INFORMATION SECURITY AND AUDIT
1. Overview of information security
2. Information and Network Security Policies
3. Cryptography and PKI
4. Network security applications
5. Design Principles
6. Compliance, Evaluation system and Law
7. Malicious logic and attacks
8. Vulnerability analysis and IT Audit
9. Intrusion detection and log analysis
LAB WORK -ISA
SOLVED PRACTICE QUESTIONS
PREV NEXT

WEB SECURITY 

Web security is synonymous with cybersecurity and also covers website security, which involves protecting websites from attacks.

Need of Web Security

The massive importance of the internet for modern enterprises—and the accompanying growth in the sophistication, frequency, and impact of cyberattacks—has made web security critical to business continuity. 

Web Security Working

Web security functions sit between your environment’s endpoints and the internet. From there, they inspect traffic and requests traveling in both directions. No single technology monitors or inspects all traffic, but a “stack” of appliances—or a cloud-delivered platform of services, more effective today—provides holistic coverage to prevent policy violations, malware infections, data loss, credential theft, and so on.

Benefits of Web Security

For a modern enterprise, effective web security has broad technical and human benefits:

  • Protect your business and stay compliant by preventing loss of sensitive data
  • Protect customers and employees by securing their private information
  • Avoid costly service interruptions by preventing infections and exploits
  • Offer a better user experience by helping your users stay safe and productive
  • Maintain customer loyalty and trust by staying secure and out of the news

Most Common Threats 

  • Ransomware: These attacks encrypt data, and then demand a ransom payment in exchange for a decryption key. In a double-extortion attack, your data is also exfiltrated.
  • General malware: Countless variants of malware exist that can lead to anything from data leaks, spying, and unauthorized access to lockouts, errors, and system crashes.
  • Phishing: Often carried out through email, text messages, or malicious websites, these attacks trick users into things like divulging login credentials or downloading spyware.
  • SQL injection: These attacks exploit an input vulnerability in a database server, allowing an attacker to execute commands that let them retrieve, manipulate, or delete data.
  • Denial of service (DoS): These attacks slow or even shut down a network device such as a server by sending it more data than it can process. In distributed DoS—that is, a DDoS attack—this is carried out by many hijacked devices at once.
  •  

 

PREV NEXT