|
Home - White Papers | |
|
|
WHITE PAPERS
API Security: Threats, Best Practices, Challenges, and Way forward using AI --by CSIRT-Fin, CERT-In and Mastercard |
An Application Programming Interface (API) is a data connection allowing data to be shared with other applications. They can be viewed as digital middlemen between organisations / enterprises and platforms that need to access data for driving innovation, increasing reach, discover new business models, increase partner network, etc. |
|
|
INDIA RANSOMWARE REPORT for H1-2022 --by CERT-In |
This report covers the ransomware latest tactics and techniques along with sector wise trends observed in the first half of year-2022, specific to Indian cyber space. |
|
|
Case Study- CICS-2010-01 --Bhupendra Singh Awasya |
Mariposa Botnet (Autorun/Palevo/Rimecud) |
|
|
Case Study- CICS-2009-01 --Bhupendra Singh Awasya And S. S. Sarma |
Series of Mass iFrame injection on Websites - Serving Blended Malware |
|
|
Case Study- CICS-2008-02 --Pankaj Sharma And S.S.Sarma |
Website compromise and launch of further attacks by exploiting SQL injection Vulnerability |
|
|
Case Study- CICS-2008-01 --S.S.Sarma And Rashmi Singh |
Website compromise and launch of further attacks by exploiting PHP Remote File Injection Vulnerability |
|
|
Analysis of Phishing Incidents year-2007 --Anil Sagar and Rashmi Singh |
Phishing is a fast growing financial fraud prevailing across the globe. This document provides analysis of phishing incidents reported to CERT-In during the year 2007. The phishing incidents described in the document includes the cases in which either the phishing websites are hosted in India or domain registrant belongs to India. The document provides details on the incidents analyzed, targeted sectors, brands hijacked etc. |
|
|
Analysis of defaced Indian websites year-2006 --S S Sarma and Garima Narayan |
The primary objective of this paper is to present the detailed statistical analysis of defaced Indian websites during year 2006. In the year 2006 a total no. of 5211 Indian websites were defaced , on an average of about 14 websites per day. |
|
|
Analysis of Phishing Incidents year-2006 --Anil Sagar and Rashmi Singh |
Phishing is a fast growing financial fraud prevailing across the globe. This document provides analysis of phishing incidents reported to CERT-In during the year 2006. The phishing incidents described in the document includes the cases in which either the phishing websites are hosted in India or domain registrant belongs to India. The document provides details on the incidents analyzed, targeted sectors, brands hijacked etc. |
|
|
Analysis of defaced Indian websites year-2006 (till June) --Garima Narayan |
The primary objective of this paper is to present the detailed statistical analysis of defaced Indian websites during first half of year 2006. This paper is an extension to the earlier white papers Analysis of Defaced Indian websites under .in ccTLD. The data used in this analysis has been collected primarily from defacement mirror: zone-h. |
|
|
Analysis of defaced Indian websites year-2005 --Ashish Gairola and Garima Narayan |
The primary objective of this paper is to present the detailed statistical analysis of defaced Indian websites during year 2005. This paper is an extension to the earlier white papers Analysis of Defaced Indian websites under .in ccTLD. This paper emphasizes on the defacement trends of the year 2005. |
|
|
SQL Injection Techniques & Countermeasures --Pankaj Sharma |
SQL injection is a technique of passing SQL query into an application for malicious purpose. SQL injection vulnerability occurs when a program processes data in a database query without proper input validation. The objective of this paper is to educate users about the techniques which could be used by the malicious people to exploit vulnerable web applications. The paper also discuss about the countermeasures against the SQL injection vulnerability. |
|
|
Botnet : An Overview --Basudev Saha and Ashish Gairola |
Botnets are network of compromised machines under the control of attackers. These days botnets have become a popular medium for performing malicious activities ranging from information stealing to using as a launching pad for distributed attack. This paper discusses about botnets, their control mechanism and ways to defend against bot infection. |
|
|
An Analysis of Cabir Mobile Phone Virus --Jayanta Parial |
A significant development in 2004 was the arrival of the mobile phone virus. It was talked about for a long time but the first virus that spreads from mobile to mobile phone was detected in June 2004.Even though the virus is considered as proof of concept and has not gone beyond the excessive battery drainage stage, it is a pointer to the direction of events in the malicious code of the future. Following is a attempt to summarize the activity of mobile phone virus till date. |
|
|
Phishing Attacks and Countermeasures --Anil Sagar |
Phishing is a wide spread financial scam which employs techniques to gain personal information for purposes of identity theft, using fraudulent e-mail messages that appear to come from legitimate businesses. These authentic-looking messages are designed to fool recipients into divulging personal data such as account numbers and passwords, credit card numbers and Social Security numbers. This paper discusses various issues related to phishing attacks, trends and technical solutions to counter phishing attacks. |
|
|
An Overview of SPAM : Impact and Countermeasures --Valsa Raj Uchamballi, Sabyasachi Chakarbarty and Basudev Saha |
Unsolicited mail, popularly termed as spam has become an issue of great concern. Besides legislative controls, various technical methods are being used and new methods are being formalized for controlling spam. But they have not been successful in eradicating spam. This paper discusses various issues related to spam including spam trends, its impact and various spam prevention techniques. An emphasis has been made on the best practices to be adhered by ISPs, mail service providers and end users. Future proposed technologies have also been discussed. |
|
|
Open Proxy Servers --Sabyasachi Chakarbarty and Basudev Saha |
Open Proxy Servers are widely prevalent on the Internet and are being misused by malicious users to route traffic bypassing network controls. Open Proxy Servers are major sources of Spam on the Internet and are also used to launch attacks on other systems. This paper is an attempt to educate users and network administrators on Open Proxy Servers and its impact on network security. |
|
|
Analysis of Defaced Indian websites under .in ccTLD for year 2004 --Sabyasachi Chakarbarty and Basudev Saha |
This whitepaper is an attempt to analyse publicly reported defaced Indian websites under .in ccTLD. It attempts to collect the publicly available data on various defacement mirrors and analyze them to identify various issues and trends. |
|
|
Analysis of MyDoom@mm Virus --CERT-In |
The purpose of this document is to provide a detailed analysis of the MyDoom@mm virus. The detailed analysis of malware and its impact on a system is a step towards understanding threats posed against organizations and individuals. The report tries to present a detailed analysis of the malware to help other security administrators and custodians to understand its impact on the organization and take effective remedial measures and minimize losses. |
|
|
|
|
|
Note: The information provided by CERT-In website is available in Portable Document Format (PDF). To view this information conveniently, download the Adobe Acrobat Reader here.
|
|
"Install genuine and updated software
to strengthen your online safety and security" |
|
|
|
|