IEEE Workshop on Cyber Security & Pen Testing
The IEEE GTBIT Student branch, organized a Workshop on Cyber Security & Pen Testing on 13th February 2015 atGTBIT, New Delhi. Twelve students of Computer Science and Engineering Department and Five Students of Information Technology Department, Dronacharya College of Engineering, Gurgaon attended the workshop.
The Speaker of the workshop was Mr. Vivek Malik, GTBIT alumni, Chairperson of IEEE GTBIT student Branch. Mr. Malik possesses a rich experience working as engineer with ERTL(E), STQC, MCIT, DIT and Govt. of India and currently works with Indian Computer Emergency Response Team. His research area is Intrusion “Detection and Digital Fingerprinting”.
The workshop had five phases focused on various topics of cyber security. The first phase focused on Information Security in which the Speaker briefed about information security, various tools and technique of information security over internet and technical words related to it like Onion Routing, C99 shell, C100, Rl 57, RFI and LFI.
Second Phase concentrated on Cyber forensics, also called computer forensics or digital forensics. Here, Mr. Malikelucidated about Cyber Forensics that is the process of extracting information and data from computers to serve as digital evidence - for civil purposes or, in many cases, to prove and legally prosecute cyber-crime. With technology evolving daily, it is pertinent for cyber forensic professionals to continually keep pace with new techniques and be experts in forensic techniques and procedures, standards of practice, and legal and ethical principles that will assure the accuracy, completeness and reliability of the digital evidence.
The focus of the third phase of workshop was Vulnerability Assessments, in which speaker introduced the audience to assessment of live website by using tools of kali Linux OS and also manually using SQL injection. Vulnerability assessment tools discover which vulnerabilities are present, but they do not differentiate between flaws that can be exploited to cause damage and those that cannot. Vulnerability scanners alert companies to the pre-existing flaws in their code and where they are located.
The fourth phase was about Penetration Testing, which relates to an attempt to exploit the vulnerabilities in a system to determine whether unauthorized access or any malicious activity is possible, and identify which flaws pose a threat to the application. Penetration tests find exploitable flaws and measure the severity of each. A penetration test is meant to show how damaging a flaw could be in a real attack rather than find every flaw in a system. Together, penetration testing and vulnerability assessment tools provide a detailed picture of the flaws that exist in an application and the risks associated with those flaws.
This final phase of Workshop lead to the complete introduction of penetration testing with its phases, Metasploit framework, Kali Linux, Stress Testing, Blind Testing, Network Port Mapping, RFI and Maltego Information Gathering. The workshop concluded with Questionnaires and Vote of Thanks to the speaker by the organizers. The Workshop provided a lot of information about new research fields in the area of Cyber Security.