Razvan Raducanu

Cyber security

Part I. PHP Security. Common PHP vulnerabilities

  • Data validation/filtration/output escaping
  • Session management
  • SQL Injection, XSS, CSRF
  • Server validation
  • Information leakeage
  • PHP OS injection


Part II. Network security

  • Firewalls. Penetration testing
  • Intrusion Detection
  • Security Policies
  • Metasploit, Snort, ELSA, Tripwire, Prelude, Aide, Wireshark, etc.


Part III. OS Security

  • Kali Linux Forensics
  • Linux Security
  • Anatomy of viruses
  • Trojans, worms, rootkits
  • ........


Exam requirements

Proiect 1

  • Make a brute force attack on a custom ecommerce site. Modify the code accordingly to block the attack. Exercise on DVWA.
  • Make a CRSF attack on a custom ecommerce site. Modify the code accordingly to block the attack. Exercise on DVWA.
  • Make a XSS attack on a custom ecommerce site. Modify the code accordingly to block the attack. Exercise on DVWA.
  • Make a SQL injection attack on a custom ecommerce site. Modify the code accordingly to block the attack. Exercise on DVWA.
All the attacks should be made locally, without accessing the internet!!!


Proiect 2

  • Configure a firewall so that all ports are blocked, except the 53, 80 and 443. Scan the network to check the settings.
  • Configure a Mikrotik firewall, using custom rules on all chains. Scan the network to check the settings.
  • Configure an Active Domain using different security policies.
  • Create a custom local virtual network(without internet connection!!!) and try to capture login credentials using ARP poisoning.


Proiect 3

  • Take over a Windows XP system using Metasploit on Kali Linux in a virtual custom network, without internet connection!!!
  • Take over an android system using Metasploit on Kali Linux in a virtual custom network, without internet connection!!!
  • Harden the security of a linux system using: Snort, ELSA, Tripwire, Prelude, Aide and grsecurity.
  • List all open ports and associated programs on a linux system. Use iptables to close open ports or stop all unwanted network services.


For students