Marc Nettles

Cybersecurity Content

• FaceOff: An app created during the COVID-Era to track health. For this, I created a custom local database which implments security measures including but not limited to: storing passwords securing using hashing, salting to protect against rainbow tables. We also planned to implement input-sanitization to protect against SQL-injection attacks and input-size checks to protect against buffer-overflow attacks but ran out of time.
• wwww.marcnettles.com: Created an AWS Lightsail website which utilizes SSH, as well as SFTP, to connect to the back-end and securely transfer files. The website is upgraded to HTTPS via SSL/TLS certification through Let’s Encrypt and CORS (cross-origin resource sharing) to prevent malicious attacks. The website is further secured with a Content Security Policy, Cross-Origin-Opener-Policy, Cross-Origin-Resource-Policy, and much more via HelmetJS. This ensures protection against various attacks, including the notorious Cross-Site Scripting (XSS) attacks. Utilizes a PostgreSQL database with secure hashing and 10-rounds of salting to protect user passwords.
• Crafted several different SQL-injection attacks to log me in as the admin without knowing the password and to trick the server into giving me the requested user’s password.
• Crafted several cross-site scripting (XSS) attacks to steal the user’s cookies.
• Crated several cross-site request forgery (CSRF) attacks to steal a user’s information.
• Utlizied tools such as WireShark to monitor network activity and detect intrusions. Crafted code to read the output of WireShark, which determined the ratio of SYN requests to the number of ACK responses for each address sending requests to the server, determined if any addresses were sending significantly more SYN requests than they were receiving ACKs, all of which allowed me to determine if the server was under-attack by a specific address.