• Tidak ada hasil yang ditemukan

internship report

N/A
N/A
Protected

Academic year: 2023

Membagikan "internship report"

Copied!
41
0
0

Teks penuh

I declare that I have completed the Internship in Penetration Testing at BugsBD Ltd under the supervision of Syeda Sumbul Hossain, Software Engineering Department. I also declare that this report has not previously been submitted for any purpose or as a reward by anyone other than me. I would like to thank my supervisor Syeda Sumbul Hossain lecturer, Department of Software Engineering, who was my supervisor.

Imran Mahmud, Professor and Head of the Department of Software Engineering has been a constant source of support for me. I would like to express my gratitude to those who contributed to my practice by making valuable suggestions. I am truly grateful and happy to have this opportunity to express my deep gratitude and appreciation to our esteemed faculty members of the Department of Software Engineering.

Finally, I would like to thank my parents, who have always been a source of inspiration to me.

  • INTRODUCTION
  • Rational
  • Background
  • Testing methods
  • Scope
  • The main objective
  • About
  • Vision and Mission
  • Location
  • SERVICES
  • SOLUTIONS
  • Clients
  • Values
  • summary

The comprehensive list of everything a penetration testing team will investigate or has agreed not to investigate in penetration is known as the penetration testing scope. Penetration testing is often used to supplement a web application's firewall in the context of web application security. In Bangladesh, BugsBD is not only the best cyber security service provider but also a pioneer in creating reforms in the field.

We help countries, governments and businesses around the world defend against cybercrime, mitigate risk in a connected world, comply with regulations and transform operations. Our goal is to become a world leader in data protection, user behavior analytics and employee monitoring. Our mission is to create a secure online environment based on our state-of-the-art technology and reliable service.

We implement integrated cyber security and cyber defense systems that counter sophisticated attacks, reduce the vulnerability of the digital environment and improve security. Scalable cyber security solutions are offered to customers by BugsBD using its broad knowledge, strong technical skills and first-class support services.

COMPANY CULTURE

  • BugsBD Ltd Dept. list
    • Cyber Security
  • Services of BugsBD Ltd
    • Red Team Assessments
    • Vulnerability Assessment
    • Penetration Testing Services
    • Mobile Security
    • Source Code Review
    • Network Security
  • Cyber Security Solutions for organizations
  • Internee Life Cycle
    • Professional Environment
  • First Day at Office
  • Other Relevant Activities

Red team assessments are beneficial to companies because they can set up a simulation where a white hat hacker can inform them of the weaknesses in their network or system. Cyber ​​attacks are among the most significant threats to business, after overregulation and terrorism, according to the PwC Global Investor Survey conducted in 2018. Penetration testing is a type of security procedure where a cyber security professional looks for and tries to attack weaknesses in a particular computer technique.

The goal of the simulated attack is to identify any vulnerabilities in a procedural shield before the attackers secure and exploit them. Any intrusion into your system is implied by the term "penetration." This makes it possible to imitate any type of attack on software or the entire IT infrastructure. These days, highly skilled hackers are able to adopt a wide variety of strategies to pose dangers to your system.

Some issues directly related to the pen test include the DDOS attack, phishing and ransomware. You cannot predict how you will be attacked or what procedures to follow because the security system is not that developed without a pen test. To do the pen test correctly and keep you safe, there are some basic procedures.

The investigation of security vulnerabilities in the source code of an application is known as source code security analysis. Encryption errors, SQL injection, XSS errors, buffer overflows, and race situations are the four main vulnerabilities. Weak encryption methods and poorly implemented powerful encryption algorithms are part of the first problem.

Source code review is built with several primary objectives in mind to produce the best possible results. It also provides us with a preview of the technologies we use to enhance network security. We can develop our good manners, discipline, understanding of the value of time and all the other qualities that are essential in our line of work.

Actually, I was placed on the cyber security team as part of a week-long rotation program set up to give me a better understanding of the department. I had the option to sit with each of the other teams throughout this rotation period.

TECHNOLOGY EMPLOYING

Project Name: VAPT

In a cross-site request forgery attack, a victim is made to submit an HTTP request to the target location without their knowledge or consent so that the attacker can act in place of the victim. Impact: A Cross-Site Request Forgery attack without Anti-CSRF tokens may lead to the execution of a specific application action as a different logged-in user, such as stealing their account by changing their email address and password or silently adding a new admin user account when running from the administrator account. Prevention: A Cross-Site Request Forgery attack without Anti-CSRF tokens can occur and cause the execution of a specific application action as a different logged-in user, such as stealing their account by changing their email address and password or silently add a new admin user account when running from the administrator account.

Impact: A security warning against using JavaScript source files from another domain may affect a web application that uses one or more of these files. The victim's web application can become infected if a third party inserts and executes dangerous material, either intentionally or by mistake.

Project name

Description: Attacks such as remote code execution (RCE) allow an attacker to remotely execute malicious code on a computer. Impact: A remote code execution (RCE) vulnerability could allow an attacker to execute malicious code or gain complete control over a vulnerable system. Impact: Your website may be especially vulnerable to many attacks if the JavaScript library is missing security updates.

These files could reveal private data that could enable a hostile individual to plan more sophisticated attacks.

EXPERIENCE AND ACHIEVEMENTS

  • Acquired Knowledge
  • Overcome Problems and Difficulties
  • Implications to University’s Internship Program
  • Soft skill
  • Achievement
  • Dependence

Many people lack a basic understanding of how to start a project or how to get along with everyone. Occasionally, internships are offered for collaborative projects, and occasionally everyone is allowed to work alone.

CONCLUSIONS And RECOMMENDATIONS

Summary

Recommendations for Future Actions

  • Organization
  • University
  • Professional

This is what I believe and internships are also very beneficial for the interns themselves as they provide the opportunity to discover what it is really like to work for a particular company, or within a particular industry.

Referensi

Dokumen terkait

14% SIMILARITY INDEX 14% INTERNET SOURCES 0% PUBLICATIONS 3% STUDENT PAPERS 1 5% 2 3% 3 3% 4 2% 5 1% Exclude quotes Off Exclude bibliography Off Exclude matches Off SI