INTERNSHIP REPORT

“CYBER SECURITY ”

Submitted in partial fulfillment of the requirement of internship for

THIRD YEAR ENGINEERING

Computer Engineering

SPPU,PUNE

Submitted by

SHIVAM DAYANAND SURYAWANSHI

Roll no -22

Under the guidance of

Prof.S.V Shardul

Amruta Vaishnavi Education & Welfare Trust’s

Shatabdi Institute of Engineering & Research

At. Post- Agaskhind (Via Deolali Camp-Bhagur) Tal-Sinnar,
Dist-Nashik

DEPARTMENT OF COMPUTER ENGINEERING

ACADEMIC YEAR: 2023-2024

Page 1 of
 Amruta Vaishnavi Education & Welfare Trust’s
Shatabdi Institute of Engineering & Research
At. Post- Agaskhind (Via Deolali Camp-Bhagur) Tal-Sinnar,
Dist-Nashik
DEPARTMENT OF COMPUTER ENGNIEERING
ACADEMIC YEAR: 2023-2024

This is to certify that, this report entitled “CYBER SECURITY” submitted by

SHIVAM DAYANAND SURYAWANSHI for partial fulfillment of the requirement of
internship for THIRD YEAR ENGINEERING in COMPUTER ENGINEERING as
laid down by SAVITRIBAI PHULE PUNE UNIVERSITY, Pune, is a record of their
own work carried out by them under my supervision and guidance during year 2023 –
2024.

Place: Nashik

Date:

Prof S.V. Shardul Mrs.M.A. Dahale

INTERNSHIP GUIDE
TRAINING

INCHARGE

Prof.S.V. Mahale

HEAD OF DEPARTMENT Dr. P. G.

VISPUTE

Page 2 of
PRINCIPAL

Page 3 of
INTERNSHIP COMPLETION CERTIFICATE

Page 4 of
 Internship Place Details -

NetLeap IT Training and Solutions | Best IT Training Institute

Floor No.1 Avadhoot Aadhar Apartment, Gangapur Rd, above Luthra Agencies, Old Gangapur Naka,
Signal, Nashik, Maharashtra 422005

Company background – Organization:

NetLeap IT Training & Solutions is set up to provide quality, industry-oriented IT Training with
future needs of IT Infrastructure.

Provide extensive training in high end certification programs like Hardware / Networking,
Cisco Technologies, Redhat Linux, Red Hat Openstack, Ansible, Virtualization ,AWS,
SOFTWARE DEVELOPMENT, etc.

Activities / Scope:

 Network Security
 Application Security
 Information Security
 Endpoint Security
 Cloud Security

Object of the Study:

To analyze the Cybersecurity focuses on protecting computer systems, networks, and data from
unauthorized access, attacks, and breaches

Page 5 of
 Contents

Sr. No Content Page No

1 Introduction 7-9

2 CIA Traid 10

4 Network Security 11-12

5 Significance 13-14

8 Inventory Management Compliance 15-16

9 Flow Chart 17

10 Types Of Cyber Security 18

11 Types Of Cyber Attack 19-20

12 Cyber Security Vulnerabilities 21-22

13 Cyber Security Measures 23-24

15 Project-OWASP Calculation 25-32

16 Attendance 33

17 Conclusion 34

18 References 35

Page 6 of 36
 Abstract

Abstract of Cyber Security

Cyber security, a critical domain in today's digital era, encompasses the protection of computer
systems, networks, and data from cyber threats. With the increasing reliance on technology and the
interconnected nature of our digital infrastructure, the importance of cyber security cannot be
overstated. This abstract provides an overview of the key aspects of cyber security, including its
significance, challenges, and approaches.

Significance: Cyber security plays a vital role in safeguarding sensitive information, preserving
privacy rights, ensuring business continuity, and maintaining trust in digital systems. It protects
against a wide range of cyber threats, including malware, phishing attacks, ransomware, and insider
threats, which can result in financial losses, reputational damage, and legal liabilities.

Challenges: The evolving threat landscape presents numerous challenges for cyber security,
including the proliferation of sophisticated cyber attacks, the emergence of new technologies and
attack vectors, and the human factor, such as human error and negligence. Additionally, compliance
with regulatory requirements and the need to balance security with usability and productivity pose
significant challenges for organizations.

Approaches: Effective cyber security requires a multi-layered approach that combines technical
controls, security best practices, and user education. This includes implementing robust
authentication and access controls, deploying advanced threat detection and prevention technologies,
conducting regular security assessments and audits, and fostering a culture of security awareness and
vigilance among employees.

Page 7 of 36
Introduction
In today's interconnected world, cyber security plays a critical role in protecting individuals,
organizations, and governments from a wide range of threats. From data breaches to ransomware
attacks, the risks associated with cyber threats continue to evolve, making it essential to understand
the fundamentals of cyber security.

At its core, cyber security involves the practices, technologies, and processes designed to safeguard
digital assets, including computers, networks, and data, from unauthorized access, manipulation, or
destruction. With the proliferation of technology and the increasing reliance on digital platforms for
communication, commerce, and critical infrastructure, the need for effective cyber security measures
has never been greater.

This introduction serves as a gateway to exploring the various aspects of cyber security, including its
importance, key principles, emerging trends, and best practices. By gaining a deeper understanding
of cyber security fundamentals, individuals and organizations can better protect themselves against
cyber threats and mitigate potential risks to their digital assets and operations.

Understanding Cyber Security:

It involves protecting computers, networks, and data from unauthorized access or damage.

Importance of Cyber Security:

Failing to prioritize cyber security can lead to financial losses, reputational damage, and legal
liabilities.

Liability in Cyber Security:

Legal responsibility for cyber attacks and breaches falls on individuals, organizations, and
governments, emphasizing the need for compliance with data protection laws.

Vision for Cyber Security:

Creating a secure digital ecosystem through collaboration, best practices, and innovative
technologies is key.

Page 8 of 36
What Is A Cyber Security?

Cyber security, also known as information security or computer security, refers to the practice of
protecting computer systems, networks, data, and digital assets from unauthorized access,
exploitation, manipulation, or destruction. It encompasses a range of technologies, processes, and
practices designed to safeguard against cyber threats, including hackers, malware, ransomware,
phishing scams, and insider threats.

The primary goal of cyber security is to ensure the confidentiality, integrity, and availability of
information and resources in the digital realm. This involves implementing security measures such
as encryption, access controls, intrusion detection systems, firewalls, and security policies to prevent
unauthorized access to sensitive data, detect and respond to security incidents, and maintain the
uninterrupted operation of critical systems and services.

Cyber security is essential for protecting individuals, organizations, and governments from the
growing number and sophistication of cyber threats in today's interconnected world. It plays a crucial
role in safeguarding personal privacy, preserving business continuity, maintaining trust in digital
systems, and upholding national security interests.

Page 9 of 36
Why Cyber Security Is Important?

Cyber security is important because it protects computer systems, networks, data, and digital assets
from unauthorized access, exploitation, and harm. It encompasses a range of technologies, processes,
and practices designed to safeguard against cyber threats such as hackers, malware, phishing scams,
and insider threats.

The importance of cyber security stems from several key factors:

1. Protection of Data: Cyber security helps safeguard sensitive information, including personal
data, financial records, and intellectual property, from theft, manipulation, or unauthorized
disclosure.

2. Preservation of Privacy: Cyber security measures ensure that individuals' privacy rights are
respected by preventing unauthorized access to personal information stored online, such as
emails, social media accounts, and browsing history.

3. Business Continuity: Cyber security is essential for maintaining the uninterrupted operation of
businesses and organizations by protecting critical systems and services from cyber attacks that
could disrupt operations or cause financial losses.

4. Trust and Confidence: Maintaining trust and confidence in digital systems and services is crucial
for fostering innovation, facilitating commerce, and sustaining economic growth. Cyber security
helps preserve trust by safeguarding the confidentiality, integrity, and availability of information and
resources.

5. Compliance and Legal Requirements: Organizations are subject to various laws, regulations,
and industry standards governing data protection, privacy, and cyber security. Compliance with
these requirements is essential for avoiding legal liabilities, regulatory fines, and reputational
damage.

6. National Security: Cyber attacks can have significant national security implications, ranging
from espionage and sabotage to disruption of critical infrastructure and services. Cyber security
measures are essential for protecting against these threats and safeguarding the economic and
national interests of nations

Page 10 of 36
CIA TRIAD

The CIA triad is a foundational concept in cybersecurity, representing three core principles:
Confidentiality, Integrity, and Availability.

1. Confidentiality: Ensuring that data is accessible only to those authorized to access it. This involves
measures such as encryption, access controls, and secure communication channels.

2. Integrity: Ensuring that data is accurate, complete, and trustworthy. Measures to maintain integrity
include data validation, checksums, and digital signatures to detect unauthorized changes.

3. Availability: Ensuring that data and resources are accessible to authorized users when needed. This
involves measures such as redundancy, backups, and robust infrastructure to prevent downtime due to
cyberattacks or technical failures.

Page 11 of 36
Network Security

Network security involves protecting computer networks from unauthorized access, misuse,
modification, or denial of service. It encompasses various technologies, policies, and procedures
designed to secure the network infrastructure and the data transmitted over it. Key components of
network security include:

1. Firewalls: These are security barriers that monitor and control incoming and outgoing
network traffic based on predetermined security rules. They help prevent unauthorized
access to or from private networks.

2. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS): IDS
monitors network traffic for suspicious activity or known attack patterns, while IPS
actively blocks or filters malicious traffic.

3. Virtual Private Networks (VPNs): VPNs create encrypted tunnels over public
networks, such as the internet, to ensure secure remote access to private networks.

4. Antivirus and Antimalware Software: These programs detect and remove

malicious software (viruses, worms, Trojans, etc.) from computer systems and
networks.

5. Authentication and Access Control: This involves verifying the identity of users and
devices trying to access the network and limiting their access based on predefined
policies.

6. Encryption: Encrypting sensitive data before transmitting it over the network helps protect
it from unauthorized interception and disclosure.

7. Security Protocols: Implementing secure protocols (e.g., SSL/TLS for web traffic)
helps ensure the confidentiality and integrity of data transmitted over the network

8. Regular Updates and Patch Management: Keeping network devices, software, and
security measures up to date with the latest patches helps mitigate vulnerabilities and reduce
the risk of exploitation by attackers.

Page 12 of 36
9. Security Audits and Monitoring: Regularly auditing network security controls and
monitoring network activity for anomalies or signs of intrusion can help identify and
address security weaknesses proactively.

10. Employee Training and Awareness: Educating employees about security best practices,
such as creating strong passwords, recognizing phishing attempts, and avoiding suspicious
websites, can help prevent security breaches caused by human error.

Page 13 of 36
Significance

The Significance of Cyber Security

In today's digital age, where technology permeates every aspect of our lives, the significance
of cyber security cannot be overstated. Here are some key reasons why cyber security is of
paramount importance:

Protection of Sensitive Data:

Cyber security measures are essential for safeguarding sensitive information such as
personal data, financial records, and intellectual property. Breaches in security can lead to
data theft, identity fraud, and financial losses for individuals and organizations alike.

Preservation of Privacy:

Maintaining privacy is a fundamental human right in the digital age. Cyber security helps
protect individuals' privacy by preventing unauthorized access to personal information
stored online, such as social media accounts, emails, and browsing history.

Prevention of Financial Losses:

Cyber attacks can result in significant financial losses for businesses through theft of funds,
ransom demands, or disruption of operations. Investing in robust cyber security measures
can help mitigate these risks and protect against potential financial harm.

Protection of Critical Infrastructure:

Critical infrastructure such as power grids, transportation systems, and healthcare facilities
relies heavily on interconnected computer systems. Cyber security safeguards these
systems from attacks that could disrupt essential services and cause
widespread chaos.

Page 14 of 36
Preservation of Reputation:

A data breach or cyber attack can tarnish an organization's reputation and erode customer
trust. Implementing effective cyber security measures not only protects against financial
losses but also helps maintain a positive public image and preserve stakeholder confidence.

Mitigation of Legal and Regulatory Risks:

Compliance with data protection laws and regulations is mandatory for businesses
operating in today's globalized marketplace. Failure to secure sensitive data can result in
legal liabilities, regulatory fines, and damage to corporate credibility.

Protection Against Emerging Threats:

As technology evolves, so do cyber threats. Cyber security measures must continually

adapt to address new and emerging threats such as ransomware, phishing scams, and
artificial intelligence-driven attacks.

In summary, cyber security is indispensable for protecting individuals, organizations, and

governments against a myriad of cyber threats. By prioritizing cyber security measures,
stakeholders can mitigate risks, preserve privacy, safeguard critical infrastructure, and
maintain trust in an increasingly interconnected

Page 15 of 36
Inventory Management Compliance

Inventory management compliance refers to adhering to regulations and standards governing

the tracking, handling, and reporting of inventory within a business or industry. Here's a brief
overview:

1. Regulatory Requirements: Depending on the industry and geographic

location, businesses may be subject to various regulatory requirements regarding
inventory management. These regulations often aim to ensure accuracy,
transparency, and accountability in inventory tracking and reporting.

2. Inventory Tracking: Compliance typically involves accurately tracking inventory levels,

movements, and transactions throughout the supply chain. This includes recording
purchases, sales, returns, transfers, and adjustments in inventory management systems.

3. Data Accuracy and Integrity: Maintaining accurate and reliable inventory data is
crucial for compliance. Businesses must implement processes and controls to minimize
errors, discrepancies, and fraud in inventory records.

4. Quality Control: Compliance: may require implementing quality control measures to

ensure the accuracy, safety, and integrity of inventory items. This may involve
conducting inspections, testing, and monitoring inventory for defects, expiration dates, or
other quality issues.

5. Documentation and Reporting: Businesses often need to maintain detailed

documentation of inventory transactions and activities for compliance purposes. This
includes keeping records of inventory counts, valuations, audits, and regulatory
reports.

6. Security and Confidentiality: Protecting sensitive inventory data from unauthorized

access, theft, or loss is essential for compliance. Businesses may need to implement
security measures such as access controls, encryption, and physical safeguards to safeguard
inventory information.

Page 16 of 36
7. Audits and Compliance Checks: Compliance may involve undergoing periodic audits
or compliance checks to assess adherence to inventory management regulations and
standards. These audits may be conducted internally or by external regulatory agencies.

8. Technology and Automation: Leveraging inventory management software and

automation tools can help streamline compliance efforts by improving accuracy,
efficiency, and visibility into inventory processes.

9. Training and Education: Ensuring employees are trained on inventory management

policies, procedures, and compliance requirements is crucial for maintaining
compliance. This may include training on data entry, inventory handling, regulatory
requirements, and ethical practices.

10. Continuous Improvement: Compliance is an ongoing effort that requires continuous

monitoring, evaluation, and improvement of inventory management processes. Businesses
should regularly review and update their inventory management practices to address
evolving regulatory requirements and business needs.

Page 17 of 36
Flow Charts

Page 18 of 36
Types Of Cyber Security

Cybersecurity encompasses various approaches and measures aimed at protecting computer systems,
networks, and data from unauthorized access, cyberattacks, and data breaches. Here are some key
types of cybersecurity:

1. Network Security: Focuses on securing the integrity and confidentiality of data as it travels across
networks. This involves implementing firewalls, intrusion detection systems, and encryption protocols
to prevent unauthorized access and data interception.

2. Endpoint Security: Concerned with securing individual devices such as computers, smartphones,
and tablets. Endpoint security solutions include antivirus software, intrusion prevention systems, and
device encryption to protect against malware, phishing, and other threats.

3. Data Security: Involves protecting sensitive data from unauthorized access, disclosure, and
manipulation. Data security measures include encryption, access controls, data masking, and data
loss prevention techniques to safeguard valuable information.

4. Application Security: Focuses on securing software applications and preventing vulnerabilities

that could be exploited by attackers. This includes secure coding practices, regular security testing,
and the implementation of security controls such as authentication and authorization mechanisms.

5. Cloud Security: Addresses the unique security challenges associated with cloud computing
environments. This includes ensuring the confidentiality, integrity, and availability of data stored
in the cloud, as well as implementing access controls, encryption, and monitoring solutions.

6. Identity and Access Management (IAM): Involves managing user identities and controlling
their access to systems and resources. IAM solutions include user authentication, authorization, and
accountability mechanisms to ensure that only authorized users can access sensitive information.

Page 19 of 36
Types Of Cyber Attacks

Certainly! Cyberattacks encompass a wide range of malicious activities targeting computer systems,
networks, and data. Here's a brief explanation of some common types:

1. Malware Attacks: Malicious software, or malware, includes viruses, worms, Trojans,

ransomware, spyware, and adware. Malware infects systems to steal data, disrupt operations, or gain
unauthorized access.

2. Phishing Attacks: Phishing involves tricking users into revealing sensitive information such as
passwords, credit card numbers, or personal details by posing as a legitimate entity via email, text
message, or phone call.

3. Man-in-the-Middle (MitM) Attacks: In MitM attacks, an attacker intercepts communication

between two parties to eavesdrop, manipulate data, or steal information without the knowledge of
the communicating parties.

4. SQL Injection Attacks: SQL injection exploits vulnerabilities in web applications to inject
malicious SQL code into database queries, allowing attackers to access, modify, or delete
data.

5. Cross-Site Scripting (XSS) Attacks: XSS attacks inject malicious scripts into web pages
viewed by other users, potentially stealing cookies, session tokens, or other sensitive information.

6. Ransomware Attacks: Ransomware encrypts a victim's files or locks them out of their
system, demanding a ransom payment for decryption or restoration of access.

7. Social Engineering Attacks: Social engineering manipulates individuals into divulging

confidential information or performing actions that compromise security, often through
psychological manipulation or deception.

Page 20 of 36
8. Zero-Day Exploits: Zero-day exploits target vulnerabilities in software or systems that are
unknown to the vendor or have not been patched yet, giving attackers a window of opportunity
to launch attacks before defenses can be put in place.

9. Insider Threats: Insider threats involve employees, contractors, or business partners who
misuse their access privileges to steal data, sabotage systems, or compromise security from within
the organization.

10. Botnet (Bot Network) Attacks: A botnet is a network of compromised computers or devices
controlled by a single entity, usually a hacker or a group of hackers. These compromised devices,
known as "bots" or "zombies," are typically infected with malicious software without the
knowledge of their owners. Botnet attacks can involve various malicious activities such as DDoS
attacks, spam distribution, information theft, and more. Hackers use botnets to carry out
coordinated attacks, leveraging the combined resources of multiple compromised devices.

11. Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks: In a DoS attack,
the attacker floods a target system, network, or service with an overwhelming amount of traffic or
requests, rendering it inaccessible to legitimate users. DDoS attacks are similar but involve
multiple sources (often compromised devices in a botnet) flooding the target simultaneously,
making them even more potent. These attacks aim to disrupt the availability of services, causing
financial losses and reputational damage to the targeted organization.

12. Domain Generation Algorithm (DGA) Attacks: Domain Generation Algorithms are techniques
used by malware to dynamically generate a large number of domain names to communicate with
their command and control (C&C) servers. This makes it difficult for security measures to block or
blacklist these domains effectively. DGA attacks are commonly associated with botnets and other
types of malware that rely on communication with external servers controlled by attackers. By using
DGAs, malware can evade detection and maintain persistence by constantly changing the domain
names it communicates with.

13. Network Attacks: Network attacks encompass a wide range of malicious activities
targeting networks, devices, or communication protocols. These attacks can include but are not
limited to:
-Man-in-the-Middle (MitM) Attacks: Intercepting and possibly altering communication between
two parties without their knowledge.
-Packet Sniffing: Capturing data packets transmitted over a network to steal sensitive information.
-ARP Spoofing: Manipulating the Address Resolution Protocol (ARP) tables to redirect network
traffic to the attacker's device.
-Port Scanning: Searching for open ports on a target system to identify potential vulnerabilities or
services running on it.
-DNS Spoofing: Corrupting the Domain Name System (DNS) to redirect users to malicious websites
or serve

Page 21 of 36
Cyber Security Vulnerabilities

Cybersecurity weak points can exist at various levels within an organization's infrastructure,
processes, and human factors. Here are some common weak points:

1. Outdated Software and Systems: Legacy systems or software that are not regularly
updated or patched can contain vulnerabilities that attackers can exploit. Unsupported or end-of-
life software may no longer receive security updates, leaving them particularly vulnerable.

2. Weak Passwords and Authentication: Inadequate password policies, such as using

default or easily guessable passwords, or failing to implement multi-factor authentication, can make
it easier for attackers to gain unauthorized access to systems and accounts.

3. Lack of Employee Awareness and Training: Employees who are not adequately
trained in cybersecurity best practices may inadvertently fall victim to phishing scams, social
engineering attacks, or other forms of manipulation by attackers.

4. Insufficient Access Controls: Failure to implement proper access controls, such as

least privilege principles, can result in unauthorized users gaining access to sensitive data or
systems. Overly permissive access permissions can also increase the risk of insider threats.

5. Inadequate Network Security Measures: Weaknesses in network security, such as

unsecured Wi-Fi networks, unencrypted communications, or lack of intrusion detection systems,
can make it easier for attackers to intercept data or gain unauthorized access to network resources.

6. Poorly Configured or Misconfigured Security Controls: Misconfigurations in

firewalls, antivirus software, or other security controls can create vulnerabilities that attackers can
exploit to bypass defenses or launch attacks.

Page 22 of 36
 7. Lack of Incident Response Plan: Without a well-defined incident response plan,
organizations may struggle to detect, contain, and respond effectively to cyber incidents, resulting
in prolonged exposure to threats and increased damage.

8. Third-party and Supply Chain Risks: Organizations may be vulnerable to cyber

attacks through their relationships with third-party vendors, suppliers, or partners who may have
weaker cybersecurity practices, allowing attackers to exploit them as a pathway into the
organization's systems.

9. Data Privacy and Compliance Issues: Failure to comply with relevant data protection
regulations or industry standards can expose organizations to legal and financial consequences in
the event of a data breach or security incident.

10. Human Factors and Insider Threats: Malicious insiders or employees who
unwittingly compromise security due to negligence, lack of awareness, or malicious intent can pose
significant risks to an organization's cybersecurity postures

Page 23 of 36
Cyber Security Measures

Cybersecurity measures and protection strategies are crucial for safeguarding computer
systems, networks, and data from cyber threats. Here's a detailed overview of some key
cybersecurity measures and protection mechanisms:

1. Firewalls: Deploy firewalls to monitor and control incoming and outgoing network
traffic based on predefined security rules. Firewalls act as a barrier between a trusted internal
network and untrusted external networks, helping to prevent unauthorized access and cyber attacks.

2. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS): IDS
and IPS solutions monitor network traffic for suspicious activities or known attack patterns. IDS
detects and alerts on potential security incidents, while IPS can automatically block or respond to
detected threats in real-time.

3. Endpoint Security: Protect endpoint devices such as desktops, laptops, and mobile
devices with antivirus software, anti-malware solutions, and endpoint detection and response (EDR)
tools. Endpoint security solutions help detect and mitigate threats targeting individual devices.

4. Access Control and Authentication: Implement strong access controls and authentication
mechanisms to ensure that only authorized users have access to sensitive systems and data. Use multi-
factor authentication (MFA), biometric authentication, and least privilege principles to enhance

Page 24 of 36
 5. Encryption: Encrypt sensitive data both in transit and at rest to protect it from
unauthorized access or interception. Use encryption algorithms and protocols such as SSL/TLS
for secure communication and data encryption standards for data storage.

6. Patch Management: Regularly update and patch software, operating systems, and
firmware to address known vulnerabilities and security weaknesses. Patch management helps
mitigate the risk of exploitation by attackers targeting known vulnerabilities.

7. Security Awareness Training: Provide comprehensive cybersecurity awareness

training to employees to educate them about common threats, phishing scams, social engineering
tactics, and best practices for maintaining security. Security awareness training helps reduce the
risk of human error and improve overall security posture.

8. Incident Response Planning: Develop and maintain an incident response plan to

effectively detect, respond to, and recover from cybersecurity incidents. The incident response
plan should include procedures for incident detection, reporting, containment, eradication, and
recovery.

9. Data Backup and Recovery: Implement regular data backup procedures to ensure that
critical data is regularly backed up and stored securely. Test backup and recovery processes
regularly to verify their effectiveness in restoring data in the event of a cyber incident.

10. Continuous Monitoring and Threat Intelligence: Implement continuous monitoring

tools and threat intelligence sources to detect and respond to security threats in real-time.
Continuous monitoring helps identify and mitigate security incidents quickly, while threat
intelligence provides insights into emerging threats and attack trends.

11. Regulatory Compliance: Ensure compliance with relevant cybersecurity regulations,

industry standards, and frameworks based on the organization's industry and geographical location.
Compliance with regulations such as GDPR, HIPAA, PCI DSS, ISO 27001, and NIST
Cybersecurity Framework helps mitigate legal and regulatory risks.

Page 25 of 36
 Cyber Security Project-OWASP Calculation

The OWASP Calculator is a comprehensive tool designed to evaluate the security posture
of web applications against common vulnerabilities and threats. In today's digital
landscape, web applications are prime targets for malicious actors seeking to exploit
vulnerabilities for various nefarious purposes. Hence, it is imperative for organizations to
regularly assess and enhance the security of their web applications.

The OWASP Calculator offers a systematic approach to identifying, prioritizing, and

addressing security issues within web applications. Leveraging industry best practices and
standards, the tool employs a varietyof assessment techniques, including vulnerability
scanning, penetration testing, and risk analysis.

Key features of the OWASP Calculator include:

1. Vulnerability Detection: The tool scans web applications for known security
vulnerabilities such as SQLinjection, cross-site scripting (XSS), cross-site request forgery
(CSRF), and more.

2. Risk Prioritization: It assigns risk scores to identified vulnerabilities based on factors

such as severity, exploitability, and potential impact, enabling organizations to prioritize
remediation efforts effectively.

3. Compliance Checking: The OWASP Calculator assesses web applications against

relevant security standards and guidelines, including OWASP Top 10, PCI DSS, and
GDPR, ensuring compliance with regulatory requirements.

4. Customization and Flexibility: Organizations can tailor the assessment criteria and
parameters accordingto their specific requirements, allowing for a flexible and adaptable
approach to security assessment.

5. Reporting and Analysis: The tool generates comprehensive reports detailing identified
vulnerabilities, associated risks, and recommended remediation measures. These reports
facilitate informed decision- making and communication with stakeholders.

By utilizing the OWASP Calculator, organizations can proactively identify and mitigate
security risks within their web applications, thereby enhancing their overall security
posture and safeguarding against potential threats.

In summary, the OWASP Calculator serves as a valuable asset for organizations

committed to maintainingthe security and integrity of their web applications in the face of
evolving cyber threats.

Page 26 of 36
 Project Aim

The project aim of the OWASP Calculator can be detailed as follows:

1. Comprehensive Security Assessment: The OWASP Calculator aims to

provide a comprehensive tool capable of thoroughly assessing the security
posture of web applications. Thisinvolves identifying vulnerabilities across
various layers and components of the application stack.

2. Risk Prioritization: One of the primary goals is to enable organizations to

prioritize remediationefforts effectively. The tool assigns risk scores to
identified vulnerabilities based on factors such as severity, exploitability, and
potential impact, allowing organizations to focus on addressing high-risk issues
first.

3. Vulnerability Detection: The project aims to develop robust mechanisms

for detecting a widerange of security vulnerabilities commonly found in web
applications. This includes but is not limited to vulnerabilities such as SQL
injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and
more.

4. Adherence to Standards: The OWASP Calculator project endeavors to

ensure that web applications assessed using the tool comply with relevant
security standards and guidelines. Thismay include standards such as the
OWASP Top 10, Payment Card Industry Data Security Standard (PCI DSS),
General Data Protection Regulation (GDPR), among others.

5. Flexibility and Customization: Recognizing the diverse nature of web

applications and organizational requirements, the project aims to offer
flexibility and customization options. Thisallows organizations to tailor the
assessment criteria and parameters according to their specific needs and
environments.

6. Reporting and Analysis: Another crucial aspect is to provide detailed reports

that offer insightsinto identified vulnerabilities, associated risks, and
recommended remediation measures. These reports facilitate informed
decision- making and communication with stakeholders, including developers,
security teams, and management.

7. Proactive Security Measures: Ultimately, the OWASP Calculator aims to

promote a proactiveapproach to web application security. By empowering
organizations to identify and mitigate security risks early in the development
lifecycle, the project contributes to enhancing the overallsecurity and
resilience of web applications against evolving cyber threats.

By focusing on these key objectives, the OWASP Calculator project aims to serve as a
valuable asset for organizations striving to safeguard their web applications and protect
sensitive data frompotential security breaches.Problem Statement

Page 27 of 36
 Problem Statement for OWASP Calculation:

The problem statement of the OWASP Calculator project revolves around addressing the
inherent vulnerabilities and security risks present in web applications. Despite the
advancements in web technology, web applications remain susceptible to a wide range of
exploits and threats, including but not limited to SQL injection, cross-site scripting (XSS),
cross-site request forgery (CSRF), andmore. The lack of effective tools and
methodologies for systematically assessing and mitigating these vulnerabilities poses a
significant challenge for organizations seeking to protect their web applications and the
sensitive data they handle. Furthermore, the absence of standardized approaches for
prioritizing remediation efforts and ensuring compliance with relevant security standards
exacerbates the problem, leading to potential security breaches, data leaks, and
compromised user trust. Therefore, there is a pressing need for a comprehensive and
adaptable solution like the OWASP Calculator that can efficiently detect, prioritize, and
address security vulnerabilities in web applications while facilitating compliance with
industry standards andregulations

Page 28 of 36
System Analysis and Requirement

2.1 Required environment

The system development environment shows the hardware and
software requirements,which is necessary for developing the software.
Necessary softwareand hardwarerequirements, which are necessary for
making this software are as follows:

 Software requirement
 Operating system: Windows 7 or 10
 HTML
 Visual Studio Code

 Hardware requirement
 Processor: A multicore processor with a speed of
at least 1.6 GHz or higher is recommended. Intel
Core i3, i5, or i7 series or equivalent AMD
processors.
 Ram: A minimum of 4 GB RAM is recommended.
 Storage: 128GB HDD or SSD

Page 29 of 36
 Software system specification

Project Name: OWASP Calculator

Abstract: The OWASP Calculator stands as a robust and
indispensable tool in the realm of web application security
assessment. Its comprehensive design
encompasses a multitude of
techniques and methodologies, all aimed at meticulously
scrutinizing web applications for prevalent vulnerabilities
and threats. Drawing from established industry standards and
best practices, the OWASP Calculator integrates various
approaches, including vulnerability scanning, penetration
testing, and rigorous risk analysis. Through these
methodologies, it systematically identifies and catalogues
security issues, ranging from common exploits like SQL
injection and cross-site scripting (XSS) to more sophisticated
threats like cross-site request forgery (CSRF). What sets the
OWASP Calculator apart is its capacity to not merely
identify vulnerabilities, but also to assign risk scores to
each, thereby enabling organizations to prioritize
remediation efforts effectively
Language: HTML
IDE: Visual Studio Code
Compiler Google Chrome

Graph Chart.js
Type: Desktop Application
Recommended T.E Students
for:

Page 30 of 36
 Further scope
The future scope of the OWASP Calculator project encompasses several avenues for
expansion, enhancement, and adaptation to evolving cybersecurity landscapes. Here are
some potential areas of futuredevelopment:

1. Advanced Threat Detection: Incorporate machine learning and artificial intelligence

techniques to enhance the capability of the OWASP Calculator in identifying and
mitigating emerging threats and zero- day vulnerabilities.

2. Cloud-Native Security Assessments: Extend the OWASP Calculator to support security

assessments of cloud-native applications and microservices architectures, considering the
unique security challenges posedby cloud environments.

3. Container Security: Develop capabilities to assess the security of containerized

applications and containerorchestration platforms (e.g., Kubernetes) to address the
growing adoption of container technology in modern application deployments.

4. API Security: Expand the scope of the OWASP Calculator to include assessments of
API security, considering the critical role of APIs in modern web application architectures
and the increasing prevalenceof API-related security vulnerabilities.

5. DevSecOps Integration: Strengthen integration with DevSecOps practices and

toolchains to facilitate automated security assessments throughout the software
development lifecycle, promoting a shift-left approach to security.

6. Threat Intelligence Integration: Integrate threat intelligence feeds and security

information and event management (SIEM) systems to enrich the OWASP Calculator's
capabilities with real-time insights into emerging threats and attack patterns.

7. Interactive Training and Education: Develop interactive training modules and

educational resources to help developers and security professionals better understand and
address common vulnerabilities identifiedby the OWASP Calculator.

8. Community Collaboration and Contribution: Foster an active community around the

OWASP Calculator project, encouraging collaboration, knowledge sharing, and
contributions from security experts, developers,and organizations worldwide.

9. Compliance Automation: Enhance automation capabilities to streamline compliance

assessments and reporting processes, helping organizations demonstrate adherence to
regulatory requirements more efficiently.

Page 31 of 36
System Design

Page 32 of 36
ER Diagram

Page 33 of 36
Attendence
SR NO DATE DAY WORK DONE
1 11/12/2023 Monday Introduction To Cyber Security
2 12/12/2023 Tuesday Understood CIA Traid
3 13/12/2023 Wednesday Network Security
4 14/12/2023 Thursday Inventory Management Compliance
5 15/12/2023 Friday Cyber Security Work Flow
6 16/12/2023 Saturday BAT File Testing
7 17/12/2023 Sunday Holiday
8 18/12/2023 Monday Intro Of CMD
9 19/12/2023 Tuesday Performed CMD Commands
10 20/12/2023 Wednesday Types Of Cyber Attacks
11 21/12/2023 Thursday Intro To Cyber Policies
12 22/12/2023 Friday Task To Find Vulnerabilities In A Systems
13 23/12/2023 Saturday Introduction To Linux
14 24/12/2023 Sunday Holiday
15 25/12/2023 Monday Holiday
16 26/12/2023 Tuesday Basics Of Cryptography
17 27/12/2023 Wednesday Identify Internal Threats
18 28/12/2023 Thursday Analzying On Cyber Attacks
19 29/12/2023 Friday Intro To Types Of Hackers
20 30/12/2023 Saturday Awareness Regarding Cyber Crimes
21 31/12/2023 Sunday Holiday
22 01/01/2024 Monday Learned About Cyber Attacks Measures
23 02/01/2024 Tuesday Made An Audit About System Specification
24 03/01/2024 Wednesday Updated Software And Drivers Of All Desktops
25 04/01/2024 Thursday Updated Desktop With Latest Security Patch
26 04/01/2024 Friday Task Given To Develop Project On OWASP
Calculation
27 05/01/2024 Saturday Prepared The Project Model
28 06/01/2024 Sunday Holiday(We Prepared The Project At Home)
29 07/01/2024 Monday Tested Our Project In Every Systems
30 08/01/2024 Tuesday Deployed Our Project After All Testing
31 09/01/2024 Wednesday Represented Our Project OWASP Calculation
Infront Our Guide And Other Interns
32 11/01/2024 Friday Awarded With An Internship Completion
Certificate

Page 34 of 36
Conclusion

Cybersecurity is an ever-evolving field crucial to safeguarding digital assets and ensuring

the integrity, confidentiality, and availability of information in an increasingly
interconnected world. As technology advances, so do the threats, making it imperative for
organizations and individuals to remain vigilant and proactive in their approach to
cybersecurity.

In conclusion, effective cybersecurity requires a multi-faceted strategy encompassing robust

policies, vigilant monitoring, advanced technologies, and a well-trained workforce. It's not
merely a matter of deploying the latest security tools but also fostering a culture of security
awareness and continuous improvement.

Organizations must adopt a proactive stance, anticipating and mitigating potential threats
before they materialize. This includes investing in cutting-edge technologies such as
artificial intelligence and machine learning to detect and respond to threats in real-time.

Furthermore, collaboration between governments, private sector entities, academia, and

international organizations is essential to combatting cyber threats effectively. Information
sharing and coordinated responses can enhance the collective resilience of the global
community against cyber attacks.

Ultimately, cybersecurity is everyone's responsibility, from individual users to multinational

corporations. By prioritizing cybersecurity, embracing best practices, and staying informed
about emerging threats, we can collectively create a safer digital environment for
generations to come.

Page 35 of 36
References

Cybersecurity Agenda for the 45th President. (2017, January 5). Retrieved from
https://www.csis.org/news/cybersecurity-agenda-45th-president

Applications Now Available for City Colleges of Chicago’s New Cyber Security “Boot
Camp”. (2017, March 18). Retrieved
from http://www.ccc.edu/news/Pages/Applications-Now-Available-for-City-Colleges- of-
Chicagos-New-Cyber-Security-Boot-Camp-.aspx

ApprenticeshipUSA Investments. (2017, June 22). Retrieved

from https://www.dol.gov/featured/apprenticeship/grants

Assante, M., Tobey, D. (2011, February 4). Enhancing the Cybersecurity Workforce. Retrieved
from http://ieeexplore.ieee.org/document/5708280/

Cyber Discovery | NICERC. (2016). Retrieved from https://nicerc.org/events/cyber- discovery/

Page 36 of 36