Security audit is a manual or systematic measurable technical assessment of a system or application. Manual assessments include interviewing staff, performing security vulnerability scans, reviewing application and operating system access controls and analyzing physical access to the systems. Automated assessments include system generated audit reports or using software to monitor and report changes to files and settings on a system. Systems can include personal computers, servers, mainframes, network routers, switches.
In today's cyber world, denial of service attack is an attempt to make a computer or network resource unavailable to its intended users. A distributed denial of service (DDoS) attack is a variant of such an attack and it employs two or more attacking computers from different sources to overwhelm the target with bogus traffic. The common motivations behind a DDoS attack are extortion, disruption of a competitor’s reputation, hacktivism, etc. Basically, DDoS attacks attempt to consume both network bandwidth and server resources of the targeted organization. Large scale DDoS attacks are often performed by botnets which can co-opt numerous infected computers and which usually spread across different points around the world to unwittingly participate in the attacks.
A vulnerability assessment process that is intended to identify threats and the risks they pose, typically involves the use of automated testing tools such as network security scanners and the results are provided in a vulnerability assessment report. Organizations of any size or even individuals who face an increased risk of cyber-attacks, can benefit from some form of vulnerability assessment but large enterprises and other types of organizations that are subjected to ongoing attacks will benefit the most from vulnerability analysis because security vulnerabilities can enable hackers to access IT systems and applications. It is essential for enterprises to identify and remediate weaknesses before they can be exploited. A comprehensive vulnerability assessment, along with a management program, will assist companies to improve the security of their systems.
In the context of information security, this refers to the psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud or system access; it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.
Organizations need a Web application scanning solution that can scan for security loopholes in web-based applications to prevent would-be hackers from gaining unauthorized access to corporate information and data. Web applications are proving to be the weakest link in overall corporate security even though companies have left no stone unturned in installing the better-known network security and anti-virus solutions. Quick to take advantage of this vulnerability, hackers have now begun to use web applications as a platform for gaining access to corporate data and consequently, the regular use of a web application scanner is essential.