Lazy Tech Leader Series — Security

There are 7 network layers according to OSI Model and security concern area are:

• Application (how browser interact with user, this is normally done by https.)
• Presentation (whether the data is encrypted or not, normally you use need to encrypt the confidential data.)
• Session (inter-host communication, e.g. socket connection)
• Transport (Connection reliability on establishing communication and which IP it is going.)
• Network
• Data Link
• Physical (e.g. Data Storage)

Encryption Service (reversible)

• Hashicorp Vault

Tokenization Service (irreversible, but one to one mapping)

• Protegrity

Penetration Testing Tools

• Fiddler — can intercept and decrypt HTTPS traffic in order to identify vulnerability in the application.
• Nmap — used to scan a subnet, identify what services are running on hosts.
• Wireshark — network protocal analysis too. It captures data packets moving within a network and displays them back to the end user in a human-readable form.
• Metasploit — vulnerability exploitation framework
• Nikto — Web vulnerablity scanner
• John the Ripper — Password cracking