Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Roll no-R134216046
SapId-500053894
Missing updates--
PROGRAMS ACCORDING TO TIME THEY WERE LAST USED
ı Marks software last used within the past 7 days.
ıı Marks software last used within the past 90 days, but over 7 days ago.
ııı Marks software last used within the past year, but over 90 days ago.
ıııı Marks software last used over 1 year ago.
Unmarked software lacks the data to determine last use
The report is divided into a number of sections. The summary report lists details of
the computer's hardware, local user and system accounts, a map of the local area
network, lists of software licence keys and installed Hotfixes, and an inventory of
the installed software with an indication of when each piece of software was last
used.
The shift cipher encryption algorithm is a kind of substitution cipher wherein every
character in the plain-text or the user input is replaced by another character which
is defined with a fixed number of positions away(KEY) from the existing character .
CODE
OUTPUT
EXPERIMENT –3 Understand and Implement Vigenere cipher .
Description: This program takes in a plain text and produces a cipher of that text
using the vigenere cipher
C[i] = (p[i] + k[i mod klength] ) mod N, C = cipher, k = secret key (word),
Suppose letter a=0, b=1, c=2, d=3, e=4, f=5, g=6, h=7, i=8, j=9, k=10,
l=11, m=12, n=13, o=14, p=15, q=16, .. z=25
key = 'hello'
EXPERIMENT-4
SQL injection attacks allow attackers to spoof identity, tamper with existing data,
cause repudiation issues such as voiding transactions or changing balances, allow
the complete disclosure of all data on the system, destroy the data or make it
otherwise unavailable, and become administrators of the database server.
An SQL injection is a well known attack and easily prevented by simple measures
Source Code Review / Writing secure codes. (There are few tools to employ)
3 . Reject entries that contain Binary data, escape sequences and comment
characters
6 . Use IDS and IPS. I would suggest Snort (IDS- Intrusion prevention system, IPS-
Intrusion prevention system)
8 . Apply least privilege rule to run the application that access database (Generally
we run with admin privileges by default which is not advisable)
Experiment-5
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts
are injected into otherwise benign and trusted web sites. XSS attacks occur when
an attacker uses a web application to send malicious code, generally in the form of
a browser side script, to a different end user. Flaws that allow these attacks to
succeed are quite widespread and occur anywhere a web application uses input
from a user within the output it generates without validating or encoding it.
COUNTER MEASURES
The best way to find flaws is to perform a security review of the code and search for
all places where input from an HTTP request could possibly make its way into the
HTML output.
It's crucial that you turn off HTTP TRACE support on all webservers. An attacker
can steal cookie data via Javascript even when document.cookie is disabled or not
supported on the client.
Experiment—6
#include<stdio.h>
#include<string.h>
void main()
int k,i;
k=1;
char str[26];
char str1[26];
for(i=0;i<strlen(str);i++)
OUTPUT
E ( x ) = ( a x + b ) mod m
It uses modular arithmetic to transform the integer that each plaintext letter
corresponds to into another integer that correspond to a ciphertext letter.
In deciphering the ciphertext, we must perform the opposite (or inverse) functions
on the ciphertext to retrieve the plaintext. Once again, the first step is to convert
each of the ciphertext letters into their integer values
CODE
#include<stdio.h>
#include<string.h>
#include<ctype.h>
#include<stdlib.h>
int CalcGCD(int);
main()
int i,j,k,gcd,alpha,beta,numstr[100],numcipher[100];
char str[100],cipher[100];
printf("Enter a string\n");
gets(str);
for(i=0,j=0;i<strlen(str);i++)
if(str[i]!=' ')
str[j]=toupper(str[i]);
j++;
else
str[j]=' ';
j++;
str[j]='\0';
scanf("%d",&alpha);
//Checking consitions
if(alpha<1 || alpha>25)
exit(0);
gcd=CalcGCD(alpha);
if(gcd!=1)
exit(0);
scanf("%d",&beta);
if(beta<0 || beta>25)
printf("Beta value should lie between 0 and 25\nSorry Try again !\n");
exit(0);
//Conditions Over
//Program Starts
for(i=0;i<strlen(str);i++)
if(str[i]!=' ')
numstr[i]=str[i]-'A';
else
numstr[i]=-20;
}
//Ciphering Process
//If numcipher is more than 25 .We need to convert and ensure that lie in
between 0 and 25.(indicating Alphabets)
//A-0,B-1,C-2,.....Y-24,Z-25
for(i=0;i<strlen(str);i++)
if(numstr[i]!=-20)
numcipher[i]=((alpha*numstr[i])+beta)%26;
printf("%c",(numcipher[i]+'A'));
else
printf(" ");
printf("\n");
int x;
int temp1=alpha;
int temp2=26;
while(temp2!=0)
{
x=temp2;
temp2=temp1%temp2;
temp1=x;
return(temp1);
Experiment – 7
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute
unwanted actions on a web application in which they're currently authenticated.
CSRF attacks specifically target state-changing requests, not theft of data, since
the attacker has no way to see the response to the forged request.
With a little help of social engineering (such as sending a link via email or chat), an
attacker may trick the users of a web application into executing actions of the
attacker's choosing.
COUNTERMEASURES
Origin Header
Referer Header
Any state changing operation requires a secure random token (e.g., CSRF token) to
prevent CSRF attacks
The CSRF token is added as a hidden field for forms or within the URL if the state
changing operation occurs via a GET
The server rejects the requested action if the CSRF token fails validation
EXPERIMENT—8
The business process for many applications requires the upload of files/
information. If the site has lack of restrictions/ checks on the files that are
uploaded, an attacker can exploit these any encapsulate malicious code in these
files. It helps the attacker to complete the first step for any attack, getting the
malicious code on the system and is only left with the task of getting it executed.
The consequence can vary from an overloaded file server or database, client- side
attacks, website defacement or even a complete system takeover.
COUNTERMEASURES—
Serve fetched files from your application rather than directly via the web server.
Write to the file when you store it to include a header that makes it non-executable.
EXPERIMENT-9
BUFFER OVERFLOW
AIM – Buffer overflow and countermeasures Buffers are temporary area for data
storage. A data buffer is a memory region temporarily storing data while it is being
moved from one place to another. A buffer overflow occurs when the program or
process attempts to write more data to the block of memory than the memory is
allocated for it to gold. The extra data can lead to overwriting of data in adjacent
memory addresses. An attacker can exploit this to crash or control a process to
modify the program variables to gain specific access. It can consist of stack
overflow and heap overflow.
#include<string.h>
#include<stdio.h>
int main()
char str[1];
int flag=0;
gets(str);
printf("%s\n",&str);
if(strcmp(str,"Hello World"))
flag=1;
if(flag)
{
printf("Welcome\n"); }
else
}}
PREVENTION TECHNIQUES-