Learn Cyber Security

 Demo Code Review Introduction    Welcome to the fourth module of software security testing workshop. In this workshop so far we have spoken enough about security testing in software code, methodologies and different types of software testing along with different tools introduction that are available easily in the industry market. However, so far we have not presented a practical demo for performing code review.    This will be a quick module to demonstrate how you can perform code reviews before you put your code on a live desk. We will be using Flawfinder as our tool to review code written in “C” language.    What is Flawfinder?    The Flawfinder is an open source security code review tool that is easily available to be downloaded from the Internet in one quick go.    Vendor’s mouth    “A simple program that examines C/C++ source code and reports possible security weaknesses (“flaws”) sorted by risk level. It’s very usef...

  Source Code Review Tools & Techniques Introduction    Welcome to the third module of software security testing workshop. This module will specifically discuss tools available on the Internet to perform security source code review, or simply code review. These tools are not easy to use and understand as it is not a script kiddy job to simply run and detect the vulnerability and you need to have a solid background in programming to understand what the tool is highlighting as a flaw and what could be the outcome of a complete review.    This module is an easy go as it will speak about different tools and some snapshots. This module can be separately studied to gain more knowledge about source code review tools and their features. In this module, we will public speaking and reviews about these tools.     In today’s field of information security, the fastest growing areas in the software security industry is a source code analysis tool, also known as ...

 Types of Software Security Testing Introduction   Welcome to the second module of software security testing workshop.In this module, we will be exploring different types of evaluating software security. It is recommended that you should first complete the previous module in order to build a knowledge base in this domain, which will help you continue in this workshop with a separate mind set on how to be an expert in software security testing.  Software Security Testing    Different organizations and different security professionals define it differently and mostly all are correct. There are different ways of understanding software security testing. Following are some well known concepts:,    “Security testing which is non-functional in nature, more focused on security aspects”                          OR  “It is a type of testing in which a security professional performs different t...

  The Basics of Software Security Introduction   Welcome to the first module of this workshop. In this workshop, we will be learning about the overall software security testing happening in the field of information security, covering many aspects of security. However, in this module, we will talk about the knowledge base, the basics of software security.  Prerequisites  • Sound knowledge in computer programming  • Sound knowledge of information security and related technologies  • Expert in any one programming language  The Software Industry    The software industry is approximately 50+ years old and it has progressed from a very basic level of software to complex development and now there is a lot of competition among developers and in the mobile software development market.    Most importantly, in today’s software industry, there are threats to the software we normally and generally use, e.g., operating systems, like Windo...

  Kali Linux Comparison with Other security distributions Introduction    Welcome to the last module of this workshop. We have been talking about hacking & exploit development so far in this workshop. Over the Internet, there are many distributions which you can see as security distributions which were build for penetration testing or security testing as a main purpose. But not all of them have the strength that Kali Linux has.   In this module, we will simply present the comparison or the intros of other security related operating systems and Kali Linux.   Known Hacking Distributions (Operating Systems)   1 – Blackbuntu      Blackbuntu is a penetration testing Linux distribution that is specially designed for training security students and information security practitioners. It was built on Ubuntu 10.10 with the Gnome desktop environment. Blackbuntu will also include the KDE desktop in the final release of Blackbuntu Commu...

  Top 10 Security Tools in Kali Linux Introduction  Welcome to module 4 of this workshop. So far, you have learned about hacking with Kali Linux and a taste of how you can utilize Kali Linux as a base platform for exploit development. Here we will highlight the top 10 security tools available in Kali Linux and their purpose.   Prerequisites  It is recommended that you should first complete the previous three modules before you start reading this module.   Top Ten Security Tools available in Kali Linux   Use the application tab and expand the top ten security tools as shown in below figure. You can see the list of tools in the most right tab open under the category top 10 security tools. We will expand each tool one by one.   The first tool, which is presented under top ten categories, is air-crack.     From the vendor’s mouth “Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packe...

  Kali Linux and Exploit Development Introduction    Welcome to the exploit development module. So far, we have been talking about the ethical hacking aspects of Kali Linux. You can also use this wonderful security distribution in the exploit development. Kali Linux comes with pre-installed tools and accessories, which gives support in the exploit development lifecycle. In this module, we will not be explaining “what is exploit development” but we will be discussing where Kali Linux can be used in the exploit development.  Prerequisites  • Basic concepts of exploits  • Prior knowledge about debugging  • Programming concepts  • TCP/IP understanding  • Understanding the background of exploit development   Kali Linux Exploit Development Support   Covering the real aspects of exploit development lifecycle, Kali Linux basically is not a full fleshed exploit development platform, however, it has pre-installed tools that hav...