Discover the Best Tax Invoice Example for Security in Your Business

Tax invoice example for Security

hello everyone welcome back to channel today we will discuss about the web application security and in this presentation we will explore why protecting web application is crucial whether web attacks are common or what are the com core goals in the web application Securities so today the agenda is why we need a web Securities and what are the common web attacks and the core goals of web Securities when I say the core goals like uh if there is any applications if we need to protect that applications what are the common things we need to take so nowadays in this modern world like web application is like a backbone of any Digital Services they power everything from online shopping social media banking cloud services these application often store sensitive data such as personal information payment details business data if compromised the cons consequences can be severe ranging from let's say data breach identity threat significant financial loss reputation damage for let's say if there's a big company that can even go bankrupt there will be heavy penalty if any security data happens additionally like uh gr regulation is also there we we'll talk about that let's say if I'll take the example of e-commerce social media or banking like different type of application has a different set of Securities let's say in e-commerce e-commerce we do what are the things we store let's say our personal information what we are buying our choices our payment systems when it comes to social media is pure or personal details itself in banking it's a pure of like our personal as well as Financial details so everywhere if you see nowadays we have started storing all our sensitive data on the cloud or any kind of modern web applications and it is very important to make sure to protect all these things in the web applications in this world uh usually after covid if you have uh experience nowaday cyber threat is like and what is the goal of these attacks it could be let's say for the profit it's a financial profit uh or the ident identity threat let say other reputational damage for any big company so these kind of the I'll say reason these kind of attacks happen and what will be the consequences of these kind of vulnerabilities there there could be a data breach of existing application as identity temped uh uh if you have seen in recent days uh there was some news like like uh some of the celebrities Twitter account was and some of the information was posted by the hackers so that kind of also uh can happen and that will be kind of reputational damage as well for That Celebrity Financial loss what if uh someone got the access to some other's banking system due to some vulnerability of banking applications over there they can get the money out of it avoid all those uh the attacks each country or Union let's say for example let's say US US has many like a consumer privacy act one of them is let's say CCPA California consumer privacy act similarly uh European Union has its own like a gdpr which is like uh protecting the general data of Europe uh any citizens of Europe uh if how the company can process and how in case if company wants to pull data out of Europe of any European citizens so they have to Pro follow the process of gdpr and the people who like the company who do not follows actually they get even heavy penalities as well you might be um hearing a lot about it in even in next videos as as well there is one more uh like two more uh act which is like health insurance portability and accountability act which is Al also called as heppa this is specific to the our medical information and medical reports because it's very sensitive and if it go goes in a wrong hand there will be a severe damage to I think health or the money or the your reputations as well the last one is like a PCI DSS which is a payment guard Industries data security standard and whenever like any company who is processing the payment they have to follow some framework and the standards to ensure the the minimum security whatever required in the modern digital world is added to that applications about the web attacks so in this world nowadays almost every companies or any every business has their online presence and when we say online presence that means they have some kind of applications some kind of software which is exposed to internet and 80% % of them have at least one or more kind of security issues how we can find it out let's say every day there will be a whistleblower or there will be some data breach which happens and that will be reported by the journalist or the news reporters we can check on this website which is called the datab breaches Donnet we can go through that and check what are the new kind of Security will abilities are happening every day even the the hackers getting evolved they are coming up with a new way of hacking the things if I'll take a few example let's say the target which is one of the e-commerce site of the US uh like in 2013 around 2013 2014 there was a big big issue happens uh in the data security breach happens and almost 40 million credit card debit card records were stolen by hacker and uh this and just there was a heavy penalty because of this on the target company and they had they had to pay almost like 18 $18 million and what happens like why hackers stole this credit card and debit card once they stole this data they will either sell on the dark web or either they will misuse it uh and uh they will start try to like get money from that credit card and if I'll take one more example say UPS which is also um like a courier company in us and there was a big data breach happened which was uh in their microservices any let's say they have a system where they you you can put the CER number and you can get a detail out of it they had like they do not had like each microservices level access which is which allows hackers to see others details as well and hackers can get to know when people are going to receive the credit card and which address so that hacker can go and get the credit card from their mailbox even with the pin code as well we let's talk about some common type of web attacks which is's say SQL injection cross site scripting cross site request for fory remote code executions distributed denial of services in SQL injection usually uh it is a it's a let say database layer of attacks and it's very common and if if any issue if this databas is not configured there's a chance that this kind of issue can happen and it's very easy to remediate as well in we nowadays if you follow the o o standard so we can easily avoid this s injection there is very vast and confusing which is called as cross-site scripting if I would take the example say in uh there's a called as Sami war attack which is well def find example of how severe Crosset scripting can happen in 2000 we had Myspace which is one of the social sites of that time which was like attacked by Sami Kamar who like a USB student and within like I think night or I'll say maximum 24 hours he was able to almost get the details of more than 1 million people cross site request fory this is uh another site of attack which will force the request and behave differently on the server remote code execution in uh there will be some code will be injected on the remote system and which will be get executed that would also it could be malare or it could be something which hacker wants to get data back from that export distributed denial of service suppose we have a two companies arrival or some kind of hacker and they wanted to make sure uh that whatever service you are providing to your consumer it should get affected so they will try to make sure you know your most of the server will be always busy so that the quality of service which you're going provide to customer that will never reach let's talk about the goals of the web application Securities uh first is confidentiality whenever we develop any applications there will be different roles different users there will be uh let's suppose let's the application over there there will be a Founder co-founder then director then there will be employees as well managers so different people have a different roles and there will be some data which will be only shared with a specific people if I take the example of let's banking system I have an account in the bank so I'm the customer of that bank and if I have a bank account that will be whatever the data it has only I can access and some people of the bank who manages that account they can access and the confidentiality ensures that no data of mine will be shared with any other person who is not authorized to access it and next is integrity in Integrity uh we ures that whatever data we have given to bank or the one which I'm receiving from the bank if I take the example of back is as it is and it is not tampered uh change in any way while like transmitting for example let's say a bank is located in let's say New Jersey and I'm trying to access from the uh from some other places let's say New York and now it will be transported through the some cable channel or Wireless Channel and suppose if some hacker uh sits in between and try to you know like get that data and and while whatever I'm transferring let's say $500 I'm transferring and he changed to 5,000 and change the recipient so it could go in a wrong way to ensure that that while trans transmitting or any way the way we are storing uh it ensures that data has not tampered and this is the second goal of the web application Securities and the third one which is the availability which is very important if you remember like uh in last slide I talked about the denial of services which is U which usually attacks the on the third goal which is the availability uh any any business uh has the some uh some kind of uh say Services uh to give them good Services they ensure that whatever they are uh providing it should be available for what uh whatever they committing customer for example let's say Microsoft Microsoft this like if you buy a product it will be available for 99.99% of the time suppose if any competitor or any hacker comes and to damage their reputations they always try to attack and make sure all their all the servers are busy every time so what will happen in that case uh whatever the Microsoft is commit that it that it will be available for 99.99% that will be get reduced to let's say 80 70% and then that time customer will be get frustrated that they are paying for the uh good availability but still not getting it so that is the reputational damage for the Microsoft and this is what whenever we develop any application we make sure like uh this kind of issues should not happen uh in any web applications okay so the rest is like uh now we'll uh talk about the conclusion of this complete video what are the things we discussed and what we are going to discuss in the next video as well web application security is very essential for protecting both businesses and the user itself with the increasing frequency of a tax it's crucial to implement Securities measures that addresses the confidentiality integrity and availabilities by adopting best practices and staying proactive we can significantly reduce the risk and protect against common threats all the every type of attacks whatever happen either it try to break one of these three goals confidentiality integrity and availability and whenever any kind of attacks happens as a web security expert we will be looking which kind of attack it is and what what kind of services it is trying to attack on that basis we categorize it we emphasize it and we decide the city is and how we can protect it and it's not like like uh we have to you know when attacks happen after that we have to fix it it's not every time that's why we have a common database like a data uh like datab b.net for there we can go and check what are the recent taxs and there are there will be some zero day attack as well we will talk about that zero day attack in the maybe some other videos and on that basis like whenever any attacks happen we go through the complete details how it happens what are the remediations how the compan is taking care of it and how many data are Lo and if we are using any third party Services of that companies or something then we will make sure like take a like necessary action to avoid that that attack should not get spill over to our applications as well so thanks for listening and please make sure to uh stay updated on the latest security trams in the next video we will talk about the web API hacks and how it happens what are the remediations another is a crypto mining which is nowadays like a very hot topic how hackers like M their crypto on some other system by hacking them and is crypto uh credential stuffing we'll talk about that one as well and this is script injections which is the the way we have SQL injections similar we have we have a script injection as well this could be client side side we'll talk about both thanks for listening see you in next video see you in next video