IT DATA SECURITY LAB FILE

Name-DEVANSH PATHAK BTech CSE-CSF B2

Roll no-R134216046

SapId-500053894

EXPERIMENT –1- Understanding Vulnerabilities through PC Audit

Belarc's products automatically create an accurate and up-to-date central

repository CMDB, consisting of detailed software, hardware and security
configurations

Missing updates--
PROGRAMS ACCORDING TO TIME THEY WERE LAST USED
ı Marks software last used within the past 7 days.
ıı Marks software last used within the past 90 days, but over 7 days ago.
ııı Marks software last used within the past year, but over 90 days ago.
ıııı Marks software last used over 1 year ago.
Unmarked software lacks the data to determine last use

The report is divided into a number of sections. The summary report lists details of
the computer's hardware, local user and system accounts, a map of the local area
network, lists of software licence keys and installed Hotfixes, and an inventory of
the installed software with an indication of when each piece of software was last
used.

CONCLUSION:-- According to the report the PC is missing 19 software updates and

more than a dozen programs that are not frequently used .Outdated programs
make them vulnerable to threats.

EXPERIMENT -- 2 Study and program Shift Cipher

The shift cipher encryption algorithm is a kind of substitution cipher wherein every
character in the plain-text or the user input is replaced by another character which
is defined with a fixed number of positions away(KEY) from the existing character .

CODE
OUTPUT
EXPERIMENT –3 Understand and Implement Vigenere cipher .

Description: This program takes in a plain text and produces a cipher of that text
using the vigenere cipher

Usage: Please enter a sentence or word you want to encrypt: defend

The ciphered text with (Key shift = 'hello') is: kiqpbk

How it works: Vigenere Cipher Encryption Formula:

C[i] = (p[i] + k[i mod klength] ) mod N, C = cipher, k = secret key (word),

p = sentence or plainText or word, N = number of letters in the alphabet

Suppose letter a=0, b=1, c=2, d=3, e=4, f=5, g=6, h=7, i=8, j=9, k=10,
l=11, m=12, n=13, o=14, p=15, q=16, .. z=25

key = 'hello'

( (int)Letter + (int)keyLetter) mod 26 ==> return a ciphered letter as a number, aka

cipherValue

==> (char)cipherValue = '[some letter]'

NOTE: ASCII 'a'=97, 'b'=98, 'c'=99 .. (for lower case letters

ASCII 'A' = 65, 'B'=66, 'C'=67 .. (for upper case letters
CODE
OUTPUT

EXPERIMENT-4

SQL Injection and Countermeasures

SQL injection is a code injection technique, used to attack data-driven applications,

in which nefarious SQL statements are inserted into an entry field for execution
(e.g. to dump the database contents to the attacker).

SQL injection must exploit a security vulnerability in an application's software, for

example, when user input is either incorrectly filtered for string literal escape
characters embedded in SQL statements or user input is not strongly typed and
unexpectedly executed. SQL injection is mostly known as an attack vector for
websites but can be used to attack any type of SQL database

SQL injection attacks allow attackers to spoof identity, tamper with existing data,
cause repudiation issues such as voiding transactions or changing balances, allow
the complete disclosure of all data on the system, destroy the data or make it
otherwise unavailable, and become administrators of the database server.

Screenshots from SQL injection activity on DVWA

CONTERMEASURES-

An SQL injection is a well known attack and easily prevented by simple measures

Source Code Review / Writing secure codes. (There are few tools to employ)

2 . Sanitizing and validating the input field

3 . Reject entries that contain Binary data, escape sequences and comment
characters

4 . Checking the privileges of a user’s connection to the database

5 . Strong passwords for SA and Administrator accounts.

6 . Use IDS and IPS. I would suggest Snort (IDS- Intrusion prevention system, IPS-
Intrusion prevention system)

7 . Use secure hash algorithms such as SHA256, MD5 etc…

8 . Apply least privilege rule to run the application that access database (Generally
we run with admin privileges by default which is not advisable)
Experiment-5

Cross Site Scripting (XSS )

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts
are injected into otherwise benign and trusted web sites. XSS attacks occur when
an attacker uses a web application to send malicious code, generally in the form of
a browser side script, to a different end user. Flaws that allow these attacks to
succeed are quite widespread and occur anywhere a web application uses input
from a user within the output it generates without validating or encoding it.
COUNTER MEASURES

The best way to find flaws is to perform a security review of the code and search for
all places where input from an HTTP request could possibly make its way into the
HTML output.

It's crucial that you turn off HTTP TRACE support on all webservers. An attacker
can steal cookie data via Javascript even when document.cookie is disabled or not
supported on the client.

Never Insert Untrusted Data Except in Allowed Locations.

Experiment—6

Mononalphabetic substitution cipher .

#include<stdio.h>

#include<string.h>

void main()

int k,i;

k=1;

char str[26];

char str1[26];

printf("\n enter the string \n");

 scanf("%s", &str);

printf("\n entered string is %s \n ",str);

for(i=0;i<strlen(str);i++)

str1[i]=((str[i]+k - 97)%26) + 97;

printf("the shift cipher of %s is %s",str,str1);

OUTPUT

Experiment Affine Cipher

E ( x ) = ( a x + b ) mod m

modulus m: size of the alphabet

a and b: key of the cipher.

a must be chosen such that a and m are coprime.

It uses modular arithmetic to transform the integer that each plaintext letter
corresponds to into another integer that correspond to a ciphertext letter.

In deciphering the ciphertext, we must perform the opposite (or inverse) functions
on the ciphertext to retrieve the plaintext. Once again, the first step is to convert
each of the ciphertext letters into their integer values

CODE

#include<stdio.h>

#include<string.h>
#include<ctype.h>

#include<stdlib.h>

int CalcGCD(int);

main()

int i,j,k,gcd,alpha,beta,numstr[100],numcipher[100];

char str[100],cipher[100];

printf("Enter a string\n");

gets(str);

//converting entered string to Capital letters

for(i=0,j=0;i<strlen(str);i++)

if(str[i]!=' ')

str[j]=toupper(str[i]);

j++;

else

str[j]=' ';

j++;

str[j]='\0';

printf("Entered string is : %s \n",str);

printf("Enter Alpha value and must be between 1 and 25 both included\n");

scanf("%d",&alpha);

//Checking consitions
if(alpha<1 || alpha>25)

printf("Alpha should lie in between 1 and 25\nSorry Try again !\n");

exit(0);

gcd=CalcGCD(alpha);

if(gcd!=1)

printf("gcd(alpha,26)=1 but \n gcd(%d,26)=%d\nSorry Try again !\n",alpha,gcd);

exit(0);

printf("Enter Beta value and must be between 0 and 25 both included\n");

scanf("%d",&beta);

if(beta<0 || beta>25)

printf("Beta value should lie between 0 and 25\nSorry Try again !\n");

exit(0);

//Conditions Over

//Program Starts

//Storing string in terms of ascii and to restore spaces I used -20

for(i=0;i<strlen(str);i++)

if(str[i]!=' ')

numstr[i]=str[i]-'A';

else

numstr[i]=-20;

}
 //Ciphering Process

//If numcipher is more than 25 .We need to convert and ensure that lie in
between 0 and 25.(indicating Alphabets)

//A-0,B-1,C-2,.....Y-24,Z-25

printf("Affine Cipher text is\n");

for(i=0;i<strlen(str);i++)

if(numstr[i]!=-20)

numcipher[i]=((alpha*numstr[i])+beta)%26;

printf("%c",(numcipher[i]+'A'));

else

printf(" ");

printf("\n");

int CalcGCD(int alpha)

int x;

int temp1=alpha;

int temp2=26;

while(temp2!=0)
 {

x=temp2;

temp2=temp1%temp2;

temp1=x;

return(temp1);

Experiment – 7

Cross Site Request Forgery (CSRF) and Countermeasures

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute
unwanted actions on a web application in which they're currently authenticated.
CSRF attacks specifically target state-changing requests, not theft of data, since
the attacker has no way to see the response to the forged request.

With a little help of social engineering (such as sending a link via email or chat), an
attacker may trick the users of a web application into executing actions of the
attacker's choosing.
COUNTERMEASURES

1) Identifying Source Origin

To identify the source origin, we recommend using one of these two standard
headers that almost all requests include one or both of:

Origin Header

Referer Header

2) Synchronizer (CSRF) Tokens

Any state changing operation requires a secure random token (e.g., CSRF token) to
prevent CSRF attacks

Characteristics of a CSRF Token

Unique per user session

Large random value

Generated by a cryptographically secure random number generator

The CSRF token is added as a hidden field for forms or within the URL if the state
changing operation occurs via a GET

The server rejects the requested action if the CSRF token fails validation

EXPERIMENT—8

FILE UPLOAD VULNERABILITY-

The business process for many applications requires the upload of files/
information. If the site has lack of restrictions/ checks on the files that are
uploaded, an attacker can exploit these any encapsulate malicious code in these
files. It helps the attacker to complete the first step for any attack, getting the
malicious code on the system and is only left with the task of getting it executed.
The consequence can vary from an overloaded file server or database, client- side
attacks, website defacement or even a complete system takeover.

COUNTERMEASURES—

Avoiding this kind of vulnerability is similar to avoiding a local file upload

vulnerability:

Only allow specific file extensions.

Only allow authorized and authenticated users to use the feature.

Check any file fetched from the Web for content. Make sure it is actually an image
or whatever file type you expect.

Serve fetched files from your application rather than directly via the web server.

Store files in a non-public accessibly directory if you can.

Write to the file when you store it to include a header that makes it non-executable.

EXPERIMENT-9

BUFFER OVERFLOW

AIM – Buffer overflow and countermeasures Buffers are temporary area for data
storage. A data buffer is a memory region temporarily storing data while it is being
moved from one place to another. A buffer overflow occurs when the program or
process attempts to write more data to the block of memory than the memory is
allocated for it to gold. The extra data can lead to overwriting of data in adjacent
memory addresses. An attacker can exploit this to crash or control a process to
modify the program variables to gain specific access. It can consist of stack
overflow and heap overflow.

#include<string.h>

#include<stdio.h>

int main()

char str[1];

int flag=0;

printf("Enter the password please\n");

gets(str);

printf("%s\n",&str);

if(strcmp(str,"Hello World"))

flag=1;

if(flag)

{
 printf("Welcome\n"); }

else

printf("Try again \n");

}}

PREVENTION TECHNIQUES-

During software development to enhance the security of executable programs by

detecting buffer overflows on stack-allocated variables, and preventing them from
causing program misbehavior or from becoming serious security vulnerabilities. A
stack buffer overflow occurs when a program writes to a memory address on the
program's call stack outside of the intended data structure, which is usually a
fixed-length buffer

Buffer overflow protection modifies the organization of stack-allocated data so it

includes a canary value that, when destroyed by a stack buffer overflow, shows
that a buffer preceding it in memory has been overflowed. buffer overflow
protection techniques include bounds checking, which checks accesses to each
allocated block of memory so they cannot go beyond the actually allocated space,
and tagging, which ensures that memory allocated for storing data cannot contain
executable code