Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Project Report submitted to Bharathiar University in partial fulfillment of the requirement for the
award of the Degree of
Master of Science
in
Information Security and Digital Forensics
Raja Saravanan .M
Register No: 174ID0008
Center of Excellence in Digital Forensics, Chennai
This is to certify that the project work entitled as “ARE WEBSITES OF SMALL
for the award of the Degree of Master Of Science in Information Security and Digital
under my supervision and guidance and that this project work has not formed from the basis
(Seal)
Forwarded by
Director
Center for collaboration of Industries and Institutions
Bharathiar University
Coimbatore-46
work done by RAJA SARAVANAN .M (174ID0008) under the supervision and guidance
of Smt. LATHA and this project work has not formed the basis for the award of any
University.
Signature
Register No : 174ID0008
Center code :
Place : Chennai
Date :
Countersigned by
ACKNOWLEDGEMENTS
I take this opportunity to express my profound gratitude and deep regards to Dr. R.
Thilagaraj (Director, Center of excellence in Digital Forensics) for his blessings,
help and guidance given by time to time shall carry me a long way in the journey
of life on which I am to embark.
Raja Saravanan .M
5
CONTENTS
ACKNOWLEDGEMENT
SYNOPSIS
1. INTRODUCTION
3. IMPACT OF INCIDENT
4. DEVELOPMENT ENVIRONMENT
6. TECHNICAL TESTING
7.1 Conclusion
8. BIBLIOGRAPHY
7
CHAPTER-1
1. Introduction
In this modern world every business is transitioning into the Digital platform to deliver the
services to customers in a more convenient manner. This includes even small businesses which
are competing with larger firms. However the online business world is full of threats ranging
from zero day vulnerability to SQL Injections. These attacks will cause devastating outcomes if
there is lack of security measures. Thus we shift our focus to small businesses.
Why small Business? – Because they are the most probable victims in these type of attacks.
Small Businesses have less resources and thus they are more likely to not invest in security
measures.
The idea of this project is to showcase that the websites of small businesses are highly
vulnerable, showcase some of the attacks and some counter measures that can be taken to
prevent these kind of attacks.
Malicious hackers are always looking for ways to target businesses, government agencies
and individuals, and they have a wide variety of methods and vectors at their disposal to attack
their targets. But naturally, they’ll always choose the channel that will enable them to deal the
most damage for the least effort. In this regard, websites and web applications have proven to be
one of the favorite targets for cyber-attack, because they’re easier to hack than, say operating
systems or networking hardware such as routers and switches, and they provide lots of
opportunities to wreak havoc across a victim’s network
3. Impact of Incident
43
CHAPTER-4
4. DEVELOPMENT ENVIRONMENT
44
CHAPTER-5
5.1.
45
5
4
CHAPTER-6
6. TECHNICAL TESTING
CHAPTER-7
7.1. Conclusion
8. BIBLIOGRAPHY
I have done research from google also I have referred Mobile Application Security book written
INTRODUCTION:
Malicious hackers are always looking for ways to target businesses, government agencies
and individuals, and they have a wide variety of methods and vectors at their disposal to attack
their targets. But naturally, they’ll always choose the channel that will enable them to deal the
most damage for the least effort. In this regard, websites and web applications have proven to be
one of the favorite targets for cyber-attack, because they’re easier to hack than, say operating
systems or networking hardware such as routers and switches, and they provide lots of
opportunities to wreak havoc across a victim’s network
Theoretical background
A Web application can be described as a program that is developed in order to
perform specific processes. There are a bunch of technologies available today to help us
develop these applications. Some of them include Ajax, php, JavaScript’s, Perl, ASP.NET and
much more. A web application normally handles the user’s input in an external script and
performs routines. Normally, this routines includes database data collection. The final result
is return to the user depending of the type of task involved. Web application security is defined
as the methods, principles and implementation used to prevent and identify security
threats. Security can be understood as an effective measure solution against threats. A threat is
considered a malicious danger that can exploit vulnerabilities against our resources. In web
application this security weakness is the result of poor coding, mistakes in the
development and bad design techniques. However in order to code our applications in a hack-
resilient way, consider the following:-
SCOPE OF THE PROJECT:
EXISTING SYSTEM
MODULES:
User interface design
Author login
Book upload
Author view the book
User view the book
Author view the user list
Admin
MODULE DESCRIPTION
This is the first module of our project. The important role for the user is to move login
window to user window. This module has created for the security purpose. In this login page we
have to enter login user id and password. It will check username and password is match or not
(valid user id and valid password). If we enter any invalid username or password we can’t enter
into login window to user window it will shows error message. So we are preventing from
unauthorized user entering into the login window to user window. It will provide a good security
for our project. So server contain user id and password server also check the authentication of the
user. It well improves the security and preventing from unauthorized user enters into the
network. In our project we are using JSP for creating design. Here we validate the login user and
server authentication.
AUTHOR LOGIN
This is the second module of our project. The important role for the author is to move
login window to user window. This module has created for the security purpose. In this login
page we have to enter login user id and password. It will check username and password is match
or not (valid user id and valid password). If we enter any invalid username or password we can’t
enter into login window to user window it will shows error message. So we are preventing from
una
Authorized user entering into the login window to user window. It will provide a good
security for our project. So server contain user id and password server also check the
authentication of the user. It well improves the security and preventing from unauthorized user
enters into the network. In our project we are using JSP for creating design. Here we validate the
login user and server authentication.
BOOK UPLOAD
This is the Third module in our project, monthly Magazine upload the website and free
download book and pdf user access the Magazine or book used the free website the one of best
website the Magazine many author list and book list.
In this module the author view the book which is being uploaded and check whether the
uploaded book is correct or incorrect the upload the file check work the file view the author.
.
USER VIEW OF THE BOOK
In this module the user view the book list which is being uploaded by the author. There
are different types of Magazine being uploaded. The user can choose Magazine whatever book
view or download etc.
AUTHOR HACK THE USER DETAILS
In this module, the Author hack the user personal details and user read the file name, and
product details. Hack the author.
ADMIN
In this module what we are going to perform means, admin view and maintain the file
details and user details.
MODULE DIAGRAMS:
USER INTERFACE DESIGN
ADMIN MODULE :
SYSTEM TECHNIQUES:
SYSTEM REQUIREMENTS:
HARDWARE REQUIREMENTS
PROCESSOR : DUAL CORE 2 DUOS
RAM : 2 GB DD RAM
MONITOR : 15” COLOR
HARD DISK : 250 GB
SOFTWARE REQUIREMENTS
Front End : J2EE (JSP, SERVLETS)
Back End : MY SQL 5.5
Operating System : Windows 8
IDE : Net Beans, Eclipse
USE CASE DIAGRAM:
Login
EXPLANATION:
A use case diagram is a type of behavioral diagram created from a Use-case analysis. The
purpose of use case is to present overview of the functionality provided by the system in terms of
actors, their goals and any dependencies between those use cases. Author login form uploads the
file and views the file or hack the user details. User normal login form and view the book and
download
CLASS DIAGRAM:
0
Author
Authentication User
Register
Username
Password
Login()
File upload Login()
View the book User View the Book
or Download
Admin
Login()
Maintain Details
EXPLANATION:
A class diagram in the UML is a type of static structure diagram that describes the
structure of a system by showing the system’s classes, their attributes, and the relationships
between the classes.
Private visibility hides information from anything outside the class partition. Public
visibility allows all other classes to view the marked information.
Protected visibility allows child classes to access information they inherited from a parent
class.
OBJECT DIAGRAM:
EXPLANATION
An object diagram in the Unified Modeling Language (UML) is a diagram that shows a
complete or partial view of the structure of a modeled system at a specific time.
An Object diagram focuses on some particular set of object instances and attributes, and
the links between the instances. A correlated set of object diagrams provides insight into how an
arbitrary view of a system is expected to evolve over time.
STATE DIAGRAM:
EXPLANATION
A state diagram is a type of diagram used in computer science and related fields to
describe the behavior of systems. State diagrams require that the system described is composed
of a finite number of states; sometimes, this is indeed the case, while at other times this is a
reasonable abstraction. There are many forms of state diagrams, which differ slightly and have.
ACTIVITY DIAGRAM:
Login
Author User
View the
File Upload Book list
User Details
Hack
EXPLANATION:
Activity diagram are a loosely defined diagram to show workflows of stepwise activities
and actions, with support for choice, iteration and concurrency. UML, activity diagrams can be
used to describe the business and operational step-by-step workflows of components in a system.
UML activity diagrams could potentially model the internal logic of a complex operation. In
many ways UML activity diagrams are the object-oriented equivalent of flow charts and data
flow diagrams (DFDs) from structural development.
SEQUENCE DIAGRAM
EXPLANATION:
A sequence diagram in UML is a kind of interaction diagram that shows how the
processes operate with one another and in what order.
It is a construct of a message sequence chart. Sequence diagrams are sometimes called
Event-trace diagrams, event scenarios, and timing diagrams.
The below diagram shows the sequence flow shows how the process occurs in this
project.
COLLABORATION DIAGRAM:
EXPLANATION:
A collaboration diagram show the objects and relationships involved in an interaction,
and the sequence of messages exchanged among the objects during the interaction.
The collaboration diagram can be a decomposition of a class, class diagram, or part of a
class diagram. It can be the decomposition of a use case, use case diagram, or part of a use case
diagram.
The collaboration diagram shows messages being sent between classes and object
(instances). A diagram is created for each system operation that relates to the current
development cycle (iteration).
DATA FLOW DIAGRAM:
Level-1: Level-2:
EXPLANATION:
A data flow diagram (DFD) is a graphical representation of the “flow” of data through an
information system. It differs from the flowchart as it shows the data flow instead of the control
flow of the program. A data flow diagram can also be used for the visualization of data
processing. The DFD is designed to show how a system is divided into smaller portions and to
highlight the flow of data between those parts.
E-R DIAGRAM:
EXPLANATION:
EXPLANATION:
System Architecture:
EXPLANATION:
The systems architect establishes the basic structure of the system, we propose a
Cumulative Sum (CUSUM) algorithm and we can put a small part of data in local machine and
fog server in order to protect the privacy. Moreover, based on computational intelligence, this
algorithm can compute the distribution proportion stored in cloud, fog, and local machine,
respectively. Through the theoretical safety analysis and experimental evaluation, the feasibility
of our scheme has been validated, which is really a powerful supplement to existing cloud
storage scheme.
ADVANTAGES
FUTURE ENHANCEMENT:
Furthermore, any keyless customer can freely check the legitimacy of the returned
calculation result. Security examination shows that our arrangement is provable secure under the
CDH supposition in the unpredictable proposed model. Results show that our tradition is in
every practical sense gainful to the extent both communication and computation cost.
CONCLUSION:
In this project we have seen that combined attacks can succeed
with less resources and lower detection probability when the adversarial
knowledge is limited, bringing more risk to reliable system operation. It also
should be noted that this paper assumes that the SE treats unavailable
measurements due to attacks as a case of missing data, although the
amount of missing data under attacks is larger than the one under normal
conditions. In the discussion we also showed the potentiality of designing a
detector for availability attacks. Besides, availability attacks like DoS attacks
could trigger alerts on ICT-specific measures (e.g., Intrusion Detection
System). These two features give the opportunities to develop better cross-
domain detection schemes for availability portion of the attacks improving
the overall combined attacks detection. Other research directions to explore
in the future include evaluating physical impact of combined attacks and
exploring the vulnerability of AC state estimation to combined attacks.
REFERENCE:
[1] A. Giani, S. Sastry, K. H. Johansson, and H. Sandberg, “The viking project:an initiative on
resilient control of power networks,” in 2nd International Symposium on Resilient Control
Systems, 2009, pp. 31–35.
[2] Y. Liu, P. Ning, and M. K. Reiter, “False data injection attacks against state estimation in
electric power grids,” in Proc. of the 16th ACM Conf. on Computer and Comm. Security, New
York, 2009, pp. 21–32.
[3] W. Wang and Z. Lu, “Cyber security in the smart grid: Survey and challenges,” Computer
Networks, vol. 57, no. 5, pp. 1344–1371, 2013.
[4] D. Deka, R. Baldick, and S. Vishwanath, “Optimal data attacks on power grids: Leveraging
detection measurement jamming,” in Proc. of IEEE Int. Conf. Smart Grid Communications
(SmartGridComm), Miami Florida , USA, Nov. 2015, pp. 392–397.
[5] R. S. Ross, “Nist sp - 800 - 30 rev 1: Guide for conducting risk assessments,” NIST,
techreport, Sep. 2012.
[6] G. Hug and J. A. Giampapa, “Vulnerability assessment of AC state estimation with respect to
false data injection cyber-attacks,” IEEE Transactions on Smart Grid, vol. 3, no. 3, pp. 1362–
1370, Sep. 2012.
[7] H. Sandberg, A. Teixeira, and K. H. Johansson, “On security indices for state estimators in
power networks,” in First Workshop on Secure Control Systems (SCS), Stockholm, 2010.
[10] O. Kosut, L. Jia, R. J. Thomas, and L. Tong, “Malicious data attacks on the smart grid,”
IEEE Transactions on Smart Grid, vol. 2, no. 4, pp. 645–658, 2011. [11] L. Xie, Y. Mo, and B.
Sinopoli, “Integrity data attacks in power market operations,” IEEE Transactions on Smart Grid,
vol. 2, no. 4, pp. 659– 666, 2011.
[12] L. Jia, J. Kim, R. J. Thomas, and L. Tong, “Impact of data quality on real-time locational
marginal price,” IEEE Transactions on Power Systems, vol. 29, no. 2, pp. 627–636, Mar. 2014.
[13] J. Liang, L. Sankar, and O. Kosut, “Vulnerability analysis and consequences of false data
injection attack on power system state estimation,” IEEE Trans. on Power Systems, vol. 31, no.
5, pp. 3864–3872, Sep. 2016.
[14] S. Li, Y. Yılmaz, and X. Wang, “Quickest detection of false data injection attack in wide-
area smart grids,” IEEE Transactions on Smart Grid, vol. 6, no. 6, pp. 2725–2735, 2015.
[15] A. Ashok, M. Govindarasu, and V. Ajjarapu, “Online detection of stealthy false data
injection attacks in power system state estimation,” IEEE Transactions on Smart Grid, vol. PP,
no. 99, p. 1, 2016.
[16] O. Vukovic, K. C. Sou, G. Dan, and H. Sandberg, “Network-aware mitigation of data
integrity attacks on power system state estimation,” IEEE Journal on Selected Areas in
Communications, vol. 30, no. 6, pp. 1108–1118, 2012.
Database:
https://www.greycampus.com/opencampus/ethical-hacking/web-server-and-its-types-of-attacks
https://betanews.com/2019/06/04/phishing-attacks-sophistication/
https://bdtechtalks.com/2016/02/29/why-are-web-applications-attractive-targets-for-hackers/