welcome to bicodev. we like to write about Cyber Security.we have five years of experience in cyber security and rest of the experience come from web application architecture security. I will tell you something about my life and you will also keep the same thing in your mind.
Hello, I hope everyone is well. My name is Imran Niaz and I like to write about Cyber Security. I have a total of five years of experience in cyber security and rest of the experience in web application architecture security. I will tell you something about my life and you will also keep the same thing in your mind.
If you want to become a professional and capible hacker, then what things are necessary for that, we will try to understand the things basically.
To understand anything it is very important to first understand the basic principles of that thing. If you want to say that I will build the whole building of Puri in one day or destroy the whole building of Puri in one bridge.
If I give it, it will be a possible move. Because the building is made up of many things, it is very important for us to understand about this thing, how the thing that we are trying to destroy or trying to save is finally built.
For example, you want to test an application, but have you thought about what are the basic components of the application you want to test. Finally, it’s important to understand what’s most important about how an application’s structure works both internally and externally.
If you want to ask me how I learned. So let me first tell you how I learned cyber security and hacking in the end.
My first job in life was game development, I was a game environment designer. I was curious about how things are made from scratch when I came to know about this after
we worked on the application for some time. I built various CMS’s through-generated applications when learned to build web applications, then I started coding through applications.
And when I got the knowledge of coding, how coding works, then I started to understand that when we are making things, things break during that time, but we understand this thing later.
I started inspecting different jumps, breaking them down as I learned to break things and using them by combining them with different things.
But before that, what do you need?
It is very important for you to have knowledge about many things. For example, the type of operating systems, how to use the operating system, which crane system to use and the difficulties that arise during it.
“Chris Hadfield said that the only time you fear is when you don’t know anything. “
You should have enough knowledge of everything that you can protect yourself and make weapons without worry. can use However, you should have enough understanding of everything to be able to make weapons and use them without worry.
Because my specialty is on top of web application architecture security and network.So I can tell you mostly about that I will tell you about this stuff. I’ll walk you through the nitty gritty of how a web application actually works. And how it is broken down and before breaking down we will look at some things as well.
How a web application works and what are the components behind it.
What you need to understand now for “cyber security ”and “web application testing ”is how the web application is actually working. Below I will try to explain them well so that you can understand.
Microservices Architecture
Feel free to ask if you need more information about any specific component.
There are 4 principles of testing almost anything built into cyber security.
Reconnaissance,
This method is actually the first step in collecting information. One of the ways you can collect a lot of information, for example, the number of employees working within a company, the company’s revenue streams, or any information that is being transmitted over a network is called LAN. Or can be in any way.
Scanning:
Scanning is very important before working on a project. As we find out about the object, what is the structure of the latter. 70 to 80
percent of cyber security is dependent on scanning. We scan things in different ways. Whether it’s
Network
Network is the basic support of any web application or desktop application or let’s say mobile application. No matter how good an application you have, it is of no use unless it is on the Internet. Or it is useless if different people cannot access it.
In the same way, all these applications are running through a network and are connected to the network server. When information is given to the server, it delivers it to various people on the Internet. We also try to understand this thing. How is the network working in the end? Networks are basically working over ports.
If you don’t understand the words, then you can say in simple words that ports work as doors in networks
. For example, there is a port that is connecting to the database,
its name is 3306
, its function is that it will only connect to the database, but we also need to protect
it.
Because if everyone can see their stuff on this port, it is a sign of danger. And above the port also there are different types like UTCP , TCP
,. These are all protocols.
1: APIs,
API means Application Development Interface
is a method whose throw-ups can communicate between two servers
. Communication security of API is very important, it plays a big role in any web application or mobile or test-of-application
. If your API is not secure, you are at a risk.
Last time there was a cyber attack on Facebook from which the information APIT was leaked.
2: Databases,
Database is a very important part of any website, PI is also sometimes communicating with the database itself. and are sending information to the server. If there is any issue in the database, it means that there is a risk of an attack on your database. is given. Various SQL injection tools available on the internet which are playing a big role in doing this work are becoming the focus of hackers.
SQL injections,
SQL injection is a method in which you use different payloads and mix
those payloads in any way and send a request to the server that informs the database. The damage caused by these changes can delete objects from the database or make large changes to them. If we look at another example of injection, SQLMap is a tool is playing an important role in performing SQL injection. But more than that, people who have created new tools are quite good and awesome. I am using a tool called Ghurri
.
cross-site scripting:
- CSRF tokens,
- HTML injections,
- or data breaches.
All this is done thanks to the scanning we know about how the latest scanning tools work. Can we make these slot tools and how much time do they require?
- vulnerability assessment,
- Exploitation, and reporting.
- Social
Basically what this means is that you test things outside of any organization with ethics in mind. This is an example of social engineering. For example, you can do anything that Ethics is within the app to inspect the network and see the changes that occur within it.