you uh the method that I I was showing you how to disrupt the rating on any website. We were doing that on a wasp juice shop. So BSU is again from port trigger. It has its inbuilt browser. So I'll be opening the browser. Once the browser is opened, I'll restart because it it will open shop only. One feature of burpuid is you can intercept the traffic. That means you control what traffic is going. So here if I say intercept is on that means whatever traffic is going here I'll be able to see that traffic in my proxy. So currently let's Currently I'm turning on off simply moving to the page where I have to give the rating. So we were at customer feedback. I had there say orange juice. So I didn't want to give them even a single rating but I know by board mass the result for this is six. Now when I'm trying to submit this I will intercept I will turn on the intercept. Burp suit works as man in the middle. So you see the entire traffic it is capturing it is it is seeing that as man in the middle. It says okay. You say orange juice is sugary. It's anonymous. All right. Let's change this rating to zero. Here it is not possible. I rated zero. But now let's see. I submit it. Forward this traffic. Thank you for your feedback. The feedback has been taken. So when the feedback has been taken, let's see if that feedback is visible anywhere. So I will turn off the intercept again. So it would be either all right. So someone says I love this. Some says great shop. Nothing useful available here. They all are having one to five ratings. But let's see if our rating is somewhere here. Orange juice was sugary by anonymous and it is showing null rating. So this is how you can change the course of things. Uh which browser how do we connect? All right, I'll just show it again. This is inbuilt browser in Burpswuite. So when you move to proxy, you have this open browser. This will open chromium browser here. So chromium browser is the inbuilt browser for Burpuite. There are two ways in which you can use burpuite. It is either professional, you can buy licensed version or just for practice you can use burpuite uh community version. So some features are available only in licensed version. So you won't you you would have 50% of these in community version. This is on the same juice site. Yes. Uh this was the one that I got interested in. So yes, it's in a juice shop. The same one in which we did that admin part and what else? Now since I'm using burp feet, we still have 10 minutes. Let's see what else we can do using burp feet. Another part. So what else we can use? I forgot to turn on the intercept. Click here. It is showing me something that okay uh uh Harjender Burpuite is not a site. Burpuite is a tool. Burpu is a tool. Uh it's not a site. You can download burpswuite online. Please share the process to download the burpuite. Okay. Simply burp suit. Just download it from here. It will download the community. Guys, sharing the uh processes uh step by step would be uh hard better would be if we we are just revising it through video. That would be impressive, right? What exactly we are trying to do? Uh all right, anyone who could answer this, why are we doing it? Oh, what uh what why are we doing it? What is the agenda? Because we are studying a wasp top 10 and this is we are trying to uh study a was top 10 using these uh just like we did security misconfiguration injection attacks broker access control uh we were able to take over the admin account. So using injection so broker access control all these things that's why we are studying burpuite and deliberately vulnerable application yes it is man-in-the-middle attack yes we are doing MITM and MITM is taking queue of what uh communication is going on between two sender and receiver. So where I was yes I was trying to show you something else. If I send this to repeater repeater is something that repeat things. uh it shows me that okay there is something called FTP legal MD do not take stress this is core things uh because you stressed that you want something practical I'm showing it but yes uh this is something bonus apart from what you you are actually having in your curriculum but I'm always happy to uh share more than uh you expect so from my end uh what I'll do here I will see okay it is talking about FTP it's it's showing me that okay uh FTP protocol is running and we are getting a file legal MD the file on which I clicked I clicked on legal MD here which says check out our boring terms of conditions all right it was legal MD I would send it and see response here. Okay, it is generating some response. What? And response is the legal information. There's a legal file which says I guess it is in some other language. It is talking about something. Okay, here it is in English. No, some other language. All right, no issues. What I'll do and see if we have anything else. uh in MD one file is legal on which uh so when I change this legal thing I remove legal with MD and see if we are having some other files here uh empty files Okay, if I remove even FTP, are we able to get MD something doesn't works? What if FTP is back and MD is removed? We will see any file any file transfer protocol here. Let's see 200. Okay, that means it is successful. All right. If we are having any other file 404 not found, any other file which is using FTP 200. Okay. So you see if I search for MD we have got another file acquisitions.mmd it says 12 matches all right announcement which is an encrypted file MD coupons.mmd legal.md we already have seen let's see if we are able to see acquisitions.mmd because acquisitions.mmd is not visible on their web page. So let's see if it is visible to see what's written in acquisitions.md. So you have find out a confidential document. This document is confidential. Do not distribute. It shows their planned acquisitions. This is the planned acquisitions. We will be doing more practicals but yes uh just to give you a gist of how cyber security works this session was necessary uh so that you know where we are heading to and if this uh sparks interest in you This is what we do in cyber security field. >> The best way to keep your computers and devices safe is to know about the risk. So some risk are easy to cater using strong passwords and don't download from bad websites and don't hand your unlocked device to strangers. But they are also hidden dangers that can cause big problems. Some tools look innocent but can be very dangerous. Here are seven gadgets that look normal but are actually powerful hacking tools. These tools are made for security experts to test system, but they can be misused. So, let's kick things off with a device that's small but incredibly powerful. That is Raspberry Pi. So, Raspberry Pi is a compact and affordable computer that has revolutionized the tech world. Originally designed for educational purposes, it has become a favorite among hobist makers and even professionals. Despite its small size, it boasts impressive capabilities, including multiple USB ports, HDMI output and support for various operating systems like Linux and Windows 10 IoT core. The Raspberry Pi can be used for a wide range of projects from simple programming and gaming to complex IoT systems and home automation. The Raspberry Pi can also be dangerous hacking tool. With the right software, it can be used to perform a variety of hacking task. For example, it can run Kali Linux, a popular operating system for penetration testing. This allows it to be used for network scanning, password cracking, and even setting up rogue access points to intercept data. Its small size makes it easy to hide, and its affordability means it's accessible to many. In the wrong hands, this innocent looking device can become a powerful tool for malicious activities. Now that we have seen the potential of the Raspberry Pi, which by the way is one of the personal favorites for tinkering, let's move on to another seemingly simple but powerful device, the Wi-Fi adapter. So, Wi-Fi adapter might seem like a simple device used to connect to wireless networks, but it can be a potent hacking tool in the wrong hands. These adapters, when paired with the right software, can intercept and monitor wireless communications, making them invaluable for network analysis and penetration testing. For example, they can be used with tools like air crackg to crack Wi-Fi passwords. Hackers can use Wi-Fi adapters to perform attacks such as packet sniffing and man-in-the-middle attacks. These activities can lead to unauthorized access to networks, data theft, and severe security breaches. It's like having a digital spy in your pocket. While essential for legitimate security testing, it's crucial to be aware of the potential misuse and to secure your own wireless networks against such threats. Speaking of Wi-Fi, you won't believe how sneaky this next device is. Let's take a look at a device that takes wireless hacking to a whole new level. The Wi-Fi Pineapple. The Wi-Fi Pineapple looks like a standard router, but it is a sophisticated device used for hacking wireless networks. It allows attackers to create rogue Wi-Fi access points, tricking users into connecting and revealing their login credentials. Imagine connecting to what looks like a free public Wi-Fi only to have your data intercepted. This device is capable of advanced man-in-the-middle attacks, monitoring and recording data from all connected devices. Additionally, the Wi-Fi Pineapple can capture Wi-Fi handshakes, which can then be used to crack network passwords. Its powerful feature makes it a favorite among penetration testers for assessing network security. But in the wrong hands, it can be used for malicious activities, highlighting the importance of robust wireless security. So from Wi-Fi to Bluetooth, which is everyone these days, right? Let's now explore a powerful tool for Bluetooth hacking, the Ubertooth 1. The Ubertooth 1 is an open-source Bluetooth testing tool that appears to be a simple USB dongle. Despite its unassuming appearance, it can monitor and analyze Bluetooth communications, making it a valuable asset for those testing the security of Bluetooth devices. Think of it as a spy for Bluetooth traffic. The Ubertooth 1 can capture Bluetooth packets, perform Bluetooth attacks, and even explore vulnerabilities in Bluetooth networks. Its ability to dissect Bluetooth traffic makes it a powerful tool for both legitimate security research and potential misuse. Understanding its capabilities helps highlight the importance of securing Bluetooth enabled devices against unauthorized access and attacks. Continuing with radio frequency tools, which honestly sounds like something out of a spy movie. So, let's discuss the hack RF1 and its versatile capabilities. So, the hack RF1 is a versatile softwaredefined radio SDR platform that can transmit and receive radio signals from 1 MHz to 6 GHz. It looks like a standard electronic device, but can be used for a wide range of hacking activities. Imagine being able to capture and manipulate signals across a broad spectrum. With the Hack RF1, users can capture and analyze various radio signals, jam frequencies, and even spoof signals to manipulate communication systems. This tool is particularly useful for exploring and testing the security of wireless communication systems. While it serves an essential role in legitimate research and development, the hack RF1 also demonstrates the need for robust security measures to protect against radio frequency based attacks. So now let's look at a tool that takes advantage of a computer's trust in USB devices. And trust me, this one's sneaky, the USB rubber ducky. So the USB rubber ducky is a device that looks like a regular flash drive, but acts like a keyboard typing commands into any computer it's plugged into. Hackers use it to execute pre-programmed scripts that can steal data, install malware, or take control of the target device. It's like a tiny digital ninja. This tool exploits the trust computers have in USB devices, making it a potent weapon for cyber attacks. It's a reminder to be cautious about plugging in unknown USB devices as they could be rubber duckies in disguise, ready to unleash harmful commands and compromise your system security. So, finally we have got a real undercover gadget here. Let's uncover the secret capabilities of the land turtle. The land turtle looks like a typical USB Ethernet adapter, but it's a covered hacking tool used to monitor and infiltrate networks. Don't let its innocent appearance fool you. It provides hackers with several capabilities such as network scanning, DNS spoofing, and data capture. The land turtle can be discreetly plugged into a network, allowing access to gather sensitive information and gain unauthorized access. Its ability to operate undetected makes it particularly dangerous, emphasizing the need for vigilance and robust network security measures to prevent unauthorized devices from connecting to your systems. So there you have it guys. We have explored some of the most powerful and dangerous hacking gadgets out there. These tools can do a lot of damage if they fall into the wrong hands. That's why it's so important to stay informed and vigilant about cyber security. In this video, we are going to learn about the fundamental rules that allow devices to communicate seamlessly across a network. But instead of just listening to technical definition, we will also going to explain everything using a fun and relatable analogy. So guys, if you want to learn more about networking protocols, watch this video till then. Imagine city so technologically advanced where every building, vehicle, devices communicate seamlessly through a vast interconnected network and the backbone of that city is the network protocols which are set of predefined rules ensuring that all the devices regardless of their make or operating system can exchange data smoothly and securely. In this tutorial, we will explore the world of networking protocol, categorize them based on their functionality and also dive deep into how they operate within the OSI model. So moving ahead, first let us understand what is actually a protocol. So guys, protocol is a set of rules and standards that define how data is transmitted and received between devices in a network. It acts as a common language that enables computers, servers and other devices to communicate effectively regardless of their differences in hardware or software architecture. For example, let us say uh imagine you are making a phone call, okay, to a friend all over here as you can see in this diagram and uh you say hello to initiate the communication. Your friend responds by confirming that they can hear you. You speak in a language both of you can understand. You take turns in listening and speaking. When the conversation is over, you say goodbye and end the call. This is the structured way of communicating following a set of unwritten rules. A real world example of a protocols. But if I talk about protocols in networking, they define how data is packaged, transmitted, received and interpreted. They ensure that data is sent in a correct format. The receiving device understand and processes the data correctly. Errors are detected and corrected if needed. Security measures are in place to protect data from unauthorized access. Now let us move ahead and understand about what are different types of networking protocols available. Now we are going to study about types of networking protocols. So network protocols can be broadly divided into three major category. The first one is communication protocols. Uh here these protocols ensure there is a seamless data exchange between devices. If I talk about security, then these protocols ensure that there is a secure communication against cyber threats. And finally, if I talk about management protocols, they monitor and optimize network performance. To understand uh these better, let us explore each one of them one by one. So if I talk about communication protocol, so this protocol governs data transmission and define structure, format and method for exchanging messages between devices. So we have this HTTP protocol or hypertext transfer protocol. So this is a backbone of the internet and it facilitates the web exchange between a server and a browser. So this is uh you know one kind of a protocol. Then you have a TCP protocol which is a transmission control protocol. So it is a connectionoriented protocol where you know protocol is ensured that the data packets are delivered accurately and they are in order. Then we have the internet protocol or IP protocol. These protocols addresses the system of internet routes a packet across the given network. Then we have the UDP. So this is user datagramgram protocol. Uh so it is a fast and connectionless protocol and then you also have this file transfer protocol which enables file sharing between servers using separate connections for controlling and data transfer. And finally you could also see an ICMP which is not mentioned in this diagram. So which is basically internet control message protocol. This protocol acts as a diagnostic tool helping detect network errors and connectivity issues. So let us take a example and try to understand the communication protocol. Now imagine you are sending a parcel from one city to the another or you can also consider sending from one country to the another. Now let us understand how these protocol are going to work. So if I talk about TCP IP that we have discussed earlier, you can consider it as a corer service. You choose a reliable corer company that ensures your package is delivered intact and it is in order. So the cer service which is reliable that is TCP IP protocol working all over here in this scenario. Now if I talk about UDP or user datagramgram protocol you can consider this as a public announcer. So instead of a cer you broadcast a message over the city's public announcement system that everyone hears it but there's a no guarantee also that anyone will respond. Then you could understand FTP protocol as a parcel delivery system. So you use a secure delivery truck to send bulk packages from one place to the another. And if I talk about ICMP so this is kind of a traffic reporter. This protocol is working like that. So this protocol uh service monitors traffic and alerts courier if certain roads are blocked. So in this way these communication protocol are working. These communication protocols also ensure that fast structured and reliable delivery of data is happening in the digital network just like city's postal and transport system. Now let us move ahead and discuss about the security protocols. So if I talk about the network security protocols. So these security protocols protect sensitive data from unauthorized access, cyber attacks and data breaches. Now if I talk about SFTP which is not mentioned here. So you can consider it as a a secure version of FTP. So which basically ensures the secure file transfer. So here it encrypts a file transfer using the public encryption for authentication. Then you have the HTTPS which is hypertext transfer protocol. This is a secure version of HTTP which encrypts data between browsers and the servers. Then you have the SSL also which is a secure socket layer and it ensures that uh all the encrypted communication is happening over the internet preventing any you know uh eavesdropping or any data theft. Now as you can see also here we have the SMTP protocol which is simple mail transfer protocol. It's also a communication protocol. So it is ensuring that it sends email over the internet and also it ensures that emails are properly formatted, routed and delivered to the recipients email server. Uh this protocol works in very simple steps. Uh like first of all when you send a email SMTP performs these steps. First is compose the email. Okay? So you type email in your email client like Gmail or Outlook. Then it connects to a SMTP server when you hit send. So your email client communicates with an SMTP server. Then the routing happens in the email where SMTP server checks the recipient's domain name and contacts their email server and then the email is being delivered. So the recipient's email server receives a message and stores it for retrieval. So these were one of the scenario and you could consider the same analogy for SMTP as a postal system also. Now uh suppose you write a letter all over here and you put it up in envelope. Okay, you drop it up uh at the post office which is basically the SMTP server where it's checked and it is sorted and the postal system finds the recipient's address, mail server and also uh the recipient can pick up and read the letter. Okay, so there are protocols like IMAP which are used to retrieve the emails. So SMTP only sends emails not retrieves them. Okay, retrieval is done by IMAP protocol or POP 3. So this was one of the example. Now let us discuss about SSH protocol. So SSH means it is a secure shell network protocol which is basically used to securely access and control remote computers over an encrypted connection. It is widely used for securing remote logging and file transfers. Now how does SSH works? So it initiates the connection. A user enters a command in the terminal such as uh you can say SSH user remote server then the authentication happens where the user provides a password or uses an SSH key for authentication. Once it is authenticated the user gains secure access to the remote server and then the commands starts executing. The user can run commands, transfer files or manage the system remotely. Uh imagine like uh a bank vault. Okay. So you can think SSH of a secure key card entry uh system for a high security vault okay or in the banking uh in a banks basically where you will be needing credentials, password or key card. Once inside all the communications are private and encrypted. Okay, you can check records, retrieve documents or make updates very much securely and when done you can log out and exit the vault safely. So you can think of SSH providing a secure way to access and manage remote computers just like a bank world system which prevents the unauthorized entry. Now let us move ahead and discuss about our third and final protocol which is basically the network management protocols. Network management refers to the process of monitoring, configuring and maintaining the network devices to ensure a seamless communication is happening and preventing failures. uh it involves fall detection, performance optimization and security enforcements. Now the key network management protocols uh include like SNAP which is simple network management protocol. Uh so this protocol as you can see all over here this is basically used to monitor and manage network devices such as routers, switches or servers. Uh how this protocol works guys? Uh so for example devices have an SNMP agent that collects data for example the CPU usage or bandwidth and the SNMP manager queries the agent to monitor network's health. If an issue occurs then SNMP sends alerts called traps. So this is how it works. So for example you can consider in a large office SNMP alerts IT admins if a router is overloaded something like this. Then we have the DHCP protocol. Very famous protocol. So it stands for dynamic host configuration protocol. Uh it automatically assigns IP addresses to devices in the network. So suppose when a new device connects so it requests an IP address from the DHCP server and the DHCP server assigns the available IP preventing conflicts. Uh this could be example in a Wi-Fi enabled office. Okay. So employed don't need to manually configure IPs. Here DHCP assigns them dynamically. Then we have the ICMP protocol which is internet control message protocol. Uh this protocol is basically used for error reporting and network diagnostics. Uh here ICMP actually sends a control messages like ping request to test the connectivity. So if a network path is down then ICMP informs the sender. For example, if a website isn't loading, then a technician runs pingw.com or any given uh domain to check if the server is reachable or not. Then we have the border gateway protocol. So this is kind of a routing protocol which determines a best path for internet traffic. Internet routers use BGP to exchange routing information mostly and it finds most efficient route to send the data packets. for example uh like in a fiber optic cable under the ocean if it fails then BGP reroutes the traffic via another path. Okay. So you can consider this example as how it is being used. Now we'll uh have a look on POP 3. So POP 3 means post office protocol version 3. Uh basically this uh protocol is one of the protocol that we have discussed earlier that it retrieves email from the remote server. So when the user opens their email clients you know pop 3 downloads the messages to their devices emails are deleted from the server after retrieval. So for example you can consider using a outlook to download emails from Gmail server. Okay so there it is used. Now these protocols are very much important because they ensure network reliability by identifying issues before they cause any failure. optimize the performance by managing the bandwidth and traffic and automate an IP allocation and also it ensures the security. So you could see this is as example of network security protocol how it's working. So suppose this is your office now the data packets are being sent. So here you have the IP header then IP payload. So IP sec is a security protocol. So here you'll uh the IP sec header is added and a secure payload is added and the same is you know data is being transferred this packet is uh to the laptop and it is uh routed via router IPS okay with IPSC protocol all over here to the branch office. So this is how you know you can consider architecture where you know the network security communication is happening. Now this is an example of a network monitoring protocol where there are endpoints. Okay. And um these uh uh you could see you are sending the data about health and performance and it aggregates data from multiple endpoints. The network monitoring tools are present which converts raw data into usable metrics and then the following data is uh you know given to the network administrators. Also it generates alerts and reports. So this is how uh you know the network monitoring protocols are working in this alignment. So we've discussed about these protocols and this was a certain diagrammatic uh explanation you know. So I hope so you would have got a brief idea regarding these protocols. Okay. So now let us briefly understand the seven layers of the OSI model. Okay. >> Now this is OSI stands for open system interconnection model. So there are seven layers in this model. Okay. And along with there are protocols also mentioned and the components associated with the each layer. So let us break down these layer. So first of all we have the physical layer. Okay. The purpose of this layer is to define the physical structure of the network such as cables, switches and wireless transmission. Here uh this the function is that of this layer is that it converts data into electrical signals like radio or optic signals for transformation. It also manages bit rate control and transmission media. Now this is all about the physical layer. Then you have the data link layer or you could say the error detection layer. Uh this layer basically manages the direct node to node data transfer and error detection. Uh the function of this layer is that it ensures that the data is correctly framed before transmission. It detects and corrects errors in transmission and it basically uses MAC address for device identification. Examples of this layer could be considered as Ethernet or PPP pointto-point protocol, switches, bridges, all these come into this layer. The third one we have the network protocol or the routing layer. So this layer determines the best path for data to travel between different network. It assigns logical IP addresses, routes data using protocols. It manages network congestion and fragmentation. Uh the examples of this uh protocol could be you know IP protocol, ICMP, IPSec, IGMP, okay, internet group management protocols just like navigation systems you know that determine the best route for a vehicles to reach destination. Similarly, this layer is working like that. Then we have the transport layer uh which basically is like a delivery layer. It ensures complete and reliable data transmission. Uh this layer divides data into smaller segments and ensures proper reassembly. It provides error detection and correction. It uses TCP for reliable uh transmission and UDP for faster connectionless communications. Uh examples could be you know the TCP protocol or UDP protocol. So you can consider it like a cers you know that ensure that packages are delivered safely and in the correct order. So after this the data is moved to the session layer which is like the connection layer. It establishes maintains and terminates the communication sessions. It helps in managing sessions between applications. It handles authentication and any reconnections if needed. So for example we have the API sockets all over here in this layer. So just like customer service representatives who handle call and ensure smooth communication between businesses. This layer is working like that. Then we have the presentation layer which ensures that data is formatted properly for the application layer. Uh it translates data formats like converts images, compresses file, encrypts and decrypts data for security. Then we have uh example of presentation layer like SSL, secure socket layer, SSH, IMAP protocol, FTP. So you can consider these as a language translators who convert a message into a format that the recipient can understand. And finally we have the application layer which uh has a purpose of providing network services directly to the users. It manages data exchange between applications on the network. It enables browsing, email and file transfer. So example of this layer include HTTP protocol, FTP, IRC, SSH, DNS. Okay. So you can consider something like this as these are the customerf facing employee in a company who directly interact with the users. Hey everyone, today we will explore the world of cyber security with hacker GPD specialized version of chat GPD designed for ethical hacking and cyber security. In a digital landscape where cyber attacks occur every 39 seconds causing billions in damages annually, hacker GPT provides the essential tools and knowledge to defend against these threats. So hacker GBD offers guidance on a wide range of topics including security practices, ethical hacking techniques and scripting for system security. Cyber crime damages are expected to reach $6 trillion annually making it a major challenge for organizations. And if we talk about some of the breaches, so in 2020 over 36 billion records were exposed due to data breaches. And the infamous Equifax breach of 2017 where 147 million people's information was compromised highlights the importance of regular security assessments and vulnerability management. These are the areas where hacker GBD excels and hacker GBD strictly adheres to ethical guidelines refusing to assist with any unethical or illegal queries. So our commitment is to provide guidance that adheres to legal and professional standards, helping you become a responsible cyber security professional. So guys, let's get started with hacker GBT that equip you with the knowledge and skills to defend against cyber threats ethically and effectively. So guys, this is chat GPT and this is the paid version of chat GPT for what I was telling you is this is the explore GPT section. So here you can find all the GPS that are created by Jet GPT, OpenAI or the individuals or you can find the companies who have created GPS. So you can find these are the recently used and this is the most used hacker GPT. You can find other GPS also that is hacker GPT and you could see that and they have been used by 5,000 plus users and this have been used by 10,000 plus users. So you can just search for ethical hacker GBT here and it has been rated 4.5 stars 10,000 plus conversations and these are the conversation status if you need any assistance and the capabilities you can see here and the ratings given by users and more by the creator who has created this. So we'll start with this. We'll start the chat here and I want to tell you guys that chat jeopardy doesn't answer non-ethical questions. So if you try to extract that information from chat GPT that won't be possible but we can do a bit like we can cross a bit line with ethical hacker GPT but that should be used for ethical purposes only. So I will show you guys how you can utilize this GPD. And one more thing guys, if you want to create your own GBT, you can also create that also. You can go to explore GBD section and here's the create option. Click on create and here you can start creating your GBD. If you click on configure, you can write the name of your GBD, description, instructions and the conversation starters as you just saw with the hacker GBD, ethical hacker GBD and the capabilities what you want to be enabled, you can do that. And here in the create section, you could write the prompts here and it will take that information and use it for more purposes. And here you could attach more files that could help create your GPT. Okay guys, so here you could see the configuration and the preview of your GPT and you can finalize that. So moving back, we'll get back to Ethical Hacker GBT and start with our conversation with him. So starting with the first thing we can do is we can ask him like how can I perform a basic security assessment on a web application. So if I tell you guys performing a basic security assessment on a web application is crucial for identifying vulnerabilities and ensuring the application is secure and this process involves using various tools and techniques to test the application for common security issues. So you could ask him that how can I perform a basic security assessment on a web application and just wait for a few seconds and you could have the response from ethical hacker GVD. So you could see that performing a basic security assessment on a web application involves several key steps and these are the key steps. Number one is preparation and information gathering and how you can do that. These are the steps identify the scope, gather information. Then is the second step that is reconnaissance and you can use the tools burp suit nikto and others similarly you could see all the steps here. So I won't be guiding or I won't be reading what responses are generated by ethical hacker GBT. I have used that and he provides very accurate like I would say around 95 to 96% accurate results. Here I want to show you guys how you can utilize it. So I will show you prompts and what things you can ask him. So this was all about repeat. So this was about the general security thing. Now we'll move to ethical hacking and we can ask him how we can perform a SQL injection attack ethically on a test environment. So these are the prompts that you can write that would be how do I perform a SQL injection attack and that to ethically if you write this that would be good on a test environment and if I tell you guys so SQL injection is one of the most common web application vulnerabilities and understanding how to perform a SQL injection attack ethically on a test environment can help you identify and mitigate this risk in your own applications and you could see he has responded and he has provided you the steps that you can set up a control test environment first thing then preparation and you could use these tools then you have the manual SQL injection testing so these are the methods that you could use that is or or 1 equal to 1 for the database and automated SQL injection testing So this is the command for that and you could verify vulnerability documentation reporting. So you could see that this GP is capable of answering the basic questions as we have discussed the basics question till now. Now we'll move to scripting and automation. So here you could see how he respond to this. So we'll ask him can you provide a Python script to scan open ports on a network. So let's see what he provides. provide a Python script and that to to scan ports on a network. So scanning open ports on network is a fundamental step in identifying potential vulnerabilities and a Python script that can automate this process making it easier to regularly check for open ports and secure them. So this is the Python script. You can use any ID and run on that. And you could see that he's explaining the code also. Yeah, you can ask him like can you explain the code line by line and this hacker GBT will do that for you and how to run the script that also he has provided you. And similarly we can also ask him that how we can write a bash script to monitor and log unauthorized login attempts. And if you want I can also run this prompt. How do I write a bash script and that to to monitor and log unauthorized access unauthorized login attempts. So we can monitor and log unauthorized login attempts and that would be essential for maintaining the security of your system. So as you can see he has written a bash script and that can help you automate this process and this will provide realtime alerts and logs for further analysis and you could see that he's providing the explanation and how you can run the script and he's writing the note also like you can write more prompts if you have any doubts in any of the script or any of the responses that hacker GPT has responded and he will definitely provide you with good responses. So now moving on. Now we'll ask this ethical hacker GPD about some specific security tools and we could ask him about Burp suit. And so let's write a prompt. Can you explain how to configure and use Burp suit what we can write for web application testing? So if I sum you up, so Burp suit is a powerful tool for web application. Security testing and understanding how to configure and use it effectively can help you identify and address a wide range of security vulnerabilities in your applications. So you could see he has provided the initial steps that would be downloading and installing Burpsuit, configuring your browser to use Burpsuit as a proxy and then intercept and inspect traffic and then you can use it for testing purpose logging and reporting and tips for effective testing. So this is the response for the security tools and if we talk about incident response we can ask him to write a script to collect system logs for forensic analysis. So collecting system logs is a critical part of incident response and forensic analysis and this script can automate processes that can ensure that you have all the necessary data to investigate security incidents effectively. So if I write here we can ask this hacker GPD and I'm sure he will provide the response for that and write the script. So can you provide a script to collect system logs for forensic analysis. So as I told you this is the critical part of incident response and we have covered about the tools that is pursuit. We have asked him about the automation process, general cyber security question, ethical hacking that would be SQL injection attack and the Python script to scan open ports on a network. So he can write scripts also automation task and he could respondse with the general cyber security questions also. And if you see here for the incident response, he has writed the script to collect system logs for forensic analysis. So I won't be explaining this code as we're just looking for the prompts that we can give to ethical hacker GB. If you want you could just ask him also that explain this code line by line. And here he has mentioned also the explanation that is directories and files to collect and after that he's collecting the logs and that will be copied in the directory that is he has mentioned it a variable that is output directory archiving logs cleanup and how to run the script. So this was about the incident response. Now we move to some advanced topics and in advanced topics what we can ask him is key how to perform a man-in-the-middle attack in a controlled environment and remember these that you have to mention some of the keywords that would be in a controlled environment and for that thing only he will response or provide the response to you. So I will start here that how do I perform a man in the middle attack in a controlled environment. So if you understand man in the middle attack that works in a controlled environment, this can help you develop better defenses against such attacks. And it's important to learn and practice these techniques ethically. So you can see here that he's providing the prerequisites and the step-by-step guide how you can conduct a man-in-the-middle attack. So first is set up the control environment, then install necessary tools, enable IP forwarding, perform ARP spoofing, and then capture and analyze traffic, clean up and restore the network and conclusion. So you could just follow up with more prompts that I want more information about setting up the control environment. Just write this prompt and this ethical hacker GPT will provide more responses to you. So he will provide you how you can set up the control environment. So now moving on we will ask some more prompts and that could be about the reverse engineering. So we could ask him that can you explain the processes of reverse engineering a malware sample or we can also ask about honeyport to detect malicious activity that could be how can I implement a honey port to detect malicious activity or what are the techniques for securing a docker container so we'll ask him one prompt here so let's see what he responds to that so how can I implement a honey report to detect malicious activity. So you could see that he has started responding to that. And if I tell you the sum. So a herni port is a security mechanism set to detect deflect or in mechanism to some manner and it counteract attempts at unauthorized use of information systems. Implementing a honey port can help you monitor and understand attack patterns. And this is the step-by-step guide to implement a honeyport. You can choose the type of honeyport, prepare your environment, install and configure the honeyport software. And these are all the commands how you can configure it. Then you can monitor and analyze the honey port and regular maintenance and updates. And this is the simple port using honey. You could install that and run these commands. So with that guys and in the last we will also cover cyber security policies and compliance. So he could also answer to those prompts also that you can ask him that what should be included in a company's cyber security policy and you could mention which type of company you are running. So I will ask him that. So you could ask him that what should be included in a uh ATTE companies cyber security policy. So let's see. So you could see here that creating comprehensive security policy for an act company involves adding various aspects and that would be introduction. First is the purpose for cyber security policy scope roles and responsibilities data protection and privacy network security application security user security awareness and training incident response and management compliance and legal requirements physical security device and endpoint security. So similarly you could ask him that draft me the company's cyber security policy and start with the introduction. So he will provide you all the introduction points and then you can ask him that draft roles and responsibilities. He will draft that also. So you could like break it into parts and ask the ethical hacker GPT and he will respond to you as it has some limitations of some words and some of the responses. So you could ask him in the breaking part and he will respond to you. >> Imagine waking up one morning to find your company's critical data locked away by ransomware or your personal email account flooded with suspicial login attempt. It's a scenario no one wants. Yet it's becoming all too common in today's interconnected world. Now picture yourself equipped with the right tools. Tools that allow you to detect vulnerabilities before attackers do. Simulate fishing attempts to train your teams or analyze networks for hidden threads. Sounds empowering, right? This is where the cyber security tools comes in. So guys, in today's video, we are going to step up into the top 10 free cyber security tools that you should know. So let us discuss our first tool. Our first tool is air crackng. Airngg is a comprehensive suit of tools for Wi-Fi security auditing and penetration testing. It enables ethical hackers and security professionals to monitor, test and crack wireless networks to assess vulnerabilities in encryption protocols. Now let us discuss some of its key features. So you could see all over here that we are at the official website of air crackng. So you could see all over here it focus on key different areas of Wi-Fi security. The first one is packet capturing. It monitors and captures raw frames from Wi-Fi networks which enables analysis of network traffic. It is also used as a decryption tool. It includes air decap which actually decrypts WP and WPA encrypted packet. Now what is WP and WPA? So WP stands for wired equivalent privacy and WPA stands for Wi-Fi protected access. These are security protocols designed to protect wireless networks. They ensure data transmitted over Wi-Fi is encrypted and secure from unauthorized access. Next one, it helps in injection testing. It has this packet forge NG through which users can create custom packets to test a network's successability to injection attacks. You could also do network scanning. It has a dump which identifies available networks, their encryption protocols and connected devices. And finally, if you want to crack encryption keys, you can use this tool. It is going to recover weak WP keys and also WPA pre-shared keys using advanced algorithm. Now, in what scenario you could use this? So, suppose you are doing penetration testing to test the strength of enterprise or home Wi-Fi networks to identify vulnerabilities. So, you could use this tool. Next one if you are performing any educational demonstration in that scenario you could also use it and mostly it is used in network security audits. It helps IT teams to ensure Wi-Fi networks are properly secured with modern encryption protocols. Now let us discuss our next tool which is Burp suit. So Burp suit is a popular tool for testing the security of web application. It allows users to intercept, analyze, and manipulate HTTP traffic to uncover vulnerabilities such as SQL injection and cross-ite scripting. So guys, this is the official website of Burpuit. Now, what are its key features? First of all, you could intercept proxy. So basically, with the help of Burpsuit, you could capture HTTPS traffic between browser and the server, which enables real-time inspection and modification. Second, you could do automated crawling. The spider feature maps out all the pages and structures of web app aiding comprehensive testing. Third one, request repeater. This allows testers to resend and tweak HTTP request to identify weaknesses in application logic. Fourth one, you have session token analysis. It evaluates the randomness and security of session tokens to prevent unauthorized access. So guys, this tool comes in free and paid versions. The community edition provides essential tools while pro version adds automated scanning and advanced capabilities. Now in what scenario you could use this tool? Suppose you are doing web application testing. So you could discover security weaknesses such as input validation flaws or session hijacking risk. Next you could use it for compliance checks which ensures apps meet security standards. Third one you could use it for developer debugging. It helps refine web app authentication mechanism and improve session handling. Now let us discuss about our third tool which is defendify. Defendify is an all-in-one cyber security platform designed for small and medium-sized businesses. It provides comprehensive tools for risk assessment, fishing simulations and employee training consolidating cyber security efforts in a single solution. So as you can see all over here I have navigated to official website of Defendify. Now there are certain key features of Defendify. First of all, risk assessments. It identifies vulnerabilities in all the networks, applications and practices providing actionable recommendations. Second, if you want to do fishing simulations, then you could use this tool. It is going to test employee susibility to fishing with realistic and customizable campaigns. Third one, you could use it for cyber security training. It offers engaging modules to educate employees on recognizing threats. Fourth one, it has incident response plan. It provides pre-esigned action plans to handle breaches effectively. Fourth one, it has threat alerts. Finally, it is used for threat alerts. It monitors and notifies users of emerging cyber threats in real time. Now, in what scenario you could use this tool? So you could use it for small businesses security okay and employee awareness training and also if you want to streamline cyber security management. So in these scenarios you could use this tool. You could go on this tool. So it says start the tool. Just click on it and you can explore this tool all over here what it includes. Now let us move on to our fourth tool which is Goofish. Goofish is an open-source fishing simulation toolkit that allows organization to assess employee awareness of fishing attacks. It enables users to create and track fishing campaigns in a control environment. So you could see all over here I have navigated to the official website of Goish. Now let us discuss about some of the key features of this tool. First of all, customizable campaigns. Users can design fishing emails using realistic templates tailored to their organization. Second, user response tracking. It can track metrics such as email opens, link clicks, and submitted credentials. Third of all, detailed reporting. It provides analytics on campaign outcomes, helping identify training needs. And it is also very easy to use. It offers an intuitive interface for creating and managing campaigns without needing advanced technical skills. And finally, it is open source which is fully customizable and free to use for organizations of any size. Now what scenario you could use this tool? So suppose you are going for employee security awareness. So in that scenario you could use this tool or if you want to improve security culture then you could use simulation results to reinforce best practices for email security. In that scenario this tool works perfect. Now let us move ahead and discuss about our fifth tool. Our fifth tool is have I been fumed? So it is basically a free web service that allows users to check if their email addresses, usernames or passwords have been exposed in a known data breaches. It's a simple yet powerful tool for staying informed about compromised accounts. So guys, this is the official website of have I been puned. Now let us discuss about some of the key features about this tool. First of all, for credential research, users can input email addresses or usernames to see if they appear in public breach databases. Second of all, for real-time alerts. It offers subscription-based notifications for users to receive update about new breaches. Third, it is used for comprehensive database. It contains billions of leaked credentials from past data breaches. Fourth one, API integration. Organizations can integrate the service to their workflows for automated breach monitoring. Now basically you could use this tool for personal security where individuals can monitor their account and take actions if credentials are compromised. Second one for enterprise account management. IT teams can track employees credentials to prevent unauthorized access. And third one promoting password hygiene. It helps user adopt stronger password by highlighting the risk of credential use. So what you do just type your email address and just check whether you have been puned or not. It is a very amazing and free open-source tool. Now let us discuss about our next tool which is Kali Linux. Kali Linux is a DBN based Linux distribution designed specifically for security professionals. It provides an extensive collection of tools for penetration testing, digital forensics and security auditing. Now this is the official website of Kali Linux. You could download Kali Linux from all over here and it has certain key features also. First of all, it has 600 plus pre-installed tools which includes end mapap, metas-loit, wireshark for tasks like network scanning, vulnerability exploitation and packet analysis. Second of all, for customizable environment, it is fully configurable to meet specific penetration testing needs. Third of all, for live boot compatibility, it can run directly from a USB drive, leaving no trace for the host system. Fourth, it has extensive community support. It offers extensive documentation and resources for security professionals. Now, you could use this tool in certain scenarios. First of all, if you are trying to do penetration testing, you can simulate attacks on networks and systems to uncover vulnerabilities. If you're going to do digital forensics, then this tool works perfectly. You could investigate cyber incidents by analyzing system logs and data. And for education and training purposes, this tool can also be used. Now let us discuss about our next tool which is N map MAP. N MAPAP is a powerful open-source tool used for network discovery and vulnerability scanning. It helps administrators identify devices, open ports and running services on a network. So guys, this is the official website of N MAP. You could download N MAPAP from here. Now the key features of this tool are as follows. First of all, it is used for device discovery. It can detect all devices connected to a network. Secondly, open port identification. It can identify open and vulnerable ports. Third one, if you're trying to do operating system fingerprinting, it can determine the operating system and software versions of the devices. Fourth, you could go for scriptable scans. It can automate scans using scripts for complex network environments. Now, you could use this tool in certain scenarios. First of all, for network inventory, you could map all devices and services in a network. If you're going for security audits, this tool can be amazing. It can identify and close open ports to minimize attack surfaces. Third on compliance testing. It ensures network configurations adhere to security standards. Now let us discuss about our next tool which is nec. Neto is an open-source web server scanner which can identify vulnerabilities, outdated software and misconfigurations in web servers and applications. So guys, you could see all over here that this is the official website of Nikto. This tool could be used for vulnerability scanning, SSL proxy support, intrusion detection system and also it has some customizable option allows users to tailor scans for specific server configuration. Suppose you want to do server audits. So it could identify vulnerabilities in servers and applications. If you are doing legacy system assessments, then this tool can work amazing. It could test older systems for updated software and also if you are doing pre-eployment testing you could ensure servers are secure before going live then you could use this tool. Next tool we have is metas-ploit. Metas-ploit is a pentesting framework that enables users to find test and exploit vulnerabilities in systems and networks. It's a versatile tool used by ethical hackers and security professionals. So guys this is the official website of metas-ploit. So guys, if you're looking to exploit database, then you could use this tool. It has over 1,500 preloaded exploits for testing vulnerabilities. Second, if you are doing payload generation, it provides customizable payloads for post exploitation activities. It could also be integrated with other tools. It works seamlessly with tools like N MAPAP for comprehensive testing. It has community and pro versions. The free framework edition is suitable for beginners while pro edition offers some advanced features. If we talk about use cases then it could be used in vulnerability testing. If you are doing red team exercises then this tool could be amazing. You could conduct simulated attacks to improve organizational defenses. Third of all for security research. You could develop and test new exploits in a controlled environment. Now our final tool is open vulnerability assessment scanner or openvas. OpenVAS is a vulnerability scanner that comprehensively test networks, systems and applications for security flaws. So guys, this is the official website of openvas. The key features of this tools are as follows. If you are looking for daily update, okay, then you could use this tool. You would receive updated vulnerability feeds for detecting new threats. If you're looking for customizable scans, then you could use this tool. You could configure scans to meet specific organizational needs. Third of all, for authenticated testing, you could scan systems with user credentials for deeper insights. Fourth, for detailed reporting. It could generate reports for compliance and mitigation planning. So guys, you could use this tool in certain scenarios like for enterprise security audits where you want to test scale networks for vulnerabilities. Second of all, for compliance testing, if you want to ensure that system meets regulatory standards. Third, if you're looking for continuous monitoring, you could automate periodic scans to maintain secure environments. So guys, this was the top 10 free cyber security tools that you should know. If you have never used Linux before and are looking to get into it, this is the perfect opportunity for you to learn on how you can use this operating system in your daily lives. Now although this video is specifically catered towards people who are trying to get into cyber security or who are trying to learn ethical hacking, the more people that get into Linux is that much easier because it just provides an alternative operating system that you can use and perform in your day-to-day lives. Now uh it's very important especially for ethical hackers to understand how Linux works and specifically how Kali Linux works that we are going to cover today. Now uh Kali Linux is also an operating system dedicated specifically to cyber security analysts and hackers and has a bunch of tools that makes the process of ethical hacking and vulnerability analysis malware analysis very easy. So uh in this Linux crash course we will learn everything about Kal Linux what it is what you can use it for then understanding a bit more of the Linux system fundamentals. Now that can span across a multi a variety of topics. For the uh Linux fundamentals we often have how to navigate the file system, how we can use the Linux operating system command terminal for creating editing and just manipulating files. We'll understand some networking commands that can help you. We'll understand how the uh the service mechanism how to start start services stop services. We'll understand how to install uninstall some particular tools. We'll also create a small script with bash so that you can understand how you can use the bash language to start your scripting journey in Kal Linux directly. Before we move forward, let's check out the C certification course by simply learn. If you want to learn more about cyber security and ethical hacking in general, check out our C certification training course. The certified ethical hacker certification is the industry standard for trained penetration testers and our training program will ensure you are well equipped with all the necessary skills and techniques required to ace the exam. You'll get an exam voucher for free with the course allowing you to learn, master, and excel as a penetration tester with a single package. You can find the link for the course in the description box below. That being said, we can get started with our demonstration. Now the first thing we need to understand is how we can install Linux properly. To install Linux or Kali Linux to be specific in this case we will need two things. One we need the ISO file which is basically the installation file of every single operating system and we will need an environment to run it in. Now many people um use Linux or any other operating system as a dual boot in the system. So that when you start up your computer or a laptop, it will ask you where do you want to boot into? Do you want to boot into Windows or Kali Linux or Ubuntu something like that. But for easier access what many people prefer and many people will recommend is using a virtualization software. So what that will happen is you will keep using your normal Windows operating system but you can use virtualization software like virtual box or VMware to run Linux operating systems in Windows directly. It'll uh run in a sandboxed environment which makes it easier to learn and you don't have to dedicate another uh bootloader access and it just gets a whole lot complicated. Dual booting is a lot more complicated and it is recommend it is recommended for beginners to just stick with virtualization software. Now for virtualization software you will get two options here which will be virtual box by Oracle or VMware. Now I highly recommend VMware because I feel it is much more stable and it has a a bit more fluidity when running operating systems. Now since you are running full-fledged operating systems in a single window, your system must have a good amount of RAM free so that it can be completely dedicated to the operating system being run in that sandboxed environment. So I would really recommend uh VMware over virtual box which I feel is has become slightly dated now. Meanwhile, VMware workstation player is going to be much better. This is obviously a pre case of preference and you can try out virtual box if you want. Most of the things will be similar but once you download VMware and install it you should be getting a window like this. Now this is the works workstation you can get the VMware player version which is the free version. You can get that as well and again most of the things will be similar. So now that we have VMware and we have our environment where we are going to install Linux and work on it. Let's check Kali Linux. Now, Kal Linux as you can see it's the world's most advanced penetration testing distribution and more importantly it is based on DBN. DBN is one of the uh you can say the forefathers of operating systems, one of the operating systems which paved the way for many Linux distributions to be based on it. Apart from Kali, we also have another operating system which is called Parrot Security. This is also used by ethical hackers and cyber security analysts because this has the uh this functions the same way as Kali Linux as in it has all the tools and techniques that you may require in your ethical hacking journey. So uh you can use either of them either Kal Linux or Paris security and more importantly for today's video actually any Linux distribution will do because this is more about learning the basics and the basics will stay same irrespective if you go for Kali Parrot Ubuntu or any other Linux distribution that you can think of but I'm just letting you know that there are two options here. Parrot has a bit more features but Kali Linux is the industry standard today and has been for like a decade now at this point. Uh so it is much recommended to go with Kali and that's what we are going to work on today. So to download the ISO file we'll just click the download button here and you can see it offers a variety of options. You can directly download for virtual machines which is see as you can see it is the recommended but it is it is going to deprive you of a few um learning things. So what we can do is we will get the live boot system. What live boot will do? It will provide the ISO file which we can later use to install on our VMware system. So I will go to the live boot. It includes everything. As you can see I got a torrent file. I will place this torrent for download now. Actually instead of the torrent we can just download the point release live image. Um the this actually this version had every tool possible but this one this uh January edition you can see Kali 2023.1 the January live version point release live image you can just download this one directly just click the download button here which is written at 3.8 gigs the ISO file size just click on download and your download will start. So remember once again you can do this process with parrot security directly as well. I think if you go to download button here yes you have to choose a security edition. Now they also have multiple versions for let's say the home edition is for daily use you know um just casual browsing or just multimedia process all those things. Hack the box is completely separate service that functions easy to easy to hack um boxes that will be a completely separate edition similar to cloud architect and raspberry pi but if you are going to use parrot security get the security edition directly just download it from here and you it you'll be good to go but for now we are just going to install kal nut since that is what the majority of industry uses and we'll move forward with it accently These are the containers. Yes. Now what you what would have happened if I chosen virtual machine is as you can see there are many virtualization software like VMware virtual box and chemo. It what will provide is it will provide a installed file. It'll give a folder where the virtual box VMware has already installed Kal Linux. So you can just load up in your VMware system. As you can see you can it'll you have to just open a virtual machine if you download the image directly this one. So you can just open up that folder and your operating system will load on its own. But why after getting the ISO you can customize a lot of things. The thing about this virtual images are they're not customizable as such. With the ISO, I can customize how much hard space I want to devote to just the sandbox operating system. How many how much RAM usage although those RAM usage and all can be uh customized. Everything will be tailor made based on your specific needs. So we will check that once the download is completed which is just 1 minute remaining. Apart from that you can see there is a 64-bit. I think this is 32-bit as well. I'm not sure if a 32-bit is required nowadays considering everything is 64 but yes before uh while the ISO is getting downloaded let's check out VMware Workstation now to get started at creating our sandbox environment we will touch upon create a new virtual machine. Yes. Uh here we can let's say check on custom because we want to customize how much we want to uh give hardware. We can use workstation 16.x which is the latest one. Now here I'm going to choose I will install the operating system later. If I give the ISO file here directly, it will install the operating system on its own which kind of defeats the purpose. If that was the case, we would have downloaded the live image. Anyway, we I will click on I will install the operating system later. We will choose in the guest operating system, we will choose Linux. And make sure you choose DBN 10.x 64bit as we read in the website. It is based on DBN. It's TBNN based Linux distribution. Now this can obviously change. There are other operating systems on which others can be based like Fedora and uh Arch but this one is DBN. So we are going to choose DBN over here. DBN 10X 64bit which is the latest version. Click on next. We will name it as Kali Linux and click on next. The number of processors I'm going to give two processors here. Total processor cores is four. This you can determine based on how much how powerful your system is and how much you can give as it is because a major part of how how how a virtual machine runs is not just how much RAM you give to it is how much RAM is available outside of a sandbox environment because if let's say your system is u uh has 8 GB of RAM you devote 4 GB to the virtual machine. Windows itself takes up around 4 GB uh at least 3.5GB when it's sitting idle. So you have to account for all that when dedicating processors and more importantly RAM as well. So we're going to click on next for now. And here what I'm going to do is I'm going to give 2.5 GB of RAM which should be enough for the thing at least the things that we are doing today. This can be customized later on as well. Let's say you started working and then you realize the amount of RAM that you have given is just not enough and you need a bit more then you can customize that later. For now I'm going to give 2.5 GB of RAM. You can see the recommended is 2 GB. Anyway, I'll just go a step further. Click on next. Use network address installation is the network connection as in what kind of networking it should have. The virtual sandbox should have considering it is being run inside an operating system. your windows whatever internet connection is given to your Windows will u go to uh Kal Linux directly but you can customize that let's say you don't want networking you want host only networking that you connect the guest operating system to a VPN later on it's a completely customizable process but for easiest access we are going to use use network address translation IO controller types LSI is always going to be the most recommended so just go ahead with it choose CI for the virtual disc type. Now these are different virtual discs types that can be used and they have different purposes like some make it easier to transition between multiple uh installations of VMware or virtual box based on what you have chosen but SCSI is always considered the best disk would be we will create a new virtual disk. Now this is the maximum disk size or the disk capacity. how much hard storage are we are going to devote for the operating system installation and all the files whatever you work in the system that will be stored somewhere right so we're going to devote the basically the uh room size to make it easier to understand so I will give 30 GB of memory size now here you have another option uh you can actually allocate all disk space now as it is written allocating the full capacity can enhance performance but requires all of the physical discs to be available right now. So the good thing about VMware is if I think that's in virtual box as well. If I do not click this even though I have written 30 GB it does not take up all of the 30 GB in your hard disks. It takes how muchever is required. Let's say after installation and everything uh it takes up 10 GB of space that is all that will be taken up. It won't take up all the 30 GB. the more you keep working and slowly the data increases the size increases of the virtual machine folder it will go up to 30 GB that's it. So if you allocate all of it now it will take up the 30 GB directly and it will be slightly more performance because it will remove that uh read functionality when the virtual when the virtual machine is being run. So I will I will click it and between these two options between single files and multiple files single files is faster but multiple files will make it easier if you want to move your virtual machine system from let's say one laptop to another or you have to switch between personal and official systems but for now I can choose a single file 13 disk file will be created you can just put whatever name and I think everything else is settled now what we will do is we will click on finish. It'll take some time to create the disk. I think the ISO download would have been completed. Yes, the ISO download is completed by now. It'll just take a while to create the disk. Uh there is also Kali Net Hunter which is a mobile penetration testing platform. It is available only on Android. Uh you can use it to perform small tasks. Obviously you can't you can't perform everything that you can on Kal Linux desktop environment but a lot of the things can be performed like basic network scanning and some amount of sniffing and uh brute forcing tools all those things can be performed on net hunter directly but that is a video for another day. So we'll just wait till the disk is created and then we'll move forward with the process. as you can see the virtual machine is now created. So the next step would be to actually align the ISO file. So we're going to click on edit virtual machine settings. Here we'll select the CD DVD position. Use ISO image file. We're going to browse. Go to downloads. Use the Kali Linux ISO and click on okay. So now we can power on. Select live system AMD 64 at all times. Okay. You can see a pop-up here below that says install DBNS has on physical computer that we are going to do which would be Kal Linux in this case. It just shows Debian because it is based on Debian. That's it. When you're done and the operating system boots up, click I finish installing. So we will do that when the time is correct. So, we can see the live boat running up. Okay, you can see Kal Linux is booting up now. You get the uh the usage CPU usage meter here and this should be the memory. Yes. Okay. So, we have enter booted into the desktop. These are the multiple workspaces. But once again, this is not installed. What we're going to have to do is install this operating system. You can see you can use in the live environment you can use everything but you just have to install this operating system directly. The networking system is working. Okay. So once you familiarize yourself with the Kal Linux operating system and more importantly in the live environment you are able to check if the amount of RAM that you have given and your processor in general is able to sustain everything or not. We will what we'll do is we will just power off the virtual machine. We'll again power on and this time we'll not choose the live system. What we will choose is we'll go down. We'll choose the advanced installation options. We'll click graphical install and install. That's it. Now what this will do is we'll launch the graphical installer instead of the live system. U some operating systems like u pirate security for example will allow you to install directly from the live environment but that's it. It's uh it's not really a very big difference if you run it from here or there. Now the installation installer is launched. I'm sorry. Uh I will click the English language. Yes. Uh it'll ask for your location so that it will set your time zone. I will choose India. Configure the keyboard. You can choose American English considering that is a standard uh keyboard layouts that is available on the market. It will load the additional components like the the networking modules, the input output device detection drivers, all those things. Some of the partitioning devices as well. I think uh it will take the network hardware. Next configuring configuring the network with GHCP. Yes. Uh now that we have to create uh select the host name. The host name I will just keep it as Kali. That's not a very big deal. This is more important if you're a lot into networking and you want to have you know particular home network as a kind of like acting as a server for the all the devices in your home Wi-Fi. Otherwise it's not an issue. Uh kind same thing with the domain name. I will skip the domain name because it's not really essential for what we are doing here. Yes. But the username will obviously be required. The full name I will give it as simpler. For example, I'll keep the same username. That was the full name. This is the username. Uh password you can give based on your wish. Make sure password's the same. This is the single user by the way. You can obviously create multiple users like we do on multi uh other operating systems. Now it will check the disk partitioning here. Since we are installing it on VMware, any virtualization software be it virtual box or VMware, we will use guided which is use entire disk. Continue. As you can see, we had devoted 30 GB. It is showing 32.2. Similar situation here. Going to click on continue. All files in one partition which is recommended for new users. You have you can partition it to home via tmp maybe uh other partitions as well that you can keep a swap partition as well but that's not necessary now. We'll keep all of them in a single partition. Just make sure all the changes are there. It'll create the swap memory on its own and click on continue. It'll ask that these are the changes being made. Just select yes. Continue and it'll start installing Kal Linux into the V VMware virtual disc. So this will take some time. So we will speed this up and come back to it when the installation is done. So now we have to set the package manager. The main partitioning system is done and most of the installation part is done. You just have to configure the package manager and use a network mirror. Click on yes APD. You don't need to set up anything else here. You can just click on next and it will set up APD which is the package manager of Kal Linux. Now what the package manager will do is help us install and install update the tools and libraries that Kali Linux uses all the softwares and all the tools that we're going to use later on. It will configure the package manager for now. It's almost done. Now it's installing the grub boot loader which will uh uh when you start up the system it will ask you where do you want to login? Uh yes install the group bootloader to my primary drive. Click on continue. We'll just select dev sda which is you'll find a single drive anyway. Instead of entering enter device name manually just click on whatever storage space is being uh written below that. Now if you're using it on virtual box or VMware which you are doing right now you will get only one storage that's it. If you're dual booting you'll get multiple and you'll have to make some choices but that is advanced and we don't need to get into that right now. For now only the last one should be enough. Now it is finalizing the installation. It's running a few post installation clicks. That's all. And as you can see the installation is complete. So please choose continue to reboot. Uh we'll just press continue. Now it it uh loaded in a lot of the packages during the live version and during the installer so that it can continue with the installation. So it's going to remove that live package from the RAM and complete the process. As you can see, Kali Linux has rebooted and is going to the installed operating system. Oh, you will. If you're a beginner into Linux, you will run into a lot of the commands being shown. Just don't freak out. It's all normal. It does take some time to start up depending on how much memory you have given it, how much RAM you have devoted to it, how much even how much hardness you have given it also depends on that. And uh obviously it also relies on how much memory your Windows operating system is using. So that how much extra RAM is available and how well Windows can push VMware Workstation. So we have the login screen. We are going to use whatever username and password we had set during installation to login. Now this will be the root user. You'll understand more about that just now. Let's just allow it to boot completely. Okay. So now we have Kal Linux operating system installed and ready to go. Now what I would recommend the first thing is just go around just check if you're new to Linux uh do not make a lot of changes or anything like that but do move around. For example, if you can just click the start button here which is termed as applications you can see a lot of the programs that are installed. Now the good thing about Kalin is it's very help uh intuitive. So for example, information gathering you'll see all the tools that you can use for information gathering. Now same for vulnerability analysis, web app analysis, password attacks, all the brute forcing tools that you can use the wireless attacks like air crack uh rever example sniffing networks like wireshark etc. So just go around the operating system see uh check the file manager how it works and you know basically get a feel for the operating system directly. Okay. See, here's the file manager. Just check everything how it's working. You can enter the settings and move and make some small small changes. Now, a lot of the settings won't matter a lot in when running virtually, but it's good to know and understand what are the things that Linux offers. So, it's a very important step. One more thing if you are in a virtual machine is make sure that VMware tools is installed. Usually this gets installed directly but if not you can just reinstall here. Okay I think so our environment is ready and set up. Now as you might know a major part of Linux is the command line. So we're going to click the terminal here or you can just open right h has open. So this is basically the command line that you can use in Mac OS or Windows. So a lot of the things that we do on wind uh on Linux is in the command line itself. Now you can use general uh graphical tools like uh let's say the file manager for example. You can do use graphical tools. You can use other networking tools as well. But it's some it's always better to use the terminal because one you can uh reach things faster compared to a graphical tools considering you just have to write a single command and that's it for most of the tools other than having to navigate through a lot of menus and sections and um other compartments that you have to do on a graphical interface. So we will have to focus more on this command line terminal. And the first thing that we have to learn in a command line terminal is the pseudo user or the root user. We had discussed uh when creating the user but I told that that will be the root user considering we're only adding just one user for now. Okay. So let's break that apart actually. Uh sudo is the keyword that we are looking for. Okay. Now the super user or the root user administrator of the system is going to be someone who has the all of the access to access everything all the sensitive files all the sensitive settings all those things. Now if you can just see uh let's say if I want to open a file I'm going to uh put cat etc shadow let's say permission denied cat is the way to open up text files by the way now this file does exist but I cannot open it because the permission is denied I'm not the root user right now I'm just simply on add kali now the terminal does not go into root mode by default because it does it's not it's not safe from a security perspective. So we have to check on what are the things that can be done securely. That's why what we will do is we will write down now sudo let's say uh sudo is the command for and invoking the root user. We will write the same command which is sudo cat shadow. It'll ask you for your root password that we set before. We'll just put the same password and as you can see it showed the details of the shadow password uh shadow file. So why uh so that's the reason actually why it's not recommended to have the root user at all times. It's all uh it's not recommended. Meanwhile, what you can do is let's say you work a lot with the pseudo password. For example, a lot of the things that we're going to do in this video will require the pseudo keyword which is the root access. Now if you just open a new tab for example, you'll get another terminal without any issues. Now one thing I want to note out is if you are learning a lot of the tools use that require the pseudo command like opening sensitive files like this one shadow or making small small changes that require root access like changing the network adapter checking what kind of uh what kind of external devices are being connected from a system perspective all those things you will require to run continuously. So instead of writing pseudo again and again and again for every command, what you can use is this command pseudo su. Now what this will do is it will change the terminal u change the user in this particular terminal tab to a root user. Now I will just press enter and you can see you can check this dollar sign here. Once I press on pseudo SEO, this will change to a hash. And you can see the user has changed now from the simply learn to the root user which basically has all the permissions to do whatever it can with the system. It can change into hash. So now whatever you have to do, you don't have to write pseudo command anymore and just write it shadow and there you go. Now remember this root user terminal is only valid for this particular tab. Not even this window, this particular tab. If I go to this tab here or I'll just close it and create a new tab, it's still a dollar and we in the simple learn user. Anyway, you can't login directly to the root user for security purposes. Like let's say if while it is ultra rare for Linux to have any kind of malware, it is always better to not give it all the permissions like you can have in some other operating system like Windows. So you have to dial into root directly. Okay. So you can use pseudo command. uh you don't have to use sudo command if you have the pseudo su a lot of the things uh sometimes you'll find commands that will not work like the catch tc shadow they will not work or sometime the commands will work but they won't work all the way you'll find something is wrong so always make it a point to try it with pseudo once before moving forward so now let's understand how we can navigate the file system in Linux so what I'm going to do is I'm going to open the terminal again just in case the size of the text available So as you can see uh this still symbol this means we're at the home location. To understand how we can determine which directory we are in currently always remember terminal will open in a particular directory. That's the entire point of the terminal or the command line. For example to find out what you are in right now you can just type in the command pwd which stands for present working directory. Click enter and you can see I'm at the home folder in the simple. Now this can obviously change for example if I want to move somewhere else. Now I'll just open the file manager and show you once this is the home simply run folder as you can see it is written here. Tuna is the name of the file manager. This is the home folder. Now you have desktop documents downloads music all these folders subfolders you can say inside the simpler folder home folder. So what I'm going to do is I'm want to move to let's say the documents folder. Okay. So the command for that would be cd which is change directory. So I'm going to write as you can see it'll automatically uh try to complete the more you use kal linux and actually most of the Linux operating systems the shell or the terminal understands where you go and what you do all those things. So that way I will going to change the directory to the uh let's say the documents folder. We're going to just write cd documents and as you can see there is an extra uh word here the documents which means that now you are in the documents we can use pwd command again to check and you can see home circular documents. Now what if you're at a position where you don't know where uh you are and what are the files that are present there. For example, I just opened this in the graphical user interface and found out that okay, these are the subfolders that I can get into. To understand what are the folders available at your particular location, the command is just listing for command is ls. Press enter. Okay, this is a documents apologies. We'll just to go back one step. Right now we are in home simply learn documents. To go back a single step, we'll just write cd double dot double full stop. Then you can see once again we are back to home simply learn. Now once again to understand what are the folders that are present we have to use the command ls and as you can see you can see everything that is present the desktop document downloads music pictures all those folders can pop up. Now you can move here and there based on where you want to go. Apart from this, let's say if you want to create a new folder for your own, one thing we can do is mkdir. That command stands for make directory. Now, if I want to create a new folder by the name of mkdir slp. Now remember, make sure you understand which position we are at which is right now whom simply learn based on the last pwd. I haven't used cd command anything after that. So now if I press ls, you can see another folder in the name of SLP. Now you can do the same things. You can just go to SLP. You can see the uh path has now changed to home. Simply run SLP. You can go back and that's how you can work and create folders. To delete, let's say I don't want to have the SLP folder anymore. I'll just use rmdir SLP. Now, if I check ls, we don't have that folder anymore. So, that's how you work in between folders. Now, one more thing that you can do is just clear and it'll clear up the terminal for you. Now just to check where we are again home simply learn now remember seeing the uh cat folder right uh the cat for uh sorry the cat command using the etc folder and the shadow file now let's if I want to see what is inside the etc file for example if I just put down ls it will only show me what uh the the folders present in my present working directory what I can do is I can just write ls etc and these are folders that are present in the etc folder. So you can check other files listings here as well and directly giving the full path. So that will ignore the current working directory and show the folders present in the path that you mention. Okay. Apart from that one more thing that we need to know when it comes to listing out details is the LA command. Now all of these commands this ls pwd at least 90% of the commands that you're going to use in the Linux terminal I just clear this for now 90% of the commands that you use in Linux will have subcomands or uh it is also called as flags that go along with it. Now for example in my current present working directory if I press on l