Scribd
Upload
16 views3 pages

Web Security & Block Cipher Basics

block cipher in cryptography and cyber secutiy

Uploaded by

lavanyapost123
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
16 views3 pages

Web Security & Block Cipher Basics

block cipher in cryptography and cyber secutiy

Uploaded by

lavanyapost123
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

A block cipher is a method of encryption where a fixed-size block of plaintext data (e.g.

, 64
bits or 128 bits) is encrypted at a time, producing a block of ciphertext of the same size.
Block ciphers work by dividing a large message into chunks of the specified block size and
then encrypting each block individually. Common block cipher algorithms include AES
(Advanced Encryption Standard) and DES (Data Encryption Standard).

How Block Ciphers Work

1. Plaintext Block Division: The input data is divided into blocks of a fixed size (e.g.,
128 bits).
2. Encryption with Key: Each block is encrypted using a symmetric key (the same key
is used for encryption and decryption).
3. Output of Ciphertext: The encrypted blocks are combined to form the full
ciphertext.

Modes of Operation

Block ciphers often use modes of operation to enhance security and handle data larger than a
single block. Some common modes are:

 ECB (Electronic Codebook): Encrypts each block independently.


 CBC (Cipher Block Chaining): Uses a chaining mechanism to link blocks for added
security.
 CFB (Cipher Feedback) and OFB (Output Feedback): Convert block ciphers into
stream ciphers.

Advantages

 Security: Offers strong encryption, especially in modes like CBC.


 Versatility: Different modes suit various applications.
 Pattern Resistance: Modes like CBC add randomness, reducing predictability.

Disadvantages

 Complexity: Requires careful implementation and mode selection.


 Fixed Block Size: Needs padding, making variable-length data handling less efficient.
 ECB Vulnerability: ECB mode can expose patterns, making it less secure.

Web security is the practice of protecting websites, web applications, and web services from
cyber threats. It involves securing the underlying infrastructure, data, and processes that
enable web access, with the goal of safeguarding sensitive information, preventing
unauthorized access, and ensuring a safe user experience.

Common Web Security Issues

1. Injection Attacks (SQL, NoSQL, Command Injection)


o Issue: Injection vulnerabilities occur when an attacker can insert malicious
code into a web application’s input fields. SQL injection is a common
example, where attackers manipulate database queries to gain unauthorized
access to data.
o Impact: This can lead to unauthorized data access, data loss, or full system
compromise.
2. Cross-Site Scripting (XSS)
o Issue: XSS vulnerabilities occur when attackers inject malicious scripts into a
trusted website. When a user visits the compromised page, the script executes
in their browser.
o Impact: XSS can lead to session hijacking, defacement of the website, and
theft of sensitive information.
3. Cross-Site Request Forgery (CSRF)
o Issue: CSRF tricks users into unknowingly submitting malicious requests,
often by exploiting their active session with a web application.
o Impact: An attacker can perform actions on behalf of the user, such as making
unauthorized transactions or changing account settings.
4. Broken Authentication and Session Management
o Issue: If authentication and session management mechanisms are not properly
implemented, attackers can hijack sessions or impersonate users.
o Impact: This can lead to account takeover, unauthorized access, and data
theft.
5. Insecure Direct Object References (IDOR)
o Issue: IDOR vulnerabilities occur when an application exposes internal
objects (e.g., database entries or file names) without proper authorization
checks.
o Impact: Attackers can directly access, modify, or delete data they are not
authorized to see.
6. Security Misconfiguration
o Issue: Poorly configured security settings, like default credentials or overly
permissive permissions, can leave applications vulnerable.
o Impact: Attackers can exploit misconfigurations to access sensitive
information, compromise data, or escalate privileges.
7. Sensitive Data Exposure
o Issue: When sensitive information like credit card numbers, passwords, or
personal data is not adequately protected, it becomes vulnerable to
interception or theft.
o Impact: This can lead to identity theft, financial fraud, and privacy violations.
8. Insecure Deserialization
o Issue: Deserialization attacks happen when untrusted or manipulated data is
used to reconstruct objects in an application, potentially leading to arbitrary
code execution.
o Impact: Insecure deserialization can result in data corruption, DoS (Denial of
Service), or complete system compromise.
9. Broken Access Control
o Issue: Weak access control mechanisms can allow unauthorized users to
access restricted data or perform privileged actions.
o Impact: Attackers can gain unauthorized control over sensitive functions or
resources, potentially leading to data breaches.
10. Clickjacking
o Issue: Clickjacking occurs when attackers layer a malicious interface over a
legitimate webpage. Users unknowingly interact with the attacker’s content.
o Impact: Attackers can manipulate users into performing actions they did not
intend, such as granting permissions or making purchases.

You might also like