Sign in to follow this  
Followers 0
siham

RESEARCH TOPIC ASSISTANCE

8 posts in this topic

Hi!

Guys ism a security student who doesn't have knowledge about hacking,and sadly i am on my final year and suppose to develop a security system. Here are the areas of my interest that i would like to do my research on and come up with a system.Most likely i need guidance since i am a beginner though i did digital forensic investigation

1.IP spoofing

2.Web spoofing

3.USB encryption

0

Share this post


Link to post
Share on other sites

Hi!

Guys ism a security student who doesn't have knowledge about hacking,and sadly i am on my final year and suppose to develop a security system. Here are the areas of my interest that i would like to do my research on and come up with a system.Most likely i need guidance since i am a beginner though i did digital forensic investigation

1.IP spoofing

2.Web spoofing

3.USB encryption

1. Look up various information on proxy servers and VPN's. Find out how these work, how they differ, and how they can change one's IP address to the outside world.

2. Not really sure what "web spoofing" means.

3. There are multiple options for USB encryption out there, including biometric USB keys. A popular option is to use the open source program TrueCrypt to encrypt an entire USB volume.

I can give you ideas for starting points, but I'm still confused about the big picture or what exactly you're trying to do. I'm not seeing how this ties together in developing some sort of "security system."

0

Share this post


Link to post
Share on other sites

It's really hard to answer a vague question without giving a broad answer. What in specific interests you about each of those areas? Have you already done some research? Tell us what you've found, maybe we can brainstorm some ideas off each other.

0

Share this post


Link to post
Share on other sites

How could you be in the final year of your degree and not have an understanding of these things? What university do you go to?

0

Share this post


Link to post
Share on other sites

If you know web applications, you should definitely read the Web Application Hacker's Handbook. Absolutely superb book. I suggest you write on sql injection and common vulnerabilities in web applications, they are the new "buffer overflow" of modern times and are in fact much more dangerous: from a single sql injection point you can pretty much figure out your way up to owning the server in a lot of cases or at least gain access to random information which you shouldn't have access to. Buffer Overflows are still common though, so you'd probably want to add the Shellcoder's Handbook to your bookshelf too. However, I highly recommend that you read more on web application hacking, as while buffer overflows have been known for a while and well understood, sql injection and web application security isn't at that stage yet. A lot of companies will just produce code that is highly insecure and sell it without understanding the data they're putting at high risk. If you spend enough time on google it doesn't take long before you find a small-sized website with exploitable sql injection points.

0

Share this post


Link to post
Share on other sites

What exactly do you mean by "web spoofing?" Are you talking about, like, ettercap filters or something? Or maybe you mean lookalike pages used in phishing attacks? I think we'd all be happy to help you but we just need more information :)

0

Share this post


Link to post
Share on other sites

I appreciate your ideas and very grateful for everyone who had tried to assist.

Though i would like to answer chown's question.Basically we are not taught neither of the attacks until we reach to our final year.I take the responsibility to teach myself since they don't teach us, and expect us to come up with security system.

Agaster: I am interested on sgl injection which might fall under web spoofing if im not mistaken.

Basically here what is what i thought and hopefully i will be able to get your ideas.

I thought about using Window filtering platform API to develop an which will work under application layer level of the TCP/IP suite whereby i will concentrate on developing an application which might minimize the risk of sql injection attacks.

Hence i would like to have your ideas and see if that can be possible.

0

Share this post


Link to post
Share on other sites

Agaster: I am interested on sgl injection which might fall under web spoofing if im not mistaken.

sql* injection does not fall under the web spoofing category. It's a type of flaw in web applications which allows the attacker to inject arbitrary sql requests to the database, and therefore obtain data he wasn't supposed to.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0