Abstract
The COVID-19 pandemic and consecutive lockdowns have made people dependent on the online environment and have made society compatible with virtual platforms. But the management of the electronic environment is not so easy but too crucial and vital as well as needs to be user-friendly. As a developing country, Bangladesh has welcomed digital changes. Unfortunately, threats and vulnerabilities have risen in lockstep with technological advancement. To deal with this issue, businesses and educational institutions are turning to cyber security. Penetration testing (Pen-Test) is a way of assessing the security of a web application, system, or network by systematically checking and confirming the efficacy of that system. The purpose, classifications, and uses of penetration testing in Bangladesh's IT industries are discussed in this chapter and depict the present state of cyber security in Bangladesh. The authors highlight some of the aspects that contribute to the country's cyber vulnerabilities. Finally, several proposals are made to protect Bangladesh's cyberspace against harmful assaults.
TopBackground
As a developing country, the Government of Bangladesh has taken advantage of the rapid digitization to help with the growth and development of the economy. However, this also invites unsolicited threats from cybercriminals. It is becoming essential to acknowledge those threats and build up a strategy to prevent them. Numerous researches are being conducted on this topic as it becomes increasingly important to tackle these threats. Muller discussed the vulnerabilities and challenges developing countries face against cyber-attacks in this article (Muller, L., 2015). The author also suggested how to build up a strategy to fight back. Brechbühl advised developing countries on strategizing information security policies based on his studies (Brechbühl, H. et al., 2010). Finally, Kortjan depicted a comparison between two developed countries against South Africa (a developing country) based on their cyber security readiness, especially from an educational and awareness perspective (Kortjan, N., & Solms, R., 2012).
Key Terms in this Chapter
OWASP: OWASP means Open Web Application Security Project. The OWASP Top 10 is a document that serves as a benchmark for raising awareness among developers and online application security professionals. It exemplifies the widespread agreement among security experts on the most serious threats posed to web applications. Generally acknowledged as the first step towards better secure programming anywhere in the world.
Penetration Testing: A penetration test, also known as a pen test, is a simulation of an authorized attack that is carried out on a computer system in order to assess the system's level of security. To uncover vulnerabilities in a system and explain how such vulnerabilities may affect a company's operations, professionals known as penetration testers use the same kinds of tools, methods, and procedures that are utilized by attackers.
Education: Education is both teaching and learning. Education refers to schooling, instruction, and teaching as a whole.
Cybersecurity: The protection of internet-connected systems, including their hardware, software, and data, against malicious cyberattacks is referred to as cybersecurity. To prevent unwanted access to data centers and other computerized systems, people and businesses alike engage in the practice of using two-factor authentication (2FA).
Network Security: Our network and its data will be safe from invasions, breaches, and other dangers if we have adequate network security. This is a broad and all-encompassing phrase that refers to the many hardware and software solutions, as well as the procedures, policies, and settings that are associated with the usage of networks, accessibility, and overall protection against threats.
Cybercrime: Cybercrime is defined as any criminal activity involving a computer, networked device, or network. While most cybercrimes are committed to generate profit for the perpetrators, some cybercrimes are committed against computers or devices directly in order to damage or disable them.
Threats and Risk: Even more simply, a threat is the potential damage to an asset (the item you're attempting to safeguard) that is present. The probability that the damage will be realized is known as risk. The asset's vulnerability is the point at which the damage may reach it.