Lazy Tech Leader Series — Security

There are 7 network layers according to OSI Model and security concern area are:

  • Application (how browser interact with user, this is normally done by https.)
  • Presentation (whether the data is encrypted or not, normally you use need to encrypt the confidential data.)
  • Session (inter-host communication, e.g. socket connection)
  • Transport (Connection reliability on establishing communication and which IP it is going.)
  • Network
  • Data Link
  • Physical (e.g. Data Storage)

Encryption Service (reversible)

Tokenization Service (irreversible, but one to one mapping)

Penetration Testing Tools

  • Fiddler — can intercept and decrypt HTTPS traffic in order to identify vulnerability in the application.
  • Nmap — used to scan a subnet, identify what services are running on hosts.
  • Wireshark — network protocal analysis too. It captures data packets moving within a network and displays them back to the end user in a human-readable form.
  • Metasploit — vulnerability exploitation framework
  • Nikto — Web vulnerablity scanner
  • John the Ripper — Password cracking