CYBER SECURITY

A Summer Internship Report submitted in partial fulfillment of the

requirements for the award of the degree of

Bachelor of

Technology In

Computer Science and Engineering – Cyber Security

Submitted by:
INDURI VENKATA SAI SWETHA

21F01A4619

Under the Guidance of

Dr. M. Ramesh
Professor in CSE -
CS
St. Anns College of Engineering and Technology

&

SkillDzire,
Estd. 2019,
[email protected],
Mobile: +918019692530
HYDERABAD

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING – CYBER

SECURITY
St. Ann’s College of Engineering and Technology
(AUTONOMOUS) Approved by UGC — New Delhi and Affiliated
to JNTU Kakinada CHIRALA, ANDHRA PRADESH – 523187, INDIA
2024
Page | 1
 ST. ANN’S COLLEGE OF ENGINEERING & TECHNOLOGY
DEPARTMENT OF CSE – CYBER SECURITY

CERTIFICATE

This is to certify that the virtual short- term Internship Project Report entitled

“CYBER SECURITY”, submitted by INDURI VENKATA SAI SWETHA of B. Tech

In the Department of CSE – CYBER SECURITY of St. Ann’s College of Engineering

& Technology as a partial fulfillment of the requirements for the Course work

of B. Tech in CSE – CYBER SECURITY is a record of virtual short-term internship

Project work carried out under my guidance and supervision in the Academic

Year 2024 - 2025

Signature of the Supervisor Signature of the HOD

( ) (Dr. M. Ramesh, Prof. & HOD)

Signature of the Examiner

Page | 2
 Student’s Declaration

I, INDURI VENKATA SAI SWETHA a student of B. Tech Program, Reg. No.

21F01A4619 of the Department of CSE-Cyber Security, St. Ann’s College of
Engineering and Technology, Chirala do hereby declare that I have completed the
mandatory internship from 26 May 2024 to 26 July 2024 in SkillDzire, Hyderabad
under the Faculty Supervision of Dr. M. Ramesh, Professor and HOD of the
Department of CSE – CYBER SECURITY, St. Ann’s College of Engineering and
Technology, CHIRALA.

(Signature and Date)

Page | 3
Page | 4
 Acknowledgement

On this great occasion of accomplishment of virtual short-term

internship on CYS-Cyber Security, we would like to sincerely express our
gratitude to Mrs. Dr. M. RAMESH who has been supported through the
completion of this project.

I would also be thankful to our Head of the Department Dr. M.

RAMESH of St. Ann’s College of Engineering & Technology for providing
valuable suggestions in completion of this internship.

I would also be thankful to the Principal and Management of St. Ann’s

College of Engineering & Technology for providing all the required facilities
in completion of this internship.

I would like to extend my deep appreciation to SkillDzire without their

support and coordination we would not have been able to complete this
internship along with a project.

Finally, I would like to thank all teaching and non-teaching staff of the
department for their support and coordination, I hope we will achieve more in
our future endeavors.

(I.V.SAI SWETHA)

Page | 5
 TABLE OF CONTENTS

Sl. No. Page No.

College Certificate 2

Industry Certificate 4
Student’s Declaration 3

Acknowledgements 5
CHAPTER - 1 About SkillDzire 7

CHAPTER – 2 Introduction to Cyber Security 9

CHAPTER - 3 Cryptography 10
4.1 Security Audit & Scanning Patching 12
CHAPTER – 4
4.2 Network Security 14

5.1 Security Architecture and Investigation 15

CHAPTER – 5
5.2 Malwares and Threats in the cyber security 17
CHAPTER – 6 Cyber Security Forensics in the cyber security 21
CHAPTER – 7 Reverse Engineering and Secure Coding Practice 24

CHAPTER – 8 Project Work 27

CHAPTER – 9 Conclusion 32

CHAPTER – 10 Outcomes Description 33

List of Figures in Project 29

Page | 6
 CHAPTER – 1

About SkillDzire

Overview:

SkillDzire is a premier IT services and professional training provider that empowers

individuals with the knowledge and skills necessary to thrive in the ever-evolving
world of technology. Founded in 2015 by Srikanth Muppalla and Sreedhar Thokala,
SkillDzire initially started as a Proprietor Entity and transitioned to a Private Limited
Company in 2022. With branches across India, the USA, and Australia, SkillDzire has
rapidly grown into a global entity offering specialized training programs and
internships to individuals across industries like education, healthcare, finance, IT, and
manufacturing.

At SkillDzire, the focus is on providing practical training and internship opportunities

that help students and professionals develop hands-on expertise in various fields.
With an emphasis on industry relevance and real-world applications, SkillDzire
bridges the gap between academic knowledge and professional skills, positioning its
trainees for success in their respective careers.

The company’s diverse portfolio includes customized training programs, internship

placements, and cutting-edge technological courses, aimed at giving participants the
knowledge and experience they need to excel in the workplace. SkillDzire’s presence
extends to markets across India, the United States, Canada, UK, UAE, Germany, and
South Africa, offering global-scale opportunities to its members.

Mission:

SkillDzire’s mission is to provide high-quality, practical training and internship

solutions that empower individuals to succeed in the modern workplace. By focusing
on industry-driven programs, SkillDzire aims to:
 Deliver hands-on learning experiences tailored to the evolving needs of
students and professionals.
 Bridge the gap between academic education and industry requirements,
helping individuals develop in-demand skills.
 Foster a culture of continuous learning and career development, ensuring
participants remain at the forefront of their industries

Objectives:
 To advance technical skills through specialized training in emerging technologies

Page | 7
and industry practices.

Page | 8
  To provide a global platform for learners and professionals to connect,
collaborate, and enhance their career opportunities.
 To foster industry partnerships that enable internship placements, ensuring
that learners gain practical, real-world experience.
 To deliver training solutions that meet the diverse needs of industries such as
IT, healthcare, education, finance, and manufacturing.
 To promote career development by providing ongoing support and resources
for professional growth.

Key Activities:
1. Training Programs: Offering a wide range of industry-specific training programs
in areas such as IT, cloud computing, digital marketing, AI, and software
development.
2. Internship Placements: Matching students with internship opportunities in top
companies to provide real-world experience.
3. Competitions and Hackathons: Organizing contests and challenges to
encourage creativity and innovation in the tech space.
4. Corporate Collaborations: Partnering with businesses to offer training
programs tailored to organizational needs, enhancing employee skills and
performance.
5. Workshops and Seminars: Hosting workshops, seminars, and webinars on
cutting-edge technologies, market trends, and career development strategies.
6. Certification Programs: Offering certifications to help individuals gain
recognition for their skills and enhance their employability.

Impact and Achievements:

 Developed tailored training programs that have empowered over 20,000

students and professionals to enhance their skills.
 Launched cutting-edge programs in high-demand fields like cloud technologies,
AI, and software development.
 Helped hundreds of interns secure full-time positions at top tech companies
through internship placements.
 Maintained a 92% client retention rate, showing strong satisfaction from both
students and partner organizations.
 Published case studies and research papers detailing the success of SkillDzire’s
training programs and their impact on industry readiness.

Page | 9
 CHAPTER-2

Introduction to Cyber Security

Introduction to Cyber Security

Meaning of the word CYBER: Refers to anything related to computers, networks, or

digital information.
Need of Cyber Security: With the increasing dependence on technology, cyber threats
have become more prevalent, making cybersecurity essential to protect sensitive data
and systems.
Overview of the cyber security: This includes various aspects such as network
security, information security, application security, and more.

In the inaugural week of our Cyber Security course, we embark on an illuminating

journey into the realm of digital defense. Cyber Security stands as a stalwart shield
safeguarding our increasingly digitized world against a plethora of digital threats. This
week serves as the foundational bedrock upon which we shall build our
understanding of the complex web of technologies, practices, and strategies that
comprise the Cyber Security domain.

With the rapid proliferation of digital technologies in every facet of modern life, the
importance of Cyber Security has never been more pronounced. Our exploration
begins with a comprehensive examination of why Cyber Security matters, delving into
real-world examples of cyber attacks and their far-reaching consequences.

Moreover, this week serves as an invitation to cultivate a cybersecurity mindset—a

vigilant, proactive approach to identifying and mitigating digital risks. By fostering a
culture of awareness and responsibility, we empower individuals to become the first
line of defense against cyber threats, both in their personal and professional lives.

In essence, Week 1 lays the groundwork for a transformative journey into the ever-
evolving world of Cyber Security. Armed with a newfound appreciation for the
challenges and opportunities that lie ahead, students are poised to embark on a path
of discovery, innovation, and empowerment in the pursuit of digital resilience.

Page |
10
 CHAPTER – 3

CRYPTOGRAPY

Cryptography is a foundational aspect of cybersecurity that involves techniques for

securing information and communications by encoding data to make it accessible only
to authorized individuals. It provides essential mechanisms to protect sensitive data,
maintain privacy, authenticate users, and ensure data integrity. Here’s an overview of
how cryptography supports cybersecurity:

1. Confidentiality
- Cryptography ensures that sensitive information, such as passwords, personal
data, and financial information, remains private. Encryption algorithms (like AES, RSA,
and ECC) transform readable data (plaintext) into unreadable forms (ciphertext),
making it accessible only to those with the decryption key.

2. Integrity
- Cryptography can detect any unauthorized changes to data by using hashing
functions, such as SHA-256. A hash is a fixed-size string derived from data; any change
in the data, however minor, will alter the hash, alerting users to tampering.

3. Authentication
- Digital signatures, based on cryptographic algorithms, verify the identity of users
and ensure that messages or transactions come from a legitimate source. They
prevent impersonation and enable trust in digital communications.

4. Non-Repudiation
- Cryptographic techniques make it impossible for a sender to deny having sent a
message. Digital signatures and certificates confirm the origin and authenticity of
messages or transactions, creating an audit trail.

5. Public Key Infrastructure (PKI)

- PKI is a system of policies, digital certificates, and encryption that enables secure
communication across insecure networks, like the internet. It helps establish trust by
managing public and private keys, facilitating secure transactions and
communications.

6. VPNs and Secure Communication

- Cryptography is used in Virtual Private Networks (VPNs) to secure internet
Page | 11
connections. It enables secure browsing, especially on public networks, by creating
encrypted tunnels for data transfer.

7. End-to-End Encryption
- Applications like messaging services use end-to-end encryption (E2EE) to ensure
that only the communicating users can read messages. Even if intercepted, the
encrypted data remains unreadable without the decryption key.

In summary, cryptography is integral to cybersecurity, providing essential tools for

secure data management, privacy, and trust in digital interactions. It’s particularly
crucial in fields like e-commerce, banking, and government where data sensitivity is
high.

Page | 12
 CHAPTER – 4

4.1 Security Audits and Scanning Patching

Security Audit:
A “Security Audit” is a systematic evaluation of an organization's
information system by assessing how well it conforms to security standards and
requirements. SkillDzire’s security audit includes a thorough assessment of
infrastructure, applications, and network environments to identify vulnerabilities
and mitigate potential threats.

Key Components of a Security Audit:

1. Network Security Assessment: This includes checking the security configurations
of network components like firewalls, routers, and switches, as well as testing for
vulnerabilities that could be exploited by attackers.

2. Application Security Testing: Applications are tested for vulnerabilities such as

SQL injection, cross-site scripting (XSS), and other security flaws that could expose
sensitive information or provide unauthorized access.

3. Access Control Evaluation: This ensures that users have appropriate levels of
access to data and systems. Audits assess identity and access management
practices, such as role-based access controls, multi-factor authentication, and
account privileges.

4. Vulnerability Assessment: Using specialized tools, SkillDzire identifies

vulnerabilities across the entire IT environment, categorizing them by severity and
suggesting methods to remediate or mitigate them.

5. Compliance Verification: Many industries have regulatory requirements like

GDPR, HIPAA, and PCI-DSS. The security audit checks compliance with these
standards, identifying gaps and ensuring adherence to legal and industry
regulations.

6. Penetration Testing: Ethical hackers attempt to exploit identified vulnerabilities,

Page | 13
simulating real-world attack scenarios. This helps in understanding potential threat
vectors and the effectiveness of current security measures.

7. Security Policy Review: Auditors review security policies and procedures,

ensuring they align with best practices and are effectively enforced.

8. Physical Security Assessment: This involves checking the physical security

controls in place, like access cards, surveillance cameras, and secure data storage
areas, to ensure the protection of critical hardware and information.

Patching:
“Patching” is the process of updating software, applications, and
operating systems to address known vulnerabilities and improve security features.
Regular patching ensures systems are protected from known exploits and reduces
the risk of cyber attacks.

Key Aspects of Patching:

1. Patch Management Proces: SkillDzire helps organizations establish a structured

patch management process, which includes identifying, testing, applying, and
verifying patches across all systems.

2. Automated Patch Deploymen: SkillDzire leverages tools to automate patching,

ensuring that updates are applied consistently and efficiently across the
infrastructure. Automation minimizes human errors and speeds up the patching
process.

3. Risk-Based Patch Prioritization: Patches are categorized and prioritized based on

the risk level of the vulnerabilities they address. Critical patches are applied first to
mitigate high-risk vulnerabilities.

4. Compatibility Testing: Before patches are applied, they’re tested to ensure

compatibility with existing software and systems. This minimizes the risk of
downtime or disruptions caused by incompatible updates.

5. Patch Verification and Reporting: After patch deployment, SkillDzire verifies that
patches are successfully applied and monitors system performance for any issues.
Page | 14
Detailed reports are provided to ensure transparency and compliance.

6. Emergency Patching: In the event of a critical vulnerability or zero-day exploit,

SkillDzire performs emergency patching to immediately secure systems. This rapid
response reduces exposure to high-impact threats.

7. Continuous Monitoring and Updating: SkillDzire provides continuous monitoring

of newly released patches and vulnerability advisories, ensuring systems are
always up-to-date and protected.

4.2 Network Security:

Network security is a critical aspect of modern information technology

and cybersecurity. It involves a set of practices, policies and technologies designed to
protect the confidentiality, integrity, and availability of data and resources with in a
computer network. We have learnt about how to access the network i.e, how the
administrator gives the roles to the public or stakeholders about the permissions.
We have learnt about the firewalls in the network security in which it filters the
unwanted data away from the computer or the system or the application. In network
security, we introduced the VPN i.e, Virtual Private Network in which it creates secure,
encrypted tunnels over public networks, allowing remote users to securely access a
private network. The main key aspects of network security are:

 Encryption
 Firewalls
 Virtual Private Network
 Access Control
 Intrusion Detection and Prevention Systems (IDPS)

Page | 15
 CHAPTER -5

5.1 Security Architecture and Investigation

Security Architecture:
“Security Architecture” involves designing a robust
framework of policies, practices, and technical controls that provide a secure
environment for systems, networks, applications, and data. SkillDzire’s security
architecture services ensure that security is embedded in every aspect of an
organization’s IT infrastructure, aligning with its business objectives and compliance
requirements.

Key Components of Security Architecture:

1. Risk Assessment and Threat Modeling: This involves identifying potential threats
and assessing the risk associated with various IT assets. SkillDzire helps organizations
understand where vulnerabilities may exist and what types of attacks are most likely
to impact their systems.
2. Network Segmentation and Design: Network segmentation separates critical assets
and systems from less sensitive parts of the network. SkillDzire designs secure
network architectures that limit access to sensitive data and systems, helping to
prevent lateral movement of attackers within the network.

3. Access Control and Identity Management: A secure architecture

requires a strong identity and access management (IAM) strategy. SkillDzire
incorporates principles like least privilege, role-based access, and multi-
factor authentication to control who can access systems and data.

4. Data Protection and Encryption: Encryption is a core component of a secure

architecture, ensuring that sensitive data remains confidential, even if
accessed by unauthorized parties. SkillDzire recommends encryption for data
at rest, data in transit, and data in use, as well as other protective measures for
data integrity and privacy.

5. Application Security Integration: Security is built into the software

development lifecycle (SDLC), including practices like secure coding, code
reviews, and application testing. This approach helps ensure that security is
considered from the ground up in any new development.

6. Endpoint Security: SkillDzire incorporates endpoint security measures, such as

antivirus software, endpoint detection and response (EDR) tools, and device
management policies to secure devices accessing the network.
Page | 16
7. Security Monitoring and Logging: Effective security architecture includes
continuous monitoring and logging of network and application activities. SkillDzire
sets up monitoring systems and dashboards that provide real-time visibility into
network activity, flagging anomalies that could indicate a security breach.

8. Incident Response Plan (IRP) Integration: SkillDzire designs the security

architecture with an incident response plan in mind, ensuring that if a security
incident occurs, there are protocols and tools in place to detect, contain, and
mitigate threats swiftly.

Security Investigation:

“Security Investigation” involves analyzing and responding to security

incidents, aiming to determine the cause, impact, and recovery measures.
SkillDzire’s investigation services help organizations respond to incidents with
speed and precision, reducing potential harm and securing compromised assets.

Key Phases of Security Investigation:

1. Incident Detection: SkillDzire utilizes advanced monitoring tools and threat

intelligence to detect unusual behavior or anomalies within the organization’s
systems. This helps identify potential incidents early before they escalate.

2. Incident Analysis and Classification: Once an incident is detected, it is analyzed

to determine its nature, scope, and severity. SkillDzire examines the indicators of
compromise (IOCs), such as unusual network traffic, unauthorized login attempts,
or suspicious file activity, to understand the threat.

3. Root Cause Analysis: This phase involves investigating how the incident
occurred, identifying the initial point of entry, and tracing the attacker’s steps
through the network. Root cause analysis helps prevent similar incidents in the
future by addressing the underlying weaknesses that enabled the attack.

4. Containment: SkillDzire assists in containing the incident to prevent it from

spreading. This may involve isolating affected systems, disabling compromised
accounts, or applying temporary controls to limit the attacker’s access.

5. Eradication: Once the incident is contained, SkillDzire works to eliminate the

threat. This can include removing malware, patching vulnerabilities, or
strengthening access controls to prevent further exploitation.

Page | 17
6. System Recovery: Recovery involves restoring systems to their normal
operational state after the threat has been eliminated. SkillDzire assists with tasks
such as restoring data from backups, testing system functionality, and monitoring
for any signs of residual malicious activity.

7. Documentation and Reporting: SkillDzire provides comprehensive

documentation of the incident, including a timeline, findings, actions taken, and
recommendations. This documentation is essential for learning from the incident,
reporting to stakeholders, and satisfying compliance requirements.

8. Post-Incident Review and Improvement: Following an investigation, SkillDzire

conducts a post-incident review to assess the effectiveness of the response and
identify areas for improvement. Lessons learned from the incident are used to
refine the organization’s security architecture and response procedures.

5.2 Malwares and Threats in the cyber security

Malware and threats are significant challenges in cybersecurity, posing risks

to organizations, individuals, and devices. Malware (short for malicious software)
includes various types of software designed to damage, disrupt, or gain unauthorized
access to computer systems. Cyberthreats encompass any malicious activities that
target computer systems, networks, and devices with the intention of causing harm,
stealing data, or disrupting operations.

Types of Malware

1. Viruses: Viruses are malicious code that attaches to legitimate programs and files,
spreading when the infected files are shared or executed. They can delete files,
corrupt data, and harm system functionality.

2. Worms: Worms are self-replicating malware that spreads across networks without
needing a host program. They exploit vulnerabilities in networks and often consume
network bandwidth, leading to network congestion.

3. Trojans: Trojan horses disguise themselves as legitimate programs to trick users into
installing them. Once installed, they can create backdoors, steal data, or control
infected devices remotely.

4. Ransomware: Ransomware encrypts files and data, holding them hostage until the
victim pays a ransom to the attacker. This type of malware has affected individuals,
businesses, and even government organizations.

Page | 18
5. Spyware: Spyware secretly monitors user activity and gathers information, such as
login credentials, browsing habits, and personal details, often for malicious or
exploitative purposes.

6. Adware: Adware displays unwanted ads on a user’s device and can lead to
unwanted installations of other malware. It often targets users’ browsing habits for
advertising revenue.

7. Rootkits: Rootkits provide attackers with privileged access to a system, often hiding
their presence from users and security software. They are hard to detect and can
allow unauthorized control over a system.

8. Keyloggers: Keyloggers record every keystroke made by a user. They are often used
to capture sensitive information like passwords, credit card numbers, and other
confidential data.

9. Botnets: A botnet is a network of infected devices (bots) controlled by a hacker,

often used to carry out large-scale attacks like Distributed Denial of Service (DDoS)
attacks, where multiple systems flood a target system to overwhelm it.

Common Cyber Threats

1. Phishing Attacks: Phishing involves sending fraudulent emails or messages disguised

as legitimate communication to trick users into revealing sensitive information, such
as passwords or financial data.

2. Man-in-the-Middle (MITM) Attacks: MITM attacks intercept and alter

communication between two parties, allowing attackers to eavesdrop or manipulate
data, often on unsecured public networks.

3. Distributed Denial of Service (DDoS) Attacks: DDoS attacks flood a network or

website with excessive requests, overwhelming the system and making it inaccessible
to legitimate users.

4. SQL Injection: SQL injection is an attack that targets databases through

manipulating SQL queries. Attackers can exploit vulnerabilities to gain unauthorized
access to data, often found in poorly secured web applications.

5. Zero-Day Exploits: These exploits take advantage of vulnerabilities in software or

hardware that are unknown to the vendor or have not yet been patched, often
leading to severe consequences.
Page | 19
6. Advanced Persistent Threats (APTs): APTs involve prolonged and targeted attacks
against organizations or individuals, often by sophisticated attackers, who aim to steal
data, disrupt operations, or gain control over systems.

7. Social Engineering: Social engineering involves manipulating individuals into

divulging confidential information or performing actions that compromise security.
Techniques include pretexting, baiting, and impersonation.

8. Credential Stuffing: This attack uses large numbers of stolen username-password

pairs to attempt unauthorized access to other accounts, exploiting people who reuse
passwords across multiple sites.

9. Insider Threats: Insider threats come from employees or trusted individuals who
intentionally or accidentally expose an organization’s systems or data to unauthorized
access.

Best Practices to Protect Against Malware and Threats

1. Regular Software Updates and Patching: Ensuring that operating systems,

applications, and security software are up-to-date helps protect against vulnerabilities
that malware might exploit.

2. Antivirus and Anti-Malware Tools: Using reputable antivirus and anti-malware

programs can detect, quarantine, and remove many types of malware before they
cause damage.

3. Firewalls: Firewalls create a barrier between your internal network and external
threats, helping to block malicious traffic and prevent unauthorized access.

4. Network Segmentation: Separating networks into secure segments limits the

spread of malware and restricts access to sensitive areas in the event of a breach.

5. Strong Password Policies and Multi-Factor Authentication (MFA): Strong

passwords and MFA add layers of security to prevent unauthorized access, even if
credentials are compromised.

6. Regular Backups: Regular data backups ensure that you can recover information in
the event of ransomware or other destructive malware.

7. Email Filtering and Phishing Awareness Training: Email filters block spam and
potentially harmful messages. Training employees to recognize phishing attempts also
Page | 20
reduces the risk of falling victim to social engineering.

8. Data Encryption: Encrypting sensitive data protects it from unauthorized access,

even if it is intercepted or stolen.

9. Security Audits and Penetration Testing: Conducting regular security audits and
penetration testing helps identify and address vulnerabilities before they can be
exploited.

10. Incident Response Plan: Developing a structured plan to detect, respond to, and
recover from security incidents enables swift action, minimizing damage and loss in
the event of an attack.

Page | 21
 CHAPTER – 6

Cyber Security Forensics in the cyber security

“Cybersecurity Forensics”, also known as “Digital Forensics”, is the

practice of investigating and analyzing digital devices to uncover, preserve, and
interpret evidence of cybercrimes or security incidents. Cyber forensics helps
organizations understand how a breach occurred, identify those responsible, and
gather evidence that can be used in legal proceedings. This field is essential for
cybersecurity, as it enables companies to respond to incidents, prevent future attacks,
and maintain regulatory compliance.

Key Objectives of Cybersecurity Forensics

1. Incident Investigation: To determine the nature, source, and scope of a security

breach, including how attackers gained access, what systems were affected, and
what data was compromised.

2. Evidence Collection and Preservation: To gather digital evidence and secure it in a

way that maintains its integrity, making it admissible in court if legal action is pursued.

3. Root Cause Analysis: To understand the underlying reasons behind the incident,
such as specific vulnerabilities or weaknesses in security protocols, and implement
changes to prevent recurrence.

4. Legal and Regulatory Compliance: Many industries require organizations to

perform forensic investigations after a breach, as part of compliance with data
protection laws like GDPR, HIPAA, and PCI-DSS.

Phases of Cybersecurity Forensics

1. Identification: The initial phase involves identifying indicators of compromise (IOCs)

and suspicious activity that signal a potential security incident. This may involve
analyzing network traffic, system logs, or reports from employees or automated
security alerts.

2. Preservation: After detecting an incident, forensic investigators preserve evidence

to ensure it is not altered or lost. This involves creating forensic images (exact copies)
of hard drives, memory dumps, and other relevant data sources, maintaining a "chain
of custody" for each piece of evidence to track its handling.

3. Collection: Investigators gather data from various sources, such as system logs,
Page | 22
email records, network traffic data, and memory snapshots. They may also collect
data from external sources, like cloud environments or third-party applications.

4. Examination: During examination, forensic analysts search for and identify specific
pieces of evidence related to the incident. This involves using specialized tools to sift
through massive amounts of data, looking for clues such as unusual file modifications,
unauthorized access logs, or malware traces.

5. Analysis: In this phase, investigators analyze the collected evidence to reconstruct

the timeline and details of the attack. They determine the extent of the breach,
affected systems, compromised data, and the attacker's methods and motives.

6. Reporting: Investigators compile a detailed report that includes findings, timelines,

evidence of the attack, and recommendations. This report is often used internally to
strengthen security and may be provided to legal authorities if prosecution is pursued.

7. Presentation: If the case goes to court, forensic investigators may present their
findings as expert witnesses, explaining their methods and evidence in a way that is
understandable to non-technical legal personnel.

Techniques and Tools in Cybersecurity Forensics

1. Disk Imaging and Forensic Duplication: Disk imaging tools, like FTK Imager and
EnCase, are used to create exact copies of storage devices to analyze without altering
original data. These images preserve digital evidence as it appeared at the time of the
incident.

2. Memory Forensics: Memory forensics analyzes a computer’s RAM, where many

activities (including active malware, user sessions, and passwords) reside temporarily.
Tools like Volatility and Rekall are commonly used for this purpose.

3. Network Forensics: Network forensics involves capturing and analyzing network

traffic to understand the attacker's movements, methods, and communications. Tools
like Wireshark and TCPdump are popular for capturing packet data.

4. Log Analysis: System and application logs provide insight into user activities, login
attempts, and error messages, which can reveal unauthorized access attempts or
account compromises. Syslog servers, SIEM (Security Information and Event
Management) systems like Splunk, and ELK stack are often used to manage log data.

5. File System Analysis: This involves examining files and directories, checking
metadata, timestamps, and modifications. It can reveal unauthorized file access or
Page | 23
deletion. Tools like Autopsy and Sleuth Kit are used to analyze file systems for
tampering and deleted files.

6Malware Analysis: If malware is discovered, it is analyzed to understand its

capabilities, propagation methods, and purpose. This process involves static analysis
(examining the malware’s code) and dynamic analysis (running it in a sandboxed
environment to observe its behavior).

7. Timeline Analysis: Investigators create timelines of activities across systems to

understand the sequence of events. This technique helps reconstruct the attack’s
progression, showing when specific actions, such as file deletions or account logins,
took place.

8.Email Forensics: Email forensics involves analyzing email headers, contents,

attachments, and metadata to detect phishing attempts, identify compromised
accounts, or trace the origin of malicious communications.

Importance of Cybersecurity Forensics

1. Incident Response: Cyber forensics provides crucial information that enables quick,
informed responses to security incidents, minimizing damage and restoring normal
operations.

2. Risk Management: Identifying the cause of an incident allows organizations to

address security weaknesses and develop better risk management strategies to
prevent future breaches.

3. Legal Evidence and Accountability: Forensics provides evidence that can be used in
court to hold cybercriminals accountable, thereby supporting law enforcement and
legal processes.

4. Compliance: Many regulations require organizations to investigate and report data

breaches. Cyber forensics helps ensure compliance with these legal requirements.

Page | 24
 CHAPTER - 7
Reverse Engineering and Secure Coding Practice

Reverse Engineering:
Reverse Engineering is the process of analyzing a system or software
to understand its structure, functionality, and behavior without access to its source
code. It’s often used in cybersecurity to identify vulnerabilities, analyze malware,
and understand the mechanisms of proprietary or legacy software.

Key Objectives of Reverse Engineering:

1. Vulnerability Discovery: Analyzing software to identify flaws and weaknesses

that could be exploited by attackers.

2. Malware Analysis: Investigating malicious code to understand its capabilities,

infection vectors, and the threat it poses, allowing for the development of
countermeasures.

3. Interoperability: Understanding software to create compatible systems or

integrate with existing infrastructure, especially when source code is
unavailable.

4. Software Recovery: Restoring lost documentation, reconstructing code for

legacy systems, or recovering intellectual property.

5. Compliance and Auditing: Ensuring third-party or open-source software

meets security and compliance standards.

Techniques in Reverse Engineering:

1. Static Analysis: Examining the software’s code or binary files without

executing them. This includes analyzing disassembled code, strings, and data
structures.

2. Dynamic Analysis: Executing the software in a controlled environment to

Page | 25
 observe its behavior in real-time.

3. Network Analysis: Monitoring network traffic to understand how software

communicates, which is especially useful in malware analysis.

4. Binary Patching: Modifying binaries to alter or fix functionality, such as

disabling malware functionality temporarily or changing specific behaviors in
legacy software.

Secure Coding Practices:

“Secure Coding Practices” are development strategies that prevent

the introduction of security vulnerabilities into software. By following secure
coding guidelines, developers create software that is resilient against common
exploits, reducing the risk of attacks like SQL injection, cross-site scripting, buffer
overflows, and more.

Key Principles of Secure Coding:

1. Input Validation: Ensuring that all data entering the system is validated and
sanitized to prevent injection attacks and ensure that it conforms to expected
formats.

2. Principle of Least Privilege: Designing code with minimal permissions, limiting

users and processes to the permissions needed to perform tasks.

3. Data Encryption: Encrypting sensitive data both at rest and in transit to

protect it from unauthorized access.

4. Error Handling and Logging: Implementing robust error handling to avoid

disclosing sensitive information and logging errors securely without exposing
sensitive details.

5. Code Review and Testing: Regular code reviews, along with static and
dynamic testing, to identify vulnerabilities early in development.

Common Secure Coding Techniques:

Page | 26
1. Parameterization: Using prepared statements or parameterized queries to prevent
SQL injection by ensuring user input isn’t executed as code.

2. Output Encoding: Encoding output for different contexts (HTML, JavaScript, URL,
etc.) to prevent cross-site scripting (XSS) attacks.

3. Access Control and Authentication: Implementing strong authentication

mechanisms, such as multi-factor authentication (MFA), and using role-based access
control (RBAC) to enforce permissions.

4. Memory Management: Avoiding buffer overflows by performing bounds checking

and using safer functions in languages like C and C++.

5. Secure Session Management: Using secure session cookies, enforcing session

timeouts, and validating tokens to ensure that user sessions are secure.

6. Dependency Management: Regularly updating and monitoring third-party

libraries to address vulnerabilities and keep dependencies secure.

Page | 27
 CHAPTER – 8

Project Work

Proposed methodology

Web application penetration testing is a systematic and thorough

methodology for evaluating the security of web-based applications. It typically
involves a series of structured steps, starting with information gathering and
reconnaissance, followed by the identification of potential vulnerabilities, which can
include common issues like SQL injection, cross-site scripting (XSS), and insecure
authentication mechanisms. Once vulnerabilities are identified, testers attempt to
exploit them to assess the application's resistance to attacks. The final phase includes
reporting, where detailed findings and recommendations are provided to improve the
application's security. This methodology aims to uncover and address vulnerabilities
before malicious actors can exploit them, enhancing the overall security and integrity
of web applications.

Figure 4.1 OWSAP JUICE SHOP

"Embarking on a cybersecurity internship is an exciting journey into the world of

digital defense and protection. This internship is designed to provide participants
with a comprehensive understanding of the field, covering a range of vital areas in

Page | 28
cybersecurity.

1. Ethical Hacking: Aspiring ethical hackers will delve deep into the realm of ethical
hacking, learning the principles and techniques of testing and securing computer
systems. The internship offers hands-on experience in identifying vulnerabilities,
conducting security assessments, and applying appropriate countermeasures.

2. Penetration Testing: A core focus of the internship is penetration testing. Interns

will gain practical experience in simulating real-world attacks on systems and
networks. They will use popular tools and frameworks to uncover vulnerabilities,
assess their severity, and provide actionable recommendations for mitigation.

3. Burp Suite: The program also includes training on tools like Burp Suite, a versatile
web vulnerability scanner and proxy tool. Interns will learn to use Burp Suite for web
application security testing, identifying issues such as SQL injection, cross-site
scripting (XSS), and more.

4. Phishing Awareness and Defense: The internship addresses the growing threat of
phishing attacks. Interns will gain insights into the tactics used by cybercriminals in
phishing campaigns, and they will learn how to detect, prevent, and respond to
phishing attempts effectively.

This comprehensive internship provides the knowledge and practical skills needed to
excel in the dynamic field of cybersecurity. Interns will have the opportunity to work
on real-world scenarios, improve their problem-solving abilities, and contribute to
enhancing the security posture of organizations.

Predictive Analytics for Strategic Enhancement:

Predictive analytics come into play when we strive for strategic enhancement in web
application penetration testing. Historical data on testing sessions and vulnerability
identification can be leveraged to develop predictive models that project future
trends in attack vectors and vulnerabilities. This insight empowers us to adapt our
testing methodologies proactively to address emerging threats.

Predictive analytics also provide guidance on resource allocation and optimization of

the Burp Suite tools. By forecasting peak testing times and anticipated increases in
testing sessions, we can ensure that the system remains scalable and responsive to
heightened demand.
Page | 29
Additionally, predictive analytics support content relevance and knowledge base
updates. By analyzing historical data on trending vulnerabilities and attack patterns,
we can forecast which security areas are likely to gain increased attention. This
informs our knowledge base updates and testing strategies, ensuring that the project
stays ahead of evolving threats.

In conclusion, the integration of descriptive statistics and predictive analytics is

pivotal in elevating the effectiveness of the web application penetration testing
project. These analytical approaches empower us to understand current
performance, refine testing methodologies, and proactively address emerging
security threats. The result is a dynamic and invaluable resource for organizations
seeking to fortify their web applications against evolving cyber threats."

Figure (a) Juice Shop Interface

Page | 30
Figure (b) Juice shop challenges

Figure (c) Burp Suite Interface

Page | 31
Figure (d) Proxy Tool using Burp Suite

Figure (e) Final Output

Page | 32
 CHAPTER – 9

Conclusion :
Cybersecurity encompasses a range of practices, tools, and strategies
designed to protect digital systems and data from unauthorized access, damage, or
disruption. The core of cybersecurity involves understanding various streams,
including network security, information security, and operational security, each
addressing different types of vulnerabilities and protective measures. A fundamental
aspect of cybersecurity is password security, as passwords are often the first line of
defense against intrusions. Strong password management practices, such as using
complex passwords, multi-factor authentication, and password managers, help reduce
risks associated with brute force attacks, social engineering, and other password-
related threats.

Cryptography is another essential cybersecurity pillar that uses mathematical

techniques to secure information. It encompasses methods like encryption and
decryption to keep sensitive data private and protected. Symmetric cryptography,
where the same key is used for both encryption and decryption, and asymmetric
cryptography, which uses public and private keys, are two common types. Practical
cryptographic applications, like data encryption in messaging apps or secure email
communication, demonstrate the importance of cryptography in protecting digital
information from unauthorized access and maintaining confidentiality.

To ensure robust cybersecurity, organizations frequently conduct security audits,

vulnerability scans, and implement patch management procedures. Audits help
identify potential weaknesses, while scans and patches address system vulnerabilities,
reducing the risk of exploitation. By assessing and responding to these risks through
risk mitigation or acceptance strategies, organizations can better handle uncertainties.
Privacy protection and exception handling also play critical roles in ensuring that even
when unforeseen security gaps arise, they can be managed without compromising
data privacy.

Finally, with the increasing sophistication of threats, cybersecurity incorporates

advanced tools and techniques such as malware detection, forensics, and penetration
testing. Malware, such as viruses and ransomware, poses significant risks, while social
engineering attacks exploit human psychology to gain unauthorized access. Tools like
Kali Linux support penetration testing by identifying vulnerabilities within systems.
Additionally, programming languages like Python facilitate cybersecurity efforts
through automation and data analysis, and Intrusion Detection and Prevention
Systems (IDPS) help monitor network traffic to prevent and respond to potential
intrusions. By combining these approaches, cybersecurity aims to build a resilient
defense against ever-evolving threats.
Page | 33
 CHAPTER – 10
Outcomes Description

Upon completing this study of cybersecurity, learners will gain the following key
outcomes:
1. Understanding Cybersecurity Fundamentals: Learners will develop a foundational
understanding of cybersecurity, including its importance and the various streams
like network, application, information, and operational security. They will also
comprehend the critical role of password management in protecting digital systems
and the strategies for creating and maintaining secure passwords to mitigate
common threats.
2. Knowledge of Cryptography and its Applications: Learners will acquire insights into
cryptography, including the differences between symmetric and asymmetric
encryption and their real-world applications. They will be able to explain how
cryptographic methods ensure data privacy and integrity, and apply basic
encryption techniques to protect sensitive information.
3. Proficiency in Security Audits and Risk Management: Learners will gain skills in
conducting security audits, vulnerability assessments, and patch management. They
will learn the processes for identifying, assessing, and responding to risks within an
organization, including those associated with third-party vendors. Additionally, they
will understand the significance of privacy protections and exception handling in
managing cybersecurity incidents.
4. Competency in Advanced Cybersecurity Techniques and Tools: Learners will
become familiar with advanced cybersecurity practices, such as malware detection,
social engineering defense, and penetration testing. They will also learn to utilize
tools like Kali Linux for penetration testing and Python for cybersecurity scripting
and automation. Furthermore, they will understand the function and significance of
Intrusion Detection and Prevention Systems (IDPS) in safeguarding network
environments.
These learning outcomes provide a comprehensive foundation for effectively
understanding and addressing cybersecurity challenges in real-world settings.

Page | 34
 SUPERVISOR EVALUATION OF INTERN

Needs
Parameters improvement Satisfactory Good Excellent
Behaviors
Performs in a dependable manner
Cooperates with co-workers and
supervisors
Shows interest in work
Learns quickly
Shows initiative
Produces high quality work
Accepts responsibility
Accepts criticism
Demonstrates organizational skills
Uses technical knowledge and expertise
Shows good judgment
Demonstrates creativity/originality
Analyzes problems effectively
Is self-reliant
Communicates well
Writes effectively
Has a professional attitude
Gives a professional appearance
Is punctual
Uses time effectively

Overall performance of student intern (circle one):

Grade: (Satisfactory (D)/Fair(C)/Good(B)/Excellent(A)/Outstanding(A+)

Additional comments, if any:

Signature(s) of the External/Supervisor/Mentor

Page | 35
 STUDENT FEEDBACK OF INTERNSHIP
(TO BE FILLED BY STUDENTS AFTER INTERNSHIP COMPLETION)
Strongly No Strongly
This experience has: Agree
Agree
Opinion
Disagree
Disagree
Given me the opportunity to explore a
career field
Allowed me to apply classroom theory to
practice
Helped me develop my decision-making
and problem-solving skills
Expanded my knowledge about the work
world prior to permanent employment
Helped me develop my written and oral
communication skills
Provided a chance to use leadership
skills (influence others, develop ideas
with others, stimulate decision-making
and action)
Expanded my sensitivity to the ethical
implications of the work involved
Made it possible for me to be more
confident in new situations
Given me a chance to improve my
interpersonal skills
Helped me learn to handle responsibility
and use my time wisely
Helped me discover new aspects of
myself that I didn’t know existed before
Helped me develop new interests and
abilities
Helped me clarify my career goals
Provided me with contacts which may
lead to future employment
Allowed me to acquire information and/
or use equipment not available at my
Institute

Page | 36
In the Institute internship program, faculty members are expected to be mentors for students. Do you
feel that your faculty coordinator served such a function? Why or why not?

How well were you able to accomplish the initial goals, tasks and new skills that were set down in
your learning contract? In what ways were you able to take a new direction or expand beyond your
contract? Why were some goals not accomplished adequately?

In what areas did you most develop and improve?

What has been the most significant accomplishment or satisfying moment of your internship? What did

you dislike about the internship?

Considering your overall experience, how would you rate this internship?

(Circle one). (Satisfactory/ Good/ Excellent)

Give suggestions as to how your internship experience could have been improved. (Could you have
handled added responsibility? Would you have liked more discussions with your professor concerning
your internship? Was closer supervision needed? Was more of an orientation required?)

Page | 37