DEV Community: Jahin Justin

VA & PM

Jahin Justin — Tue, 14 Nov 2023 07:43:29 +0000

Day 1

Threat actor - Intruder

Cyber Terrorists (Red team)
Govt sponsored (Blue)
Cyber Criminals (RT)
Hacktivists (Gray) 5, Script Kiddies
Insiders ()

Vulnerabilities:
1.Configuration -
2.Credential -
3.Patch - Using out of date software (Outdated components)
4.Zero - day - Log4j & Follina

Lockhead Martin Cyber kill chain

Reconnaissance
Weaponization ---- Stealing Codes
Delivery
Exploitation
Installation
Command and Control
Actions on Intent - Wanna cry

The WannaCry Kill chain Breaker

Eternal Blue - Vulnerability in microsoft duwe to the SMB version 1.0.

Session 2

Vulnerability: is an weakness in a product that could allow an attacker to compromise the integrity, availability or confidentiality of an product

CIA Triad:
Integrity - data has not modified
Availability - Backup and accessibility of data
Confidentiality - keeping the data secured

Non-security patch: is an software update aimed at improving the product's functionality, resolving non-security related issues by introducing new features or optimization

Security patch: Is a software update designed to rectify vulnerabilities and enhance security by addressing weakness in a product and safeguarding the CIA Triad

Common vulnerabilities and Exposures (CVE) -

Independently fixable - Can be fixed independently 2.. Vendor awknowledged -
Affects one code base

Common Vulnerability Scoring System (CVSS) -

CVE and CVSS are used internationally

Log4j - affects applications working on java
CVE-2021-44228
CVSS 10.0

Configuration Vuln: Is an unsafe set of configuration in an product that could allow an attacker to compromise CIA triad

BlueKeep: Windows Remote Desktop Protocol - worm-able
CVE -2019-0708
CVSS 9.8

Vuln Lifecycle

Discovery - (Penetration Testers) - finding the Vuln
Mitigation - () - reducing the risk
Remediation - () - trying to resolve them

Petya - wannacry

Drive - by - attacks == bad rabbit

Session 3 - intelligent endpoint patching

intelligent endpoint -- An endpoint that is capable of safely self performing IT management tasks without direct administrator intervention or supervision.

Safe Automation:
Independent Automation:
Timely Automation:

Traditional stages of compliance

Mean time to resolve
Equation, Values, MTTR

Architectural Recruitment

Agent-ed solution
Bidirectional Communication
Persistent Connect ability
Flexible Instructions
Cross Platform Integrations

Intelligent Endpoint Continuous Compliance:

CIS bench mark

Session 4 - Regulation and Compliance

ISO 27001 - GDPR - universal standards
IT ACT - DPDP - Indian Standards

Regulatory controls

Defining requirements
Implementing controls
Monitoring Compliance
Reporting
Continuous Improvement

Risk Management

attack surface mangement

//Equifax Breach - 2017
Risk Transference
Risk mitigation
Risk Acceptance

Insecure Design

Jahin Justin — Sun, 12 Nov 2023 05:45:42 +0000

When designing applications, developers are recommended to use secure design patterns, diligently planned threat modeling, and reference architectures that keep the application free of security gaps.

Lack of effective security controls in the design phase often results in an application being susceptible to many weaknesses, collectively known as insecure design vulnerabilities.

What is insecure design?

Insecure design typically refers to the development of systems, products, or applications that have vulnerabilities or weaknesses that can be exploited by attackers. It can encompass a range of issues related to the design phase of a project, where decisions about architecture, functionality, and security features are made. Insecure design can lead to various security risks and threats.

Threats in Insecure design

When developers, QA, and/or security teams neglect to foresee and assess risks in the code design stage, insecure design flaws result. These vulnerabilities also result from application designers failing to follow security best practices. Consistent threat modeling is necessary to mitigate design vulnerabilities as the threat landscape changes and to stop known attack techniques. Architectural defects like this are hard to find and fix without a secure design.

Threats in Insecure Design:

Unauthorized Access:
- Weak authentication
- Inadequate authorization
- Absence of multi-factor authentication
Injection Attacks:
- Poor input validation
- Lack of parameterized queries
- Vulnerability to SQL injection, XSS, and command injection
Data Breaches:
- Insufficient data protection
- Weak or no encryption
- Storage of sensitive data in plaintext
Denial of Service (DoS) Attacks:
- Lack of proper rate limiting
- Resource exhaustion vulnerabilities
- Failure to handle unexpected traffic spikes
Insecure Direct Object References (IDOR):
- Poorly implemented access controls
- Manipulation of references to gain unauthorized access
- Accessing or modifying data through URL or form field manipulation
Man-in-the-Middle (MITM) Attacks:
- Insecure communication channels
- Lack of encryption or weak encryption protocols
- Unauthenticated connections vulnerable to interception
Security Misconfigurations:
- Improperly configured systems or applications
- Default credentials
- Unnecessary services running
- Excessive permissions or misconfigured security settings
Security Bypass:
- Circumventing authentication mechanisms
- Exploiting design flaws in access controls
Elevation of Privilege:
- Exploiting design flaws to escalate privileges
- Gaining unauthorized access to higher levels of control

How to Prevent Insecure Design Vulnerabilities?

Teams of developers should use proven design patterns and factual design approaches in the application design process. To lower the application security risk associated with their workload, each team member should have access to threat models, tested component libraries, and security tools. It is recommended that security teams be involved from the outset of the development process and kept informed during the phases of development, integration, and deployment.

Establish Continuous Unit and Integration Tests
Enforce Granular Requirements and Resource Management
Implement System and Network Layer Tier Segregation

Impacts of Insecure Design

Consequences of attacks on insecure design vulnerabilities vary depending on the scope of the attack, the data exposed, and the duration it continues till detection. Potential impacts of a successful exploit include:

User and system enumeration
Complete account takeover
System and data breaches
Denial of service by spoofing a server with multiple requests
Privilege escalation for compromised, low-privilege accounts
The execution of other attacks such as cross-site scripting, cross-site request forgery, and path transversal

Examples of Insecure Design Vulnerabilities

Verbose Error Message Leading to Path Transversal
Injection As a Trust Boundary Violation Vulnerability

Happy Hacking

Happy learning

Introduction to Pathology

Jahin Justin — Thu, 02 Nov 2023 19:12:34 +0000

DEFINITION OF PATHOLOGY
The word ‘Pathology’ is derived from two Greek words—pathos
meaning suffering, and logos meaning study. Pathology is, thus,
scientific study of structure and function of the body in disease;
or in other words, pathology consists of the abnormalities that
occur in normal anatomy (including histology) and physiology
owing to disease. Another commonly used term with reference
to study of diseases is ‘pathophysiology’ comprised by two words:
patho=suffering; physiology=study of normal function.
Pathophysiology, thus, includes study of disordered function
or breakdown of homeostasis in diseases. Pathologists are the
diagnosticians of disease. Therefore, knowledge and
understanding of pathology is essential for all would-be doctors,
general medical practitioners and specialists since unless they
know the causes, mechanisms, nature and type of disease, and
understand the language spoken by the pathologist in the form
of laboratory reports, they would not be able to institute
appropriate treatment or suggest preventive measures to the
patient. For the student of any system of medicine, the discipline
of pathology forms a vital bridge between initial learning phase
of preclinical sciences and the final phase of clinical subjects.
Remember the prophetic words of one of the eminent founders
of modern medicine in late 19th and early 20th century, Sir
William Osler, “Your practice of medicine will be as good as
your understanding of pathology.”

HEALTH AND DISEASE
Before there were humans on earth, there was disease, albeit in
early animals. Since pathology is the study of disease, then what
is disease? In simple language, disease is opposite of health i.e.
what is not healthy is disease. Health may be defined as a
condition when the individual is in complete accord with the
surroundings, while disease is loss of ease (or comfort) to the
body (i.e. dis-ease). However, it must be borne in mind that in
health there is a wide range of ‘normality’ e.g. in height, weight,
blood and tissue chemical composition etc. It also needs to be
appreciated that at cellular level, the cells display wide range
of activities within the broad area of health similar to what is
seen in diseased cells. Thus, health and disease are not absolute
but are considered as relative states.
A term commonly confused with disease is illness. While
disease suggests an entity with a cause, illness is the reaction
of the individual to disease in the form of symptoms
(complaints of the patient) and physical signs (elicited by
the clinician). Though disease and illness are not separable,
the study of diseases is done in pathology while the learning
and management of illnesses is done in wards and clinics.
In addition to disease and illness, there are syndromes
(meaning running together) characterised by combination
of symptoms caused by altered physiologic processes.

TERMINOLOGY IN PATHOLOGY
It is important for a beginner in pathology to be familiar
with the language used in pathology:
Patient is the person affected by disease.
Lesions are the characteristic changes in tissues and cells
produced by disease in an individual or experimental
animal.
Pathologic changes or morphology consist of examination
of diseased tissues.
Pathologic changes can be recognised with the naked
eye (gross or macroscopic changes) or studied by microscopic
examination of tissues.
Causal factors responsible for the lesions are included
in etiology of disease (i.e. ‘why’ of disease).
Mechanism by which the lesions are produced is termed
pathogenesis of disease (i.e. ‘how’ of disease).
Functional implications of the lesion felt by the patient
are symptoms and those discovered by the clinician are the
physical signs.
Clinical significance of the morphologic and functional
changes together with results of other investigations help
to arrive at an answer to what is wrong (diagnosis), what is
going to happen (prognosis), what can be done about it
(treatment), and finally what should be done to avoid
complications and spread (prevention) (i.e. ‘what’ of disease).

EVOLUTION OF PATHOLOGY
Pathology as the scientific study of disease processes has
its deep roots in medical history. Since the beginning of
mankind, there has been desire as well as need to know more
about the causes, mechanisms and nature of diseases. The
answers to these questions have evolved over the centuries—
from supernatural beliefs to the present state of our
knowledge of modern pathology. However, pathology is not
separable from other multiple disciplines of medicine and
owes its development to interaction and interdependence on
advances in diverse neighbouring branches of science, in
addition to the strides made in medical technology. As we
shall see in the pages that follow, pathology has evolved over
the years as a distinct discipline from anatomy, medicine and
surgery, in that sequence.
The brief review of fascinating history of pathology and
its many magnificent personalities with their outstanding
contribution in the opening pages of the book is meant to pay
our obeisance to those great personalities who have laid
glorious foundations of our speciality. Life and works of those
whose names are mentioned below are linked to some disease
or process—the aim being to stimulate the inquisitive beginner
in pathology as to how this colourful specialty has emerged.

Present-day knowledge of primitive culture prevalent in the
world in prehistoric times reveals that religion, magic and
medical treatment were quite linked to each other in those
times. The earliest concept of disease understood by the
patient and the healer was the religious belief that disease
was the outcome of ‘curse from God’ or the belief in magic
that the affliction had supernatural origin from ‘evil eye of
spirits.’ To ward them off, priests through prayers and
sacrifices, and magicians by magic power used to act as faithhealers and invoke supernatural powers and please the gods.
Remnants of ancient superstitions still exist in some parts of
the world. The link between medicine and religion became
so firmly established throughout the world that different
societies had their gods and goddesses of healing; for example:
mythological Greeks had Asclepios and Apollo as the principal
gods of healing, Dhanvantri as the deity of medicine in India,
and orthodox Indians’ belief in Mata Sheetala Devi as the pox
goddess.
The period of ancient religious and magical beliefs was
followed by the philosophical and rational approach to disease
by the methods of observations. This happened at the time
when great Greek philosophers—Socrates, Plato and Aristotle,
introduced philosophical concepts to all natural phenomena.
But the real practice of medicine began with Hippocrates
(460–370 BC), the great Greek clinical genius of all times and
regarded as ‘the father of medicine’ (Fig. 1.1). Hippocrates
followed rational and ethical attitudes in practice and teaching
of medicine as expressed in the collection of writings of that
era. He firmly believed in study of patient’s symptoms and
described methods of diagnosis. The prevailing concept of
mechanism of disease based on disequilibrium of four basic
humors (water, air, fire, and earth) was propagated by
Hippocates too. He recorded his observations on cases in
writing which remained the mainstay of medicine for nearly
two thousand years (Hippocratic aphorism). Some of the
major Hippocratic methods can be summarised as under:
Observe all objectively.
Study the patient rather than the disease.
Evaluate honestly.
Assist nature.
Hippocrates introduced ethical concepts in the practice
of medicine and is revered by the medical profession by taking
‘Hippocratic oath’ at the time of entry into practice of medicine.
Greek medicine after Hippocrates reached Rome (now
Italy), which controlled Greek world after 146 BC and therefore
dominated the field of development of medicine in ancient
Europe then. In fact, since ancient times, many tonguetwisting terminologies in medicine have their origin from
Latin language which was the official language of countries
included in ancient Roman empire (Spanish, Portugese,
Italian, French and Greek languages have their origin from
Latin).
Hippocratic teaching was propagated in Rome by Roman
physicians, notably by Cornelius Celsus (53 BC-7 AD) and
Cladius Galen (130–200 AD). Celsus first described four cardinal
signs of inflammation—rubor (redness), tumor (swelling),
calor (heat), and dolor (pain). Galen postulated humoral
theory, later called Galenic theory. This theory suggested that
the illness resulted from imbalance between four humors (or
body fluids): blood, lymph, black bile (believed to be from
the spleen), and biliary secretion from the liver.
The hypothesis of disequilibrium of four elements constituting the body (Dhatus) similar to Hippocratic doctrine finds
mention in ancient Indian medicine books compiled about
200 AD—Charaka Samhita, a finest document by Charaka on
Figure 1.1 Hippocrates (460-370 BC). The great Greek clinical
genius and regarded as ‘the father of medicine’. He introduced ethical
aspects to medicine
medicine listing 500 remedies, and Sushruta Samhita, similar
book of surgical sciences by Sushruta, and includes about 700
plant-derived medicines.
The end of Medieval period was marked by backward
steps in medicine. There were widespread and devastating
epidemics which reversed the process of rational thinking
again to supernatural concepts and divine punishment for
‘sins.’ The dominant belief during this period was that life
was due to influence of vital substance under the control of
soul (theory of vitalism). Thus, dissection of human body was
strictly forbidden as that would mean hurting the ‘soul.’
FROM HUMAN ANATOMY TO ERA OF
GROSS PATHOLOGY (AD 1500 to 1800)
The backwardness of Medieval period was followed by the
Renaissance period i.e. revival of leaning. The Renaissance
began from Italy in late 15th century and spread to whole of
Europe. During this period, there was quest for advances in
art and science. Since there was freedom of thought, there
was emphasis on philosophical and rational attitudes again.
The beginning of the development of human anatomy
took place during this period with the art works and drawings
of human muscles and embryos by famous Italian painter
Leonardo da Vinci (1452–1519). Dissection of human body was
started by Vesalius (1514–1564) on executed criminals. His
pupils, Gabriel Fallopius (1523–1562) who described human
oviducts (Fallopian tubes) and Fabricius who discovered
lymphoid tissue around the intestine of birds (bursa of
Fabricius) further popularised the practice of human anatomic
dissection for which special postmortem amphitheatres came
in to existence in various parts of ancient Europe (Fig. 1.2).
Antony van Leeuwenhoek (1632–1723), a cloth merchant by
profession in Holland, during his spare time invented the first
ever microscope by grinding the lenses himself through which
he recognised male spermatozoa as tiny preformed men (or
“homunculi”) and blood corpuscles. He also introduced
histological staining in 1714 using saffron to examine muscle
fibres.
Marcello Malpighi (1624–1694) used microscope extensively
and observed the presence of capillaries and described the
malpighian layer of the skin, and lymphoid tissue in the spleen
(malpighian corpuscles). Malpighi is known as ‘the father of
histology.’
The credit for beginning of the study of morbid anatomy
(pathologic anatomy), however, goes to Italian anatomistpathologist, Giovanni B. Morgagni (1682–1771). Morgagni was
an excellent teacher in anatomy, a prolific writer and a
practicing clinician. By his work, Morgagni demolished the
ancient humoral theory of disease and published his life-time
experiences based on 700 postmortems and their
corresponding clinical findings. He, thus, laid the foundations
of clinicopathologic methodology in the study of disease and
introduced the concept of clinicopathologic correlation (CPC),
establishing a coherent sequence of cause, lesions, symptoms,
and outcome of disease (Fig. 1.3).
Sir Percival Pott (1714–1788), famous surgeon in England,
identified the first ever occupational cancer in the chimney
sweeps in 1775 and discovered chimney soot as the first
carcinogenic agent. However, the study of anatomy in
England during the latter part of 18th Century was
dominated by the two Hunter brothers: John Hunter (1728–
1793), a student of Sir Percival Pott, rose to become greatest
surgeon-anatomist of all times and he, together with his elder
brother William Hunter (1718–1788) who was a reputed
anatomist-obstetrician (or man-midwife), started the first
ever museum of pathologic anatomy. John Hunter made a
collection of more than 13,000 surgical specimens from his
flourishing practice, arranged them into separate organ
systems, made comparison of specimens from animals and
plants with humans, and included many clinical pathology
specimens as well, and thus developed the first museum of
comparative anatomy and pathology in the world which
became the Hunterian Museum, now housed in Royal
College of Surgeons of London (Fig. 1.4). Amongst many
pupils of John Hunter was Edward Jenner (1749–1823) whose
work on inoculation in smallpox is well known. Another
prominent English pathologist was Matthew Baillie (1760–
1823), nephew of Hunter brothers, who published first-ever
systematic textbook of morbid anatomy in 1793. The era of
gross pathology had three more illustrious and brilliant
physician-pathologists in England who were colleagues at
Guy’s Hospital in London:
Richard Bright (1789–1858) who described nonsuppurative nephritis, later termed glomerulonephritis or
Bright’s disease;
Thomas Addison (1793–1860) who gave an account of
chronic adrenocortical insufficiency termed Addison’s
disease; and
Thomas Hodgkin (1798–1866), who observed the complex
of chronic enlargement of lymph nodes, often with
enlargement of the liver and spleen, later called Hodgkin’s
disease.
Towards the end of 18th century, Xavier Bichat
(1771–1802) in France described that organs were composed
of tissue and divided the study of morbid anatomy into
General Pathology and Systemic Pathology. R.T.H. Laennec
(1781–1826), another French physician, dominated the early
Figure 1.2 In 16th Century, postmortem amphitheatre in Europe
was a place of learning human anatomic dissection conducted and
demonstrated by professors to eager learners and spectators.

part of 19th century by his numerous discoveries. He
described several lung diseases (tubercles, caseous lesions,
miliary lesions, pleural effusion, bronchiectasis), chronic
sclerotic liver disease (later called Laennec’s cirrhosis) and
invented stethoscope.
Morbid anatomy attained its zenith with appearance of
Carl F. von Rokitansky (1804–1878), self-taught German
pathologist who performed nearly 30,000 autopsies himself.
He described acute yellow atrophy of the liver, wrote an
outstanding monograph on diseases of arteries and
congenital heart defects. Unlike most other surgeons of that
time, Rokitansky did not do clinical practice of surgery but
instead introduced the concept that pathologists should
confine themselves to making diagnosis which became the
accepted role of pathologist later.
ERA OF TECHNOLOGY DEVELOPMENT AND
CELLULAR PATHOLOGY (AD 1800 TO 1950s)
Up to middle of the 19th century, correlation of clinical
manifestations of disease with gross pathological findings
at autopsy became the major method of study of disease.
Sophistication in surgery led to advancement in pathology.
The anatomist-surgeons of earlier centuries got replaced
largely with surgeon-pathologists in the 19th century.
Pathology started developing as a diagnostic discipline
in later half of the 19th century with the evolution of cellular
pathology which was closely linked to technology
advancements in machinery manufacture for cutting thin
sections of tissue, improvement in microscope, and
development of chemical industry and dyes for staining.
The discovery of existence of disease-causing microorganisms was made by French chemist Louis Pasteur
(1822–1895), thus demolishing the prevailing theory of
spontaneous generation of disease and firmly established
germ theory of disease. Subsequently, G.H.A. Hansen
(1841–1912) in Germany identified Hansen’s bacillus as
causative agent for leprosy (Hansen’s disease) in 1873. While
the study of infectious diseases was being made, the concept
of immune tolerance and allergy emerged which formed the
basis of immunisation initiated by Edward Jenner. Ilya
Metchnikoff (1845-1916), a Russian zoologist, introduced the
existence of phenomenon of phagocytosis by human defense
cells against invading microbes.
Developments in chemical industry helped in switch over
from earlier dyes of plant and animal origin to synthetic dyes;
aniline violet being the first such synthetic dye prepared by
Perkin in 1856. This led to emergence of a viable dye industry
for histological and bacteriological purposes. \
Robert Feulgen (1884–1955) who described Feulgen reaction
for DNA staining and laid the foundations of cytochemistry and
histochemistry.
Simultaneous technological advances in machinery
manufacture led to development and upgradation of
microtomes for obtaining thin sections of organs and tissues
for staining by dyes for enhancing detailed study of sections.
Though the presence of cells in thin sections of non-living
object cork had been first demonstrated much earlier by Robert
Hooke in 1667, it was revived as a unit of living matter in the
19th century by F.T. Schwann (1810–1882), the first
neurohistologist, and Claude Bernarde (1813–1878), pioneer in
pathophysiology.
Until the end of the 19th century, the study of morbid
anatomy had remained largely autopsy-based and thus had
remained a retrospective science. Rudolf Virchow (1821–1905) in
Germany is credited with the beginning of microscopic
examination of diseased tissue at cellular level and thus began
histopathology as a method of investigation. Virchow gave two
major hypotheses:
All cells come from other cells.
Disease is an alteration of normal structure and function of
these cells.
Virchow came to be referred as Pope in pathology in Europe
and is aptly known as the ‘father of cellular pathology’
(Fig. 1.6). Thus, sound foundation of diagnostic pathology had
been laid which was followed and promoted by numerous
brilliant successive workers. Thus, knowledge and skill gained
by giving accurate diagnosis on postmortem findings started
being applied to surgical biopsy and thus emerged the discipline
of surgical pathology. Virchow also described etiology of
embolism (Virchow’s triad—slowing of blood-stream, changes
in the vessel wall, changes in the blood itself), metastatic spread
of tumours (Virchow’s lymph node), and components and
diseases of blood (fibrinogen, leukocytosis, leukaemia).
The concept of frozen section examination when the
patient was still on the operation table was introduced by
Virchow’s student, Julius Cohnheim (1839–1884). In fact,
during the initial period of development of surgical
pathology around the turn of the 19th century, frozen
section was considered more acceptable by the surgeons.
Then there was the period when morphologic examination
of cells by touch imprint smears was favoured for diagnostic
purposes than actual tissue sections. Subsequently, further
advances in surgical pathology were made possible by
improved machinery and development of dyes and stains.
The concept of surgeon and physician doubling up in
the role of pathologist which started in the 19th century
continued as late as the middle of the 20th century in most
clinical departments. Assigning biopsy pathology work to
some faculty member in the clinical department was
common practice; that is why some of the notable
pathologists of the first half of 20th century had background
of clinical training e.g. James Ewing (1866–1943), A.P. Stout
(1885–1967) and Lauren Ackerman (1905–1993) in US, Pierre
Masson (1880–1958) in France, and RA Willis in Australia.
A few other landmarks in further evolution of modern
pathology in this era are as follows:
Karl Landsteiner (1863–1943) described the existence of
major human blood groups in 1900 and was awarded Nobel
prize in 1930 and is considered father of blood transfusion
(Fig. 1.7).
Ruska and Lorries in 1933 developed electron microscope
which aided the pathologist to view ultrastructure of cell
and its organelles.
The development of exfoliative cytology for early
detection of cervical cancer began with George N. Papanicolaou
(1883–1962), a Greek-born American pathologist, in 1930s
who is known as ‘father of exfoliative cytology’ (Fig. 1.8).
Figure 1.6 Rudolf Virchow (1821-1905).
German pathologist who proposed cellular
theory of disease.
Figure 1.7 Carl Landsteiner (1863-1943).
An Austrian pathologist who first discovered the
existence of major human blood groups in 1900
and was recipient of Nobel prize in 1930.
Figure 1.8 George N. Papanicolaou
(1883-1962). American pathologist, who
developed Pap test for diagnosis of cancer of
uterine cervix.
FATHER OF CELLULAR PATHOLOGY FATHER OF BLOOD TRANSFUSION FATHER OF EXFOLIATIVE CYTOLOGY

Another pioneering contribution in pathology in the
20th century was by an eminent teacher-author, William
Boyd (1885–1979), psychiatrist-turned pathologist, whose
textbooks—‘Pathology for Surgeons’ (first edition 1925) and
‘Textbook of Pathology’ (first edition 1932), dominated and
inspired the students of pathology all over the world due
to his flowery language and lucid style for about 50 years
till 1970s (Fig. 1.9). M.M. Wintrobe (1901–1986), a pupil of
Boyd who discovered haematocrit technique, regarded him
as a very stimulating teacher with keen interest in the
development of museum.
MODERN PATHOLOGY (1950s TO PRESENT TIMES)
The strides made in the latter half of 20th century until the
beginning of 21st century have made it possible to study
diseases at molecular level, and provide an evidence-based
and objective diagnosis and enable the physician to institute
appropriate therapy. The major impact of advances in
molecular biology are in the field of diagnosis and treatment
of genetic disorders, immunology and in cancer. Some of
the revolutionary discoveries during this time are as under
(Fig. 1.10):
Description of the structure of DNA of the cell by Watson
and Crick in 1953.
Identification of chromosomes and their correct number
in humans (46) by Tijo and Levan in 1956.
Identification of Philadelphia chromosome t(9;22) in
chronic myeloid leukaemia by Nowell and Hagerford in 1960
as the first chromosomal abnormality in any cancer.
In Situ Hybridization introduced in 1969 in which a
labelled probe is employed to detect and localize specific
RNA or DNA sequences ‘in situ’ (i.e. in the original place).
Recombinant DNA technique developed in 1972 using
restriction enzymes to cut and paste bits of DNA.
In 1983, Kary Mullis introduced polymerase chain reaction
(PCR) i.e. “xeroxing” DNA fragments which revolutionised
the diagnostic molecular genetics.
Flexibility and dynamism of DNA invented by Barbara
McClintock for which she was awarded Nobel prize in 1983.
Figure 1.9 William Boyd (1885-1979). Canadian pathologist and
eminent teacher of pathology who was a pioneering author of textbooks of
pathology which have been read all over the world by students of pathology
and surgery for over 50 years.
Figure 1.10 Molecular structure of human chromosome.
In 1997, Ian Wilmut and his colleagues at Roslin Institute in
Edinburgh, successfully used a technique of somatic cell nuclear
transfer to create the clone of a sheep; the cloned sheep was
named Dolly. This has set in the era of mammalian cloning.
Reproductive cloning for human beings, however, is very risky
besides being absolutely unethical.
In 1998, researchers in US found a way of harvesting stem
cells, a type of primitive cells, from embryos and maintaining
their growth in the laboratory, and thus started the era of stem
cell research. Stem cells are seen by many researchers as having
virtually unlimited application in the treatment of many human

diseases such as Alzheimer’s disease, diabetes, cancer, strokes,
etc. There are 2 types of sources of stem cells: embryonic stem
cells and adult stem cells. Since embryonic stem cells are more
numerous, therapeutic cloning of human embryos as a source of
stem cells for treating some incurable diseases has been allowed
in some parts of the world. A time may come when by using
embryonic stem cells, insulin-producing cells may be introduced
into the pancreas in a patient of insulin-dependent diabetes
mellitus, or stem cells may be cultured in the laboratory in lieu
of a whole organ transplant. Thus, time is not far when organs
for transplant may be ‘harvested’ from the embryo in lieu of a
whole organ transplant.
In April 2003, Human Genome Project (HGP) consisting of
a consortium of countries, was completed which coincided with
50 years of description of DNA double helix by Watson and
Crick in April 1953. The sequencing of human genome reveals that
human genome contains approximately 3 billion of the base
pairs, which reside in the 23 pairs of chromosomes within the
nucleus of all human cells. Each chromosome contains an
estimated 30,000 genes in the human genome, contrary to the
earlier estimate of about 100,000 genes, which carry the
instructions for making proteins. The HGP gave us the ability
to read nature’s complete genetic blueprint for building each
human being. All this has opened new ways in treating and
researching an endless list of diseases that are currently
incurable. In time to come, medical scientists will be able to
develop highly effective diagnostic tools, to better understand
the health needs of people based on their individual genetic
make-ups, and to design new and highly effective treatments
for disease as well as suggest prevention against disease.
These inventions have set in an era of human molecular
biology which is no longer confined to research laboratories but
is ready for application as a modern diagnostic and therapeutic
tool. Modern day human molecular biology is closely linked to
information technology; the best recent example is the
availability of molecular profiling by cDNA microarrays in which
by a small silicon chip, expression of thousands of genes can be
simultaneously measured.
SUBDIVISIONS OF PATHOLOGY
After a retrospective into the historical aspects of pathology,
and before plunging into the study of diseases in the chapters
that follow, we first introduce ourselves with the branches of
human pathology.
Depending upon the species studied, there are various
disciplines of pathology such as human pathology, animal
pathology, plant pathology, veterinary pathology, poultry
pathology etc. Comparative pathology deals with the study of
diseases in animals in comparison with those found in man.
Human pathology is the largest branch of pathology. It is
conventionally divided into General Pathology dealing with
general principles of disease, and Systemic Pathology that
includes study of diseases pertaining to the specific organs and
body systems. With the advancement of diagnostic tools, the
broad principles of which are outlined in the next chapter, the
speciality of pathology has come to include the following
subspecialities:
A. HISTOPATHOLOGY. Histopathology, used synonymously
with anatomic pathology, pathologic anatomy, or morbid
anatomy, is the classic method of study and still the most
useful one which has stood the test of time. The study
includes structural changes observed by naked eye
examination referred to as gross or macroscopic changes,
and the changes detected by light and electron microscopy
supported by numerous special staining methods including
histochemical and immunological techniques to arrive at
the most accurate diagnosis. Modern time anatomic
pathology includes super-specialities such as cardiac
pathology, pulmonary pathology, neuropathology, renal
pathology, gynaecologic pathology, breast pathology,
dermatopathology, gastrointestinal pathology, oral
pathology, and so on. Anatomic pathology includes the
following 3 main subdivisions:

Surgical pathology. It deals with the study of tissues removed from the living body. It forms the bulk of tissue material for the pathologist and includes study of tissue by paraffin embedding techniques and by frozen section for rapid diagnosis.
Forensic pathology and autopsy work. This includes the study of organs and tissues removed at postmortem for medicolegal work and for determining the underlying sequence and cause of death. By this, the pathologist attempts to reconstruct the course of events how they may have happened in the patient during life which culminated in his death. Postmortem anatomical diagnosis is helpful to the clinician to enhance his knowledge about the disease and his judgement while forensic autopsy is helpful for medicolegal purposes. The significance of a careful postmortem examination can be summed up in the old saying ‘the dead teach the living’.
Cytopathology. Though a branch of anatomic pathology, cytopathology has developed as a distinct subspeciality in recent times. It includes study of cells shed off from the lesions (exfoliative cytology) and fine-needle aspiration cytology (FNAC) of superficial and deep-seated lesions for diagnosis (Chapter 11). B. HAEMATOLOGY. Haematology deals with the diseases of blood. It includes laboratory haematology and clinical haematology; the latter covers the management of patient as well. C. CHEMICAL PATHOLOGY. Analysis of biochemical constituents of blood, urine, semen, CSF and other body fluids is included in this branch of pathology. D. IMMUNOLOGY. Detection of abnormalities in the immune system of the body comprises immunology and immunopathology. E. EXPERIMENTAL PATHOLOGY. This is defined as production of disease in the experimental animal and its study. However, all the findings of experimental work in animals may not be applicable to human beings due to species differences. F. GEOGRAPHIC PATHOLOGY. The study of differences in distribution of frequency and type of diseases in populations in different parts of the world forms geographic pathology. 8

G. MEDICAL GENETICS. This is the branch of human
genetics that deals with the relationship between heredity
and disease. There have been important developments in
the field of medical genetics e.g. in blood groups, inborn
errors of metabolism, chromosomal aberrations in
congenital malformations and neoplasms etc.
H. MOLECULAR PATHOLOGY. The detection and
diagnosis of abnormalities at the level of DNA of the cell
is included in molecular pathology. Recent advancements
in molecular biologic techniques have resulted in
availability of these methods not only for research
purposes but also as a tool in diagnostic pathology.
In conclusion, it is said that specialisation makes human
minds strangers to each other. But the above divisions of
pathology into several specialisations are quite artificial since
pathology embraces all disciplines of medicine and thus
overlapping of specialities is likely. While in the chapters that
follow, efforts have been made to present the entire subject
covering diseases of the whole human body in an integrated
and coordinated manner, knowledge is ever-expanding on a
daily basis and the quest for learning more an ongoing
process. Thus, all of us remain lifelong students of the art of
pathology of diseases!

Vulnerable and Outdated Components

Jahin Justin — Fri, 27 Oct 2023 12:30:49 +0000

Introduction

I'm sure you use some pre-built libraries or packages when you design applications to help with the process, don't you?

Take a look at any straightforward GET request Python code. It's likely that the requests library or something compactable would be used. You could utilize Pillow to work with photos if you'd like.

If you work in web development, you may be using popular libraries and frameworks like Angular, ReactJS, VueJS, the Bootstrap framework, and jQuery.

Both you and your clients and application users would be impacted if the components you are using to develop your apps become out-of-date or have a significant vulnerability.

Keeping track of your dependencies takes a lot of effort. It involves more work than just getting the most recent dependencies and packages or executing the update command. But it goes much beyond this: the most recent updates to your apps may cause them to malfunction; some features or functionalities may become obsolete; dependencies may be dropped; or the patch may not run on your system without interfering with other dependencies, causing chaos.

Updating and ensuring that everything stays up to date may seem easy, but it takes a lot of work and isn't always that simple. Unless you're prepared to invest additional time and update your code to make it compatible with the newest and best updates, this process can be difficult.

Let's talk about the number 6 vulnerability in OWASP's TOP 10 security risks i.e Vulnerable And Outdated Components

Vulnerable and Outdated Components

Vulnerable Components:

Vulnerable components refer to those pieces of software that contain security flaws, often referred to as "software vulnerabilities." These vulnerabilities can be exploited by malicious actors to compromise the security of your application. Common examples include code injection vulnerabilities, cross-site scripting (XSS), and SQL injection. These issues are typically discovered after a component has been released and may not be immediately visible.

Outdated Components:

Outdated components are software elements that have not been updated to their latest versions. This might occur because developers are unaware of updates, or they fear that updates could break existing functionality. Outdated components can pose a significant risk because security patches and improvements provided in newer versions are not applied, leaving your software exposed to known vulnerabilities.

Vulnerabilities over such components may exist for several years before they are discovered, fixed, or disclosed. Sometimes, a vulnerability may not even be identified until it has been exploited. Some of such vulnerabilities include:

Injection Vulnerabilities
Buffer Overflows
Cross-Site Scripting

*Types of Vulnerable And Outdated Components *

Failure to maintain components
Out-of-date support systems
Component Misconfiguration

Successful attacks on vulnerable and Outdated components can result in
Distributed Denial Of Service, Remote Code Execution attacks, and mass disclosure of records intended for private access.

Steps to identify Vulnerable and Outdated Components

OWASP Scanner: This scanner tests all the software packages against the latest OWASP Top 10 vulnerabilities and their mapped CWEs.
API Vulnerability Scanner: This scanner checks for safe API implementation and raises an alert if the interface includes misconfigured HTTP directives.
Command Injection Scanner: Verifies inputs to see if the program is susceptible to code injection attacks, such as user-supplied URLs, message boards, and comment areas.
Microservices scanner: This scanner examines all containerized services and functionality for common vulnerabilities.
XSS Scanner: Examines program components for vectors used in cross-site scripting attacks.

The Best Ways to Handle Outdated and Vulnerable Components

The following are a few recommended techniques for handling vulnerable and Outdated components:

Use automated techniques to regularly check your web applications for vulnerabilities.
Make a list of all the third-party frameworks and libraries that you utilize in your web apps.
Keep an eye out for security alerts from the component's creators and install updates as soon as possible.
Steer clear of employing components without an active development community or ones that haven't received updates in a long time.

Online applications are significantly in danger from Vulnerable and Outdated components. Attackers may use these flaws to take over the system or obtain unauthorized access to private information. It is crucial to keep these components up to date with regular security updates or patches from their developers in order to reduce these risks. It's also imperative to use components with an active development community that are regularly maintained only. You may assist in safeguarding the security of your web apps from attacks that take advantage of obsolete and vulnerable components by adhering to certain recommended practices.

A06:2021-Vulnerable and Outdated Components | by Shivam Bathla | Medium

Shivam Bathla ・ Sep 21, 2021 ・
Medium

Happy Hacking!

Introduction to OWASP

Jahin Justin — Wed, 25 Oct 2023 17:23:56 +0000

The Open Web Application Security Project (OWASP) is a nonprofit organization that focuses on improving the security of software applications. OWASP provides resources, tools, and documentation to help developers, organizations, and security professionals understand and address web application security issues.

OWASP promotes a proactive approach to application security, emphasizing the importance of considering security throughout the entire software development lifecycle. The organization offers a variety of projects and initiatives, including the OWASP Top Ten, which highlights the most critical web application security risks.

By following the OWASP guidelines and best practices, developers can build more secure and resilient applications, protecting both the organization and its users from potential security vulnerabilities and attacks.

Overall, OWASP plays a crucial role in raising awareness about web application security and providing the necessary resources to enhance the security posture of software applications.

Why does OWASP Top 10 matter?

The OWASP Top Ten is crucial for web application security because it provides a comprehensive list of the most critical security risks that developers need to be aware of. By understanding and addressing these risks, developers can prioritize their security efforts and protect their applications from potential vulnerabilities and attacks. The OWASP Top Ten serves as a valuable guide for organizations to enhance their security posture and mitigate potential security threats. It is an essential resource that helps developers build more secure and resilient applications, ultimately protecting both the organization and its users.

The OWASP Top Ten matters because it provides a comprehensive and up-to-date list of the most critical security risks in web applications. By understanding and addressing these risks, developers can prioritize their security efforts and protect their applications from potential vulnerabilities and attacks. The OWASP Top Ten serves as a valuable guide for organizations to enhance their security posture and mitigate potential security threats. It is an essential resource that helps developers build more secure and resilient applications, ultimately protecting both the organization and its users.

OWASP Top 10 vulnerabilities list (2021)

Broken Access Control
Cryptographic Failures
Injection
Insecure Design
Security Misconfiguration
Vulnerable and Outdated Components
Identification and Authentication Failures
Software and Data Integrity Failures
Security Logging and Monitoring Failures
Server-Side Request Forgery

The OWASP Top Ten is an essential resource for developers and organizations to enhance the security of their web applications. By understanding and addressing the top ten security risks identified by OWASP, developers can prioritize their security efforts and protect their applications from potential vulnerabilities and attacks.

In conclusion, the OWASP Top Ten serves as a valuable guide for building more secure and resilient applications. By following the best practices and recommendations provided by OWASP, developers can significantly improve the security posture of their software applications, ultimately safeguarding both the organization and its users.

Happy Hacking!

DEV Community: Jahin Justin

VA & PM

attack surface mangement

Insecure Design

What is insecure design?

Threats in Insecure design

How to Prevent Insecure Design Vulnerabilities?

Impacts of Insecure Design

Examples of Insecure Design Vulnerabilities

Happy Hacking

Happy learning

Introduction to Pathology

Vulnerable and Outdated Components

Introduction

Vulnerable and Outdated Components

Steps to identify Vulnerable and Outdated Components

The Best Ways to Handle Outdated and Vulnerable Components

A06:2021-Vulnerable and Outdated Components | by Shivam Bathla | Medium

Shivam Bathla ・ Sep 21, 2021 ・ Medium

Introduction to OWASP

Why does OWASP Top 10 matter?

OWASP Top 10 vulnerabilities list (2021)

Shivam Bathla ・ Sep 21, 2021 ・
Medium