There are 7 network layers according to OSI Model and security concern area are:
- Application (how browser interact with user, this is normally done by https.)
- Presentation (whether the data is encrypted or not, normally you use need to encrypt the confidential data.)
- Session (inter-host communication, e.g. socket connection)
- Transport (Connection reliability on establishing communication and which IP it is going.)
- Data Link
- Physical (e.g. Data Storage)
Encryption Service (reversible)
Tokenization Service (irreversible, but one to one mapping)
Penetration Testing Tools
- Fiddler — can intercept and decrypt HTTPS traffic in order to identify vulnerability in the application.
- Nmap — used to scan a subnet, identify what services are running on hosts.
- Wireshark — network protocal analysis too. It captures data packets moving within a network and displays them back to the end user in a human-readable form.
- Metasploit — vulnerability exploitation framework
- Nikto — Web vulnerablity scanner
- John the Ripper — Password cracking