Fixed images

courses/security/fundamentals.md

@@ -42,7 +42,18 @@
   - Fail securely
     - Applications regularly fail to process transactions for many reasons. How they fail can determine if an application is secure or not.
 
-    ![image2](images/image2.png)
+    ```
+
+    is_admin =  true;
+    try {
+        code_which_may_faile();
+         is_admin = is_user_assigned_role("Adminstrator");
+    }
+    catch (Exception err) {
+    log.error(err.toString());
+    }
+
+    ```
     - If either codeWhichMayFail() or isUserInRole fails or throws an exception, the user is an admin by default. This is obviously a security risk.
 
   - Don’t trust services
@@ -102,11 +113,19 @@
 
 - Ciphers are the cornerstone of cryptography. A cipher is a set of algorithms that performs encryption or decryption on a message. An encryption algorithm (E) takes a secret key (k) and a message (m), and produces a ciphertext (c). Similarly, a Decryption algorithm (D) takes a secret key (K) and the previous resulting Ciphertext (C). They are represented as follows:
 
-    ![image3](images/image3.png)
+```
+
+E(k,m) = c
+D(k,c) = m
+
+```
 
 - This also means that in order for it to be a cipher, it must satisfy the consistency equation as follows, making it possible to decrypt.
 
-    ![image4](images/image4.png)
+```
+
+D(k,E(k,m)) = m
+```
 
 Stream Ciphers:
 
@@ -286,7 +305,7 @@ Certificate chain
 - What the OpenSSL command line doesn’t show here is the trust store that contains the list of CA certificates trusted by the system OpenSSL runs on.
 - The public certificate of GlobalSign Authority must be present in the system’s trust store to close the verification chain. This is called a chain of trust, and figure below summarizes its behavior at a high level.
 
-    ![image12](images/image12.png)
+    ![image122](images/image122.png)
 
 - High-level view of the concept of chain of trust applied to verifying the authenticity of a website. The Root CA in the Firefox trust store provides the initial trust to verify the entire chain and trust the end-entity certificate.
 
@@ -305,8 +324,6 @@ At the end of the handshake, both parties possess a secret session key used to e
 - TLS 1.0 was released in 1999, making it a nearly two-decade-old protocol. It has been known to be vulnerable to attacks—such as BEAST and POODLE—for years, in addition to supporting weak cryptography, which doesn’t keep modern-day connections sufficiently secure.
 - TLS 1.1 is the forgotten “middle child.” It also has bad cryptography like its younger sibling. In most software it was leapfrogged by TLS 1.2 and it’s rare to see TLS 1.1 used.
 
-    ![image13](images/image13.png)
-
 ### “Perfect” Forward Secrecy
 
 - The term “ephemeral” in the key exchange provides an important security feature mis-named perfect forward secrecy (PFS) or just “Forward Secrecy”.

courses/security/network_security.md

@@ -142,7 +142,10 @@ Let us see how we keep a check on the perimeter i.e the edges, the first layer o
 - Nmap is often used to determine alive hosts in a network, open ports on those hosts, services running on those open ports, and version identification of that service on that port.
 - More at http://scanme.nmap.org/
 
-   ![image16](images/image16.png)
+```
+nmap [scan type] [options] [target specification]
+```
+
 
 Nmap uses 6 different port states:
 
@@ -413,8 +416,17 @@ TCP Flags
   ![image20](images/image20.png)
 
   - Abuse of the normal operation or settings of these flags can be used by attackers to launch DoS attacks. This causes network servers or web servers to crash or hang.
-  ![image21](images/image21.png)
-  - The attacker's ultimate goal is to write special programs or pieces of code that are able to construct these illegal combinations resulting in an efficient DoS attack.
+
+```
+| SYN  | FIN  | PSH   | RST  | Validity|  
+|------|------|-------|------|---------|
+| 1    |1     |0      |0     |Illegal Combination
+| 1    |1     |1      |0     |Illegal Combination
+| 1    |1     |0      |1     |Illegal Combination
+| 1    |1     |1      |1     |Illegal Combination
+```
+
+- The attacker's ultimate goal is to write special programs or pieces of code that are able to construct these illegal combinations resulting in an efficient DoS attack.
 
 SYN FLOOD
 

courses/security/threats_attacks_defences.md

@@ -44,7 +44,6 @@ the typical time to live (TTL) for cached entries is a couple of hours, thereby
   - Blackhole routes are best defence against many common viral attacks where the traffic is dropped from infected machines to/from command & control masters.
   - Infamous BGP Injection attack on Youtube
 
-  ![image24](images/image24.png)
 - EX: In 2008, Pakistan decided to block YouTube by creating a BGP route that led into a black hole. Instead this routing information got transmitted to a hong kong ISP and from there accidentally got propagated to the rest of the world meaning millions were routed through to this black hole and therefore unable to access YouTube.
 - Potentially, the greatest risk to BGP occurs in a denial of service attack in which a router is flooded with more packets than it can handle. Network overload and router resource exhaustion happen when the network begins carrying an excessive number of BGP messages, overloading the router control processors, memory, routing table and reducing the bandwidth available for data traffic.
 - Refer : <https://medium.com/bugbountywriteup/bgp-the-weak-link-in-the-internet-what-is-bgp-and-how-do-hackers-exploit-it-d899a68ba5bb>
@@ -101,7 +100,16 @@ BGP Security
 - A successful exploit will allow attackers to access, modify, or delete information in the database.
 - It permits attackers to steal sensitive information stored within the backend databases of affected websites, which may include such things as user credentials, email addresses, personal information, and credit card numbers
 
-  ![image25](images/image25.png)
+```
+SELECT USERNAME,PASSWORD from USERS where USERNAME='<username>' AND PASSWORD='<password>';
+
+Here the username & password is the input provided by the user. Suppose an attacker gives the input as " OR '1'='1'" in both fields. Therefore the SQL query will look like:
+
+SELECT USERNAME,PASSWORD from USERS where USERNAME='' OR '1'='1' AND PASSOWRD='' OR '1'='1';
+
+This query results in a true statement & user gets logged in. This example depicst the bost basic type of SQL injection
+```
+
 
 ### SQL Injection Attack Defenses