Information Security:

Information security (InfoSec) is designed to protect the confidentiality, integrity and

availability of computer system data from those with malicious intentions. InfoSec is part of
information risk management.

Information security means protecting important data from being accessed, used, or damaged
by unauthorized people. It ensures that the information stays safe, private, and available when
needed. This involves using tools, rules, and processes to defend against risks like hacking,
data theft, or accidental loss.

ASSET: In information security, an asset refers to anything of value to an organization that

requires protection from potential threats. Assets can be categorized into various types,
including:

1. Information Assets: These include data and information critical to the organization,
such as customer records, intellectual property, financial data, and proprietary
business information.
2. Physical Assets: These are tangible items, such as computers, servers, storage
devices, and networking equipment, that store and process information.
3. Software Assets: These include applications, operating systems, and databases that
facilitate the functioning and management of information systems.
4. Human Assets: People who have access to and manage information systems, such as
employees, contractors, and partners.
5. Intangible Assets: Non-physical resources, such as brand reputation, patents, and
copyrights that indirectly affect information security.

The protection of assets is essential to ensure the confidentiality, integrity, and availability of
information. Identifying and prioritizing assets is a critical step in designing an effective
information security strategy, as it helps in focusing resources on safeguarding the most
critical components.

Access control: An Access control is a way of limiting access to a system or to physical or

virtual resources.

Access control in information security is about deciding who is allowed to use or see certain
information, systems, or resources. It ensures that only authorized people can access sensitive data
or systems, and it blocks everyone else. The access control mechanisms are built start with
identification and authentication.

It is generally considered in three steps:

1. Identification

2. Authentication

3. Authorization
1. Identification: Identification is an assertion of someone and something.

2. Authentication: Authentication is act of verifying a claim of identity.Checking if a person is

who they claim to be (e.g., using passwords, fingerprints, or ID cards).

Authorization: When a person or computer has been successfully identified and authenticated
then it must be determined what informational resources they are permitted to access and
what actions they will be allowed to perform, so this is called authorization.

Example: Online Banking

 You log in to your online bank account using a username and password
(authentication).
 After logging in, you can only see and manage your own account, not anyone else's
(authorization).

GQ. Explain CIA in details.

- The Term Confidentiality, integrity and availability, also known as the CIA triad, which is a
model designed to guide policies for information security within an organization.

Confidentiality is a set of rules that restrict access to information, integrity is assurance that
the information is accurate and trustworthy and availability is a guarantee of authentic access
to the information by authorized people.

1. Confidentiality

Confidentiality is nothing but privacy. Confidentiality is designed to prevent sensitive

Information from reaching the wrong people and making sure that the right people can in fact
get it.

User Id's and passwords, access control lists and policy based security are some of the
methods from which confidentiality is achieved.

2. Integrity

Integrity is assures that the data or information system can be trusted.

It is ensures that edited by only authorized persons and remains in its original state when at
rest. Data encryption Standard and hashing algorithms are key processes that providing
integrity

3. Availability

The Data and information systems are available whenever required.

Hardware maintenance, software upgrading /patching and network optimization ensures

availability.
Authentication is the process of verifying who someone is before allowing them to access
something. It’s like proving your identity to ensure you are the person you claim to be. This
step is important in information security to prevent unauthorized people from accessing
sensitive information or systems.

For example, when you log into your email, you type your username and password. The
system checks if the password matches the one linked to your username. If it matches, the
system knows it’s really you and gives you access. This is a simple form of authentication.

Other examples of authentication include using your fingerprint to unlock your phone,
entering a PIN at an ATM, or scanning a face to access a secure app. Each method helps
confirm your identity before allowing you to proceed.

Authorization is the process of deciding what someone is allowed to do after their identity
has been confirmed. Once authentication verifies who you are, authorization determines what
resources, actions, or data you have permission to access. It ensures that people can only
access what they are supposed to, based on their role or level of access.

For example, in an office, after entering the building with an ID card (authentication), an
employee may be allowed to access only their department's files, while the manager can
access additional confidential reports. Here, authorization limits what each person can see or
do based on their role.

Another example is online shopping. After logging into your account (authentication), you
can view your own order history and payment details, but you cannot access other customers'
accounts or orders. Authorization ensures you can only interact with your own data. This
way, sensitive resources are protected, and access is controlled properly.

THREAD: In simple terms, a thread is like a small task or part of a bigger program that runs
independently but shares the same resources (like memory) with other threads. It allows a program
to do multiple things at the same time.

For example, imagine you're using a web browser.

 One thread could load a web page.

 Another thread could play a video.
 A third thread might handle your typing in the search bar.

Threads help make programs faster and more efficient because they can divide work into
smaller parts and run them simultaneously.

In information security, a threat is any potential danger or event that could harm systems,
data, or networks by exploiting vulnerabilities. A threat can come from different sources and,
if successful, can lead to unauthorized access, data theft, damage, or loss of information.

Types of Information Security Threats:

1. Human Threats:
o Hackers: People who try to break into systems to steal or damage data.
 oInsiders: Employees or contractors who misuse their access to harm the
organization.
o Social Engineering: Tricking people into revealing sensitive information
(e.g., phishing emails).
2. Technical Threats:
o Malware: Harmful software like viruses, ransomware, or spyware.
o Denial of Service (DoS): Overloading a system to make it unavailable to
users.
o Unpatched Software: Bugs or flaws in outdate software that attackers can
exploit.
3. Natural Threats:
o Disasters: Events like floods, earthquakes, or fires that can damage physical
systems or data centres.

Example of a Threat:

A phishing email pretending to be from your bank asks for your password. If you fall for it,
the attacker can gain access to your account, steal money, or misuse your information.

Managing Threats:

Organizations manage threats by:

 Identifying possible threats.

 Protecting systems using firewalls, antivirus software, and encryption.
 Training employees to recognize and avoid risks.
 Regularly updating and monitoring systems.

VULNERABILITY

Vulnerability is a weakness or flaw in a system, software, or process that could be exploited

by someone to cause harm. It’s like a gap in security that makes it easier for hackers or
attackers to break in and steal, damage, or misuse information.

For example, if software has a bug that allows someone to bypass a password, that’s
vulnerability. Similarly, not updating your computer regularly can leave it vulnerable to
viruses or malware. Fixing vulnerabilities (like installing updates or patches) is important to
keep systems safe from attacks.

In information security, vulnerability is a weakness or flaw in a system, software, or process

that attackers can exploit to harm an organization or compromise its data. Vulnerabilities
create openings for threats to occur, such as unauthorized access, data breaches, or system
damage.

Common Types of Vulnerabilities:

1. Software Vulnerabilities:
 o Bugs or coding errors in software that attackers can exploit.
o Example: An out-dated operating system with unpatched security flaws.
2. Network Vulnerabilities:
o Weaknesses in network security settings.
o Example: An open Wi-Fi network without encryption, which can be
intercepted by attackers.
3. Human Vulnerabilities:
o Mistakes made by people that lead to security risks.
o Example: Employees using weak passwords or falling for phishing scams.
4. Physical Vulnerabilities:
o Inadequate physical security of devices or servers.
o Example: A server room without proper locks or surveillance.
5. Configuration Vulnerabilities:
o Misconfigured systems or devices.
o Example: Leaving default passwords unchanged on routers or other devices.

Example of Vulnerability:

Imagine a company uses an old version of a website platform. Hackers find a known security
flaw in that version and use it to access the company's customer data. The outdate software is
the vulnerability that allowed the attack.

How to Address Vulnerabilities:

1. Identify vulnerabilities through regular security assessments.

2. Fix them by applying software updates, installing patches, or improving
configurations.
3. Reduce risks by using firewalls, antivirus tools, and employee training.
4. Monitor systems continuously for new vulnerabilities.

Addressing vulnerabilities is critical for preventing threats and keeping systems safe.

Risk Management

In information security, risk refers to the possibility that a threat could exploit a vulnerability,
leading to harm or loss to an organization. Risks are about what might go wrong, such as data
breaches, hacking, or system failures. Managing risks means identifying, assessing, and
taking steps to reduce or eliminate them.

Explanation of Risk Management

Risk management is the process of handling risks to minimize their impact. It involves:

1. Identifying Risks: Figuring out what could go wrong. For example, a company might
identify the risk of unauthorized access to customer data.
 2. Assessing Risks: Determining how severe the risk is based on its likelihood and
potential impact. For example, losing customer data could damage trust and lead to
financial penalties.
3. Mitigating Risks: Taking steps to reduce or eliminate the risk. This could involve
adding security measures like firewalls, encrypting data, or training employees to
handle data securely.
4. Monitoring Risks: Continuously checking for new risks or changes in existing risks.

Example

Imagine company stores sensitive customer information.

 Risk: Hackers might steal the data.

 Vulnerability: Weak passwords or out-dated software.
 Risk Management:
o Use strong password policies and multi-factor authentication.
o Regularly update software to fix vulnerabilities.
o Conduct security audits to identify weaknesses.

Attack:

An attack in information security is any attempt by someone (or something) to harm, steal,
or disrupt data, systems, or networks. Attacks are carried out by exploiting vulnerabilities to
gain unauthorized access, steal information, or damage resources.

In information security, attacks are categorized into passive attacks and active attacks,
depending on how the attacker interacts with the system or data.

A passive attack is when the attacker secretly monitors or listens to data without changing or
interfering with it. The goal of a passive attack is to gather information, such as private
messages, login credentials, or sensitive business data. Since there’s no direct modification or
disruption, passive attacks are hard to detect. For example, an attacker might use a network
sniffer to intercept data being transmitted over an unsecured Wi-Fi connection, like reading
emails or stealing passwords without the user knowing.

An active attack, on the other hand, is when the attacker directly interacts with the system,
data, or network to disrupt, steal, or modify information. The goal is often to cause harm,
steal information, or take control of a system. Active attacks are usually easier to detect
because they involve noticeable changes or disruptions. For example, a hacker might send
malware to infect a computer, alter a company’s database to steal customer data, or overload
a website with traffic (a denial-of-service attack) to make it crash.

Malware:

Malware (short for "malicious software") is any software created to harm, disrupt, or gain
unauthorized access to computers, networks, or data. Malware is used by attackers to steal
sensitive information, damage systems, or take control of a device without the user's
permission. Malware spreads through infected files, emails, malicious websites, or even USB
drives.
 A virus is a malicious program that attaches itself to files or software. It spreads when the
infected file is shared or opened. For example, a virus can corrupt data, slow down your
device, or make programs stop working.
 A worm is malware that spreads across networks without needing a host file. Unlike a
virus, it doesn’t need user action to spread. Worms can cause network congestion or crash
systems by replicating quickly.
 A Trojan horse (Trojan) pretends to be useful or harmless software but contains
malicious code. Once installed, it can steal your information, give hackers control of your
device, or create vulnerabilities for other malware to enter.
 Ransom ware locks your files or system and demands payment (a ransom) to unlock
them. It’s especially harmful for businesses, as it can halt operations until the ransom is
paid.
 Spyware secretly monitors your activities and collects information without your consent.
For example, it might track your keystrokes to steal passwords or record your browsing
habits.
 Adware displays unwanted advertisements, often in the form of pop-ups. While it’s less
harmful than other malware, it can slow down your device and invade your privacy by
tracking your online activities.
 A rootkit is a hidden program that allows attackers to control your system without
detection. Rootkits are dangerous because they can disable security software and give
attackers long-term access to your system.
 A botnet is a group of computers infected with malware and controlled by an attacker.
These "zombie" computers are often used for large-scale attacks, like sending spam or
launching denial-of-service (DoS) attacks.

What is a Virus in Information Security?

In the context of information security, a virus is a type of malicious software (malware) that
spreads from one computer to another. Just like a biological virus, a computer virus needs a
"host" to infect. In this case, the host is a file, program, or system. Once the virus is inside a
computer or device, it can cause damage, steal information, or spread to other systems. A
virus may remain dormant until it is triggered by specific actions, like opening a file or
running a program.

Types of Computer Viruses in Information Security

Viruses can be classified based on how they spread and behave in a computer system. Here
are the most common types:
1. File Infector Virus: These viruses attach themselves to executable files (files that run
programs). When you open the infected file, the virus executes and spreads.

 Example: CIH (Chernobyl) virus, which could corrupt files and even damage a
computer’s hardware.

2. Macro Virus: These viruses target documents that contain macros (small programs used to
automate tasks). They often infect programs like Microsoft Word or Excel.

 How it spreads: The virus infects documents and can spread when the infected
document is opened by another user.
 Example: Melissa virus, which spread through email attachments and infected Word
documents.

3. Boot Sector Virus: These viruses target the boot sector of a computer, which is responsible
for starting up the system. It spreads when the computer is started (booted) from an infected
disk or USB drive.

 Example: Stone virus, which could corrupt the system’s master boot record (MBR)
and prevent the system from starting correctly.

4. Polymorphic Virus: These viruses can change their code each time they infect a new
system, making them harder to detect by antivirus software.

 Example: Storm Worm virus, which used polymorphic methods to avoid detection by
antivirus software.

5. Resident Virus: A resident virus becomes part of the system’s memory (RAM) and
operates in the background, making it harder to remove.

 Example: Randex virus, which could infect files and execute itself without user
knowledge.

Type of vulnerabilities:

1. Cross-site scripting (XSS)

Cross-site scripting (XSS) is a type of security vulnerability that allows attackers to inject
malicious code, usually in the form of a script, into a trusted website or web application. The
malicious code is often written in JavaScript, but can also be written in other programming
languages. When users visit the infected website, the malicious code is executed in their
browser without their knowledge.

The main goal of XSS attacks is to steal sensitive information like cookies, session tokens, or
login credentials, or to perform other malicious activities like defacing a website or spreading
malware. For example, imagine a website where users can leave comments. If the website
does not properly check the comment content, an attacker could enter a comment with a
malicious script embedded in it. When another user views the comment, the script runs in
their browser and can steal their session cookie or perform actions on behalf of the user, such
as sending messages or changing settings.

There are three main types of XSS attacks: stored, reflected, and DOM-based. In a stored
XSS attack, the malicious script is saved on the server (like in a database) and then shown to
users later. In a reflected XSS attack, the malicious script is immediately reflected back to
the user without being stored. In a DOM-based XSS attack, the vulnerability arises when the
malicious script manipulates the Document Object Model (DOM) in the user's browser,
causing the script to run.

To prevent XSS attacks, websites must sanitize all user input, meaning that they must check
and clean the data to make sure it doesn’t contain harmful code. Websites should also use
security features like Content Security Policy (CSP) and HTTP-only cookies to minimize the
risk of XSS.

2. cross site request forgery (CSRF/XSRF)

Cross-Site Request Forgery (CSRF) is a type of security vulnerability that allows attackers
to trick a user into performing unwanted actions on a website or web application where they
are already authenticated. It takes advantage of the trust that a website has in the user's
browser rather than the user themselves. CSRF attacks typically occur when a user is logged
into a website, and while they are still authenticated, an attacker can make requests to that
website without the user's knowledge or consent.

Imagine you are logged into your online banking account, and while you’re browsing other
websites or reading emails, an attacker can send a hidden request to your bank's website that
transfers money from your account to theirs. Since the bank trusts that you are the one
making the request (because you're already logged in), it processes the transaction without
questioning it.

To prevent CSRF attacks, websites use various techniques such as requiring a CSRF token
in forms. This token is a unique, random value that the website generates and checks when a
request is made. If the token is missing or incorrect, the request is rejected, because the
attacker cannot know the correct token. Another approach is to use same-site cookies, which
restrict cookies from being sent in cross-site requests, making it harder for attackers to exploit
a user’s authenticated session.

3. SQL injection

SQL Injection is a type of security vulnerability that allows an attacker to interfere with the
queries that an application makes to its database. In simple terms, SQL injection happens
when an attacker is able to insert or "inject" malicious SQL code into a web application's
input fields, causing the application to execute harmful commands on the database. This can
lead to unauthorized access, data manipulation, or even complete control over the database.

SQL (Structured Query Language) is the language used to communicate with a database.
When a user submits data through a form, search bar, or URL parameter, the application
typically uses that data to build an SQL query to interact with the database. For example,
when you log in, the application might run an SQL query like, "SELECT * FROM users
WHERE username = 'input' AND password = 'input'". If the application doesn't properly
filter or sanitize the input, an attacker could input malicious SQL code that changes the
query's behaviour.

For example, imagine a login form that asks for a username and password. If the application
directly uses the data entered into the form without any checks, an attacker could enter
something like this in the username field: admin' OR '1' = '1. This would change the SQL
query from checking for a specific username and password to always returning true, since
'1' = '1 is always true. As a result, the attacker would be logged in as an admin without
providing a valid password.

SQL injection can have serious consequences. Attackers can use it to view, modify, or delete
data from the database. In some cases, they can even execute administrative operations, such
as creating new user accounts, or in extreme cases, gain full control over the database server
and the entire system. SQL injection is one of the most dangerous vulnerabilities because it
can allow attackers to access sensitive information like passwords, credit card numbers, or
personal data.

To prevent SQL injection, developers use techniques such as parameterized queries or

prepared statements, which ensure that user input is treated as data rather than executable
code. Additionally, input validation and sanitization are important to ensure that only
expected data is entered into the system. By properly securing the database queries and
checking user inputs, websites and applications can protect themselves from the devastating
effects of SQL injection attacks.

4. input parameter manipulation

Input Parameter Manipulation is a type of security vulnerability that occurs when an

attacker modifies the input parameters sent to a web application in order to manipulate the
behaviour of the application. This can happen when a web application takes input from a
user, such as data entered into a form, URL parameters, or cookies, and uses that input
without properly validating or securing it. By altering the input parameters, attackers can
trick the application into performing unintended actions, revealing sensitive information, or
even executing harmful code.

For example, imagine a web application that has a page for viewing user profiles. The URL
might look like this: www.example.com/profile?user_id=123. The user_id parameter in
the URL tells the application which user’s profile to display. However, if the application
doesn’t properly check the input, an attacker could manipulate the user_id parameter to
access another user’s profile, like changing it to user_id=456. This could allow the attacker
to view or modify data they should not have access to, such as private messages or personal
details.

Input parameter manipulation can happen in many different ways, depending on the type of
input and the application’s design. Attackers might alter form fields, URL parameters,
cookies, or even hidden fields in web forms. The goal is to trick the application into
performing actions or returning data that it shouldn’t, often bypassing security restrictions.
To protect against input parameter manipulation, developers should always validate and
sanitize user inputs. This means ensuring that only expected, safe data is allowed, and that
any changes made to input parameters are checked for authenticity.

5. Broken authentication

Broken authentication is a security vulnerability that occurs when a web application or

system fails to properly verify the identity of a user. Authentication is the process of
confirming that a user is who they say they are, usually by checking their username and
password. When authentication is broken, attackers can bypass security measures and gain
unauthorized access to sensitive data or systems. This flaw typically happens when the
system doesn't implement strong authentication methods or has weaknesses in the way it
manages user sessions, passwords, or other credentials.

For example, when a user logs into a website, the system compares the entered username and
password with the information stored in its database. If the system doesn’t check these
credentials properly, or if it allows weak passwords, attackers can guess or crack the
password, gaining unauthorized access. Similarly, if the system doesn’t properly manage or
secure user sessions—such as by failing to log out users after a certain period or allowing
session tokens to be easily guessed—attackers might hijack an active session and impersonate
the user.

Additionally, broken authentication can happen when multi-factor authentication (MFA) is

not enforced or is poorly implemented. MFA adds an extra layer of security by requiring
users to provide something they know (like a password) and something they have (like a
phone or a fingerprint). Without it, attackers only need to crack the password to gain access,
which makes the system more vulnerable to attacks like brute-force or credential stuffing.

To fix broken authentication, developers need to implement strong, secure authentication

mechanisms. This includes enforcing complex password policies, securely storing passwords
(e.g., using hashing and salting), and ensuring that session management is handled correctly,
such as by using secure session tokens and logging users out after a period of inactivity.
Additionally, multi-factor authentication should be used to add an extra layer of protection.
Proper authentication is essential for securing user accounts and preventing unauthorized
access to sensitive systems and data.

6. sensitive information disclosure

Sensitive information disclosure is a security vulnerability that occurs when a system

accidentally reveals or exposes confidential information that should have been kept private.
This can happen when sensitive data, like passwords, personal details, financial records, or
security keys, is visible to unauthorized users or attackers. The exposure of such information
can lead to identity theft, financial loss, or unauthorized access to systems.

Sensitive information disclosure can happen in many ways. For example is when sensitive
data is stored in places where it can be easily accessed. If personal information, like social
security numbers or credit card details, is stored in plain text or is not encrypted, anyone who
gains access to the system (or even the database) can easily read this information. This can
also happen when sensitive data is sent over the internet without proper encryption, making it
possible for attackers to intercept the data using tools like "packet sniffers."

To prevent sensitive information disclosure, it's crucial to follow best practices such as
encrypting sensitive data both at rest (when stored) and in transit (when transmitted over the
internet), using proper access controls to limit who can view or modify sensitive information,
and being cautious with error handling. Systems should avoid exposing detailed error
messages, and logs should be carefully managed to ensure they don't include confidential
data. By securing sensitive information and ensuring it’s only accessible to authorized users,
organizations can protect against this type of vulnerability.

7. XML External Entities

XML External Entities (XXE) is a security vulnerability that occurs when an application
processes XML input in an unsafe way, allowing an attacker to inject and exploit external
entities into XML documents. An external entity is a part of an XML document that can
reference external files or resources, such as files on a server, URLs, or even other systems. If
an application does not properly handle these external entities, attackers can use them to
access sensitive information, cause denial of service, or even execute remote code.

XML is a markup language used to encode data in a way that can be easily read by both
humans and machines. It is widely used to exchange data between systems and applications.
XML allows for the definition of "entities" that can hold data, such as text or references to
external resources. However, if the application does not properly validate and sanitize XML
input, an attacker can craft a malicious XML document that includes references to sensitive
files or resources on the server.

For example, an attacker could craft an XML document that references a sensitive file on the
server, such as /etc/passwd on a Linux system, which contains information about user
accounts. When the server processes the XML document, it might attempt to load the
referenced file, exposing its contents to the attacker. This is a dangerous type of attack,
because it allows attackers to gain access to files and information that should be restricted.

To prevent XXE vulnerabilities, applications must be configured to disable or properly

handle external entities in XML processing. This means using secure XML parsers that do
not allow external entities by default, validating and sanitizing XML input, and limiting the
ability of XML parsers to access sensitive files or resources on the server. By doing so,
developers can protect their systems from the risks of XML External Entity attacks.

8. Broken access control

Broken access control is a security vulnerability that occurs when a web application or
system fails to properly enforce restrictions on what authenticated users can or cannot do.
Access control is the mechanism that ensures users can only access the resources and perform
the actions they are authorized to. When access control is broken, attackers can gain
unauthorized access to sensitive data or perform actions that should be restricted to certain
users.
For example, imagine a website where users can view and edit their own profile information.
The system should ensure that a user can only access their own profile, not the profiles of
other users. If the access control is broken, an attacker might be able to change the user ID in
the URL or manipulate the application in some way to view or modify another user’s profile,
even though they shouldn’t have access to it. This could lead to data breaches or unauthorized
changes to sensitive data.

Broken access control can also allow attackers to escalate their privileges. For example, a
regular user might be able to elevate their access level to an admin by manipulating request
parameters, cookies, or other session data. Once they have admin privileges, they can view,
delete, or modify any data in the system, potentially causing significant damage or stealing
sensitive information.

To prevent broken access control, developers need to ensure that proper checks are in place at
every point where access to resources is granted. This includes validating that users can only
access resources they are authorized to, and ensuring that even if users try to manipulate
URLs or session data, the system will not grant them access. It’s also important to implement
the principle of least privilege, where users are granted only the minimum level of access
necessary to perform their tasks. By doing so, applications can protect themselves from
unauthorized access and prevent attackers from exploiting broken access control
vulnerabilities.

9. Security Misconfiguration

Security misconfiguration is a vulnerability that occurs when a system, application, or

network is not properly set up or configured to protect against attacks. It happens when
security settings, permissions, or features are either not implemented or are incorrectly
configured, leaving a system exposed to potential threats. This can happen at any level of an
application, from the network infrastructure to the software or hardware, and can lead to
serious security risks.

For example, a web server might be left with default settings or configurations that are not
secure. Many software programs come with default configurations that are easy to set up but
are often not secure enough for real-world use. If these defaults are left unchanged, attackers
can exploit them to gain unauthorized access to the system. For instance, a server might have
a default admin password that is well-known or easily guessed, allowing attackers to log in
and take control of the system.

In addition, incorrect permissions on files or folders can expose sensitive data to users or
applications that should not have access. For example, if a server allows public access to a
directory that contains sensitive information, attackers can simply browse the directory and
retrieve the data.

To prevent security misconfiguration, it is important to regularly review and update system

and application settings, disable unnecessary features, and ensure that proper permissions and
encryption are in place. Security should also be integrated into the development process,
ensuring that proper configurations are set from the start. Regular security audits and
automated tools can help identify and fix misconfigurations before they are exploited.
10. Insufficient Logging and monitoring

Insufficient logging and monitoring is a security vulnerability that occurs when a system
fails to properly record or track important activities, or when those logs are not actively
reviewed for suspicious behaviour. Logging refers to the process of recording events and
actions that occur in a system, while monitoring refers to the active observation of those logs
to detect and respond to potential security incidents. When either of these practices is
insufficient, attackers can exploit the system without being detected, and it becomes difficult
to investigate and respond to incidents after they occur.

For example, a web application may not log failed login attempts, so if an attacker tries to
guess a user's password through repeated login attempts, there would be no record of this
activity. Without this information, administrators would not be able to identify that an attack
is happening. Similarly, if logs are not monitored or reviewed regularly, it could take a long
time before any suspicious activity is noticed, allowing the attacker to carry out their attack
undetected.

To protect against insufficient logging and monitoring, organizations must ensure that key
activities, such as logins, file accesses, configuration changes, and security events, are
properly logged and stored in a secure, tamper-evident manner. These logs should be
comprehensive, include relevant details, and be stored for an appropriate amount of time.
Additionally, continuous monitoring and automated alert systems should be put in place to
quickly detect and respond to suspicious activities. By maintaining strong logging and
monitoring practices, organizations can significantly improve their ability to detect security
incidents early and take action before the damage is done.

OWASP Mobile Top 10

The OWASP Mobile Top 10 identifies the most significant security risks in mobile
applications and provides guidance on how to address them. These risks cover various
aspects of app development and usage, ensuring developers and organizations create secure
apps that protect user data and functionality.

The first risk is improper platform usage, which occurs when app developers misuse features
or security controls provided by mobile platforms like Android or iOS. Misconfigurations or
incorrect implementation of platform-specific features can leave apps vulnerable to attacks.

Insecure data storage is another critical issue. This happens when sensitive information, such
as passwords or personal data, is stored insecurely on the device, making it susceptible to
theft if the device is compromised.

Insecure communication refers to the failure to securely transmit data between the app and
external systems. If communication channels are not encrypted or properly secured, attackers
can intercept sensitive information like login credentials or personal data during transmission.

Insecure authentication arises when the app's mechanisms for verifying user identity are weak
or flawed. This could allow attackers to bypass authentication checks and gain unauthorized
access to the app and its data.
Insufficient cryptography occurs when apps use weak, outdate, or improperly implemented
encryption techniques to protect sensitive data. This makes it easier for attackers to decrypt
and access the information.

Insecure authorization refers to flaws in how the app enforces permissions and access control.
This can lead to unauthorized users accessing restricted data or performing privileged actions
within the app.

Poor client code quality refers to coding errors or flaws within the app's code. These
vulnerabilities can be exploited by attackers to compromise the app's functionality, access
sensitive information, or crash the app.

Code tampering involves attackers modifying the app's code to change its behaviour or
introduce malicious functionality. This can result in unauthorized actions or harm to the app's
users.

Reverse engineering is the process where attackers analyse an app's code to understand its
logic, extract sensitive information, or identify vulnerabilities. This can lead to the creation of
malicious clones or exploits targeting the app.

Lastly, extraneous functionality includes hidden or unintended features left in the app by
developers, such as debugging tools or backdoors. These features can be discovered and
exploited by attackers to gain unauthorized access or perform malicious activities.