Security issue in web

Malware: Malicious programs that can infect and spread on e-commerce sites to steal credit card
data or encrypt drives

Phishing: Scammers create fake websites or emails to steal sensitive information

SQL injection: Hackers enter harmful code into a SQL database to access confidential data like credit
card information

Bots: Harmful programs that can install malware or launch phishing campaigns

Credit card fraud: Hackers gain unauthorized access to customers' personal and payment information

Brute force attacks: Guessing the details required to access the admin section of an e-commerce site

DDoS attacks: Malicious software is used to infect client machines and overwhelm an application's
server so it can't process requests

Payment gateway bypass: A security threat in e-commerce

OTP bypass: A security threat in e-commerce

Cross-site scripting (XSS): A security threat in e-commerce

Firewall
A firewall is like a security guard for your computer or network. It controls the traffic (data) that
comes in and goes out, making sure only safe and authorized connections are allowed while blocking
potentially harmful or unwanted ones.

Here’s a simple breakdown:

1. What it does:

o It checks all incoming and outgoing data to see if it matches a set of rules.

o If the data is safe (according to the rules), it’s allowed through.

 o If the data is suspicious or harmful (like from hackers or malware), it’s blocked.

2. Where it works:

o On your computer: Your device might have a built-in firewall that checks for threats.

o On a network: For businesses or large networks, a firewall protects the whole

system, making sure bad data doesn’t enter the network.

3. How it helps:

o Blocks malicious traffic: It prevents hackers, viruses, or malware from accessing your
computer or network.

o Monitors connections: It tracks the websites and services you connect to, ensuring
they’re safe.

o Keeps your data safe: It can stop unauthorized access to sensitive information, like
passwords or bank details.

Importance of firewall
Prevents Unauthorized Access: Firewalls block unauthorized users and malicious traffic from
accessing your system or network.

Blocks Cyberattacks: They defend against common threats like viruses, malware, SQL injections,
and DDoS attacks, ensuring your system remains secure.

Controls Network Traffic: Firewalls filter incoming and outgoing traffic, allowing only safe and
legitimate data while blocking harmful or suspicious activity.

Protects Sensitive Data: They help safeguard personal, financial, and business data, preventing
theft or leakage.

Supports Remote Work Security: Firewalls enable secure remote access through VPNs, ensuring
that employees working from home or other locations stay protected.

Enforces Security Policies: They enforce rules and policies to control access, ensuring that only
authorized users and applications can access specific resources.

Monitors and Logs Activity: Firewalls track and log network traffic, helping identify unusual
activity and responding to potential security incidents.

Firewall components
Packet Filtering:

• Checks small pieces of data (packets) to decide if they should be allowed or blocked based on
set rules.

Stateful Inspection:
 • Keeps track of ongoing connections to ensure that only valid data from trusted sources is
allowed through.

Proxying and NAT (Network Address Translation):

• Hides your internal network’s IP addresses by using a single public address when
communicating with the outside world.

Application Layer Filtering:

• Scans data from specific apps (like web browsers) to block attacks that try to exploit app
vulnerabilities.

Intrusion Detection and Prevention (IDS/IPS):

• IDS looks for suspicious activity and alerts you; IPS actively stops threats in real-time.

Access Control Lists (ACL):

• Decides who can access certain parts of the network based on rules (like specific users or
devices).

Logging and Monitoring:

• Records and tracks all network activity to spot any unusual or dangerous behavior.

VPN Support:

• Provides secure connections for remote users by encrypting their internet traffic, protecting
data from being intercepted.

Limitation of firewall
Can't Stop Internal Threats:

• Firewalls protect from outside attacks, but they can't stop problems or attacks from people
already inside the network (like employees).

Can't Always See Encrypted Traffic:

• Firewalls may not be able to check data that's encrypted (like secure websites), so harmful
activity could hide in it.

Smart Hackers Can Bypass:

• Skilled attackers might find ways to bypass the firewall, using tricks like VPNs or special tools
to hide their actions.

Can Slow Down the Network:

• Firewalls analyze all incoming and outgoing data, which can slow down the network,
especially if there's a lot of traffic.

May Miss Complex Attacks:

• Basic firewalls might not catch sophisticated attacks targeting specific apps or websites, like
hacking through website forms.
 Needs Proper Setup:

• If a firewall is not set up correctly, it might let bad traffic through or block good traffic,
leaving gaps in protection.

Transaction security
Transaction security means making sure that any sensitive information you share online during a
transaction (like making a purchase or sending money) is kept safe from hackers and fraudsters.

Here's how it works in simple terms:

1. Encryption:

o Your data (like credit card info or passwords) is turned into a secret code so that
only the right person or website can read it.

2. Secure Websites (HTTPS):

o When you see "https://" and a padlock symbol in your browser, it means the
website is secure, and your data is protected during the transaction.

3. Authentication:

o Before making a transaction, websites often ask you to prove who you are (like
entering a password or using a fingerprint). This keeps others from making
transactions on your behalf.

4. Fraud Detection:

o Websites and banks watch for suspicious behavior during transactions (like large,
unexpected purchases) to stop fraud in real-time.

5. Payment Gateways:

o These are services that safely handle online payments. They use security measures
to protect your payment details when you buy something online.

Factors to consider in firewall design

When designing a firewall, think about:

• What you're protecting and from whom.

• How much traffic your network handles.

• How to keep things fast without slowing down.

• Where to position the firewall for best protection.

• Who needs access to different parts of the network.

• Will the firewall grow as your network grows.

• Monitoring and backup for tracking and reliability.

• The cost and how easy it is to use.

 Emerging client server
Emerging Models:

• Cloud Computing: Resources are hosted over the internet.

• Microservices: Apps are broken into small services for easier management.

• Edge Computing: Processing is done closer to the client to reduce delays.

• Serverless: Code runs without managing servers.

• APIs: Easy communication between different software systems.

• Mobile & IoT: Clients are now smartphones, wearables, and devices.

• Hybrid and Multi-Cloud: Combining multiple cloud services for flexibility.

• AI Servers: Special servers designed for AI and machine learning tasks.

Network security
Network security is about protecting your network and data from threats and attacks. This
includes things like using firewalls, encrypting data, using antivirus software, and ensuring only
authorized people can access important information. It's all about keeping your systems safe,
private, and running smoothly.