Sunday 25 September 2016

Ways to Hack A Website

custom application development companies

Hacking is gaining unauthorized access to a computer and viewing, copying, or creating data with the intention of destroying data or maliciously harming the computer. Nowadays, hacking is a growing threat for every business-large, medium and small. Hackers can impact any business at any time by stealing private data, taking control of a computer or by shutting down its website. It is a major concern for web development companies. Hackers can attack and threaten security of a business and its website in so many ways as follow:

DDOS Attack – Distributed Denial Of Service Attack:
  • In this attack, a server or a machine’s services are made unavailable to its end-users. And then hacker proceeds to compromise the website of a business when the system gets offline.
  • The example of a DDoS attack is sending many URL requests to a website in a very small amount of time.  This causes overflowing at the server side because the CPU just ran out of resources.

Remote code execution Attack:
  • This attack takes place as a result of either server side or client side security weaknesses. This attack is mostly seen in application development companies.
  • Weak components include libraries, remote directories on a server that have not been monitored and other software modules that run on the basis of authenticated user access. 
  • These components which are used by applications are always under attack through things like scripts, malware, and small command lines that extract information.

DNS Cache Poisoning:
  • It involves old cache data that a company might think it no longer has in its computer but it is actually there.
  • Hackers identify weaknesses in a domain name system (DNS) which allow them to divert traffic from genuine servers to a fake website.
  • This attack is major concern for web development companies.

Clickjacking Attack:
  • This is also known as UI Redress Attack commonly seen in Web development companies in India.
  • The attacker is hijacking clicks that are not meant for the actual page, but for a page where the attacker wants you to be.

Cross-site Request Forgery Attack:
  • This attack happens when a user is logged into a session and a hacker uses this opportunity to send them a fake HTTP request to collect their cookie information.
  • Once the browser session of a user is compromised, the hacker can initiate requests to the application that will not be able to differentiate between a valid user and a hacker.

Injection Attack:
  • Injection Attack occurs when there are flaws in SQL Database, SQL libraries or the operating system itself. 
  • Employees of application development companies open seemingly credible files with hidden commands or injections unknowingly.
  • By doing this, employees have allowed hackers to gain unauthorized access to private data such as cardholder data or other financial data.

Cross-site scripting Attack:
  • This attack is also known as XSS attack.
  • It occurs when an application, URL “get request”, or file packet is sent to the web browser window and bypassing the validation process. 
  • Once an XSS script is triggered, it makes users believe that the compromised page of a specific website is genuine.
  • It is a major threat for web development companies.

Social Engineering Attack:
  • It happens when you disclose private information in good faith, such as a credit card number, through different communication ways such as chat, email, social media sites or virtually any website.

Conclusion:

This article is helpful for web development companies to prevent them hacked by hackers. Every business should implement countermeasures for all above attacks.

Monday 12 September 2016

Fundamental of Android Security

custom application development

Android is an open mobile platform. Android applications use advanced hardware and software, besides local and served data, open through the platform to bring improvement and add consumer’s value. In order to guard that value, the platform used for custom application development must offer an environment that guarantees the users security, information, applications, device plus network.

To secure an open platform, there exist a need for a robust security architecture and demanding security programs. Android was planned with multi-layered security that provides the flexibility open platform, while ensuring protection for all users using the platform.

Android was designed with clear thought about developers in mind and security controls were designed to ease the burden on developers. Developers who are Security-savvy can easily work depend onflexible security controls. And the Developers who are less familiar with security, will be safeguarded by safe-defaults.

Android was designed with users of the device in mind. Users are provided reflectivity into how applications operate and work, and guided control over those Android applications. The design of Android includes the probability that attackers would attempt to perform commons attacks to breach security, such as social-engineering attacks to assure device users to install malware, and outbreaks on third-party applications of Android. Android was designed and planned to both reduce the probability of breaches and attacks as well as limit the impact of the attack.

Android offers an open source platform for mobile devices along with application environment.

The core Android platform building blocks are:

Device Hardware, Android Operating System, and Application Runtime. Android applications outspread the core Android operating system.

There are two primary sources for applications: Pre-Installed Applications and User-Installed Applications.

Android Security Program Overview

Early during development, the core development team of application development company of Android recognized that a robust security framework was required to enable a strong ecosystem of applications and devices built the Android platform and sustained by cloud services. As a result of this, through its complete development life cycle, Android has been lay open to a professional security program. The Android team has had the chance to see how other mobile, desktop, and server platforms disallowed and reacted to security issues and accordingly built a security program to address weak spot. 

The key components of the Android Security Program include:

Design Review: The Android security procedure begins early in the development lifecycle with the design of a rich and configurable security model. Each major feature of the Android platform is looked over by engineering and security resources, with appropriate security controls integrated into the architecture of the security system.

Penetration Testing and Code Review: During the platform development, Android-created and open source modules are subject to dynamic security reviews. These security reviews are performed by theGoogle’s Information Security Engineering team,Security Team of Android, and various independent security consultants.

The goal of these security reviews is to identify weaknesses in the platform and possible vulnerabilities well before the android platform is open sourced.

Open Source and Community Review: The Android Open Source Development enables wide security reviews by any interested party. Android also practices open source technologies that have undergone substantial external security review, such as the Linux kernel.

Incident Response: The Android project has made a comprehensive security response process. A full-time Android security team continually monitors Android-specific and the over-all security community for the potential vulnerabilities. The Android team has Incident response process which enables the quick mitigation of vulnerabilities and weakness to ensure that the risk to all Android users is minimized.

Platform Security Architecture

Android architecture seeks to be the more secure and usable operating system for mobile platforms by re-purposing traditional operating system security controls:

  • To protect data of the users
  • To protect various system resources


To achieve these objectives of the platform, Android offerskey security features like:

  • Provided robust security at the Operating System level through the Linux kernel
  • Mandatory application sandbox for all android applications
  • Provided Secure inter-process communication
  • Signing in Android Application
  • Application-defined and user-granted permissions


Conclusion: 

Thus, the Application Development Company should consider the security aspects while designing any application.  The application built should use advanced hardware and software to bring innovation. Implementing and integrating security controls in the architecture leads to secure access and intact security in the company or a firm which guard against attacks.

References :