We recently concluded Full-Stack Training to 12 Developers and out of them we hired 5 Full-Stack Developers. We are, now, looking to hire 50 Full-Stack Trainees.
Who we are?
We are Rapid Web Solutions Pvt. Ltd (a subsidiary of P2H Inc.) working with clients all over the world since 2012. We have over 300+ staff members all over the world. We are looking to extend our team and thus are looking to hire more Full Stack Developers. Our specialists have created a program to teach the people with basic markup knowledge to become a full stack developer in three months. If you’re up for the challenge, apply now—it’s entirely free.
What are the Requirements?
- A good communication skill in English:
- over emails,
- chat or voice calls
- notes taking
- A good understanding of Frontend Development:
- Markup Language: HTML (be able to create an HTML page of medium complexity)
- Stylesheet Language: CSS (be able to develop the page design)
- Programming Language: JavaScript (Good foundation knowledge of DOM manipulation)
- A basic understanding of server-specific programming concepts:
- Language: PHP (Basic)
- Database: SQL (Basic)
- Will be a plus to have a basic understanding of computer networks:
- Client / Server architecture
- Network Protocols (HTTP/UDP/TCP etc)
- Network Security (Encryption, HTTPS/SSL/TLS, VPNs, Firewalls etc)
- File Protocols (FTP/SFTP etc)
- Should be familiar with the development tools:
- Browsers and DevTools (Chrome, Firefox, Safari)
- Code Editors (VS Code, WebStorm, Sublime Text etc.)
- Version Controlling (Git/Github/GitLab etc.)
- Package Managers: NPM, yarn, composer etc.
- Command Line Interface (CLI) – basic
- Build tools: Webpack, Vite, Parcel etc.
- Design tools: Sketch, Photoshop, Adobe Illustrator, Figma, XD etc.
How the program works?
- Apply, and if shortlisted, you’ll be called for an interview.
- Successful candidates join our courses for the next 2 months.
- The most successful candidates will be selected for the 3rd month and get the bonus of Rs. 15,000.
- Upon the course completion, for best candidates a full-time job offer is extended with salary based on performance.
What are our benefits?
- Competitive compensation;
- Ability to work from office as well as from home;
- Permanent ongoing training programs and those for the skills upgrading;
- 10 holidays, 15 paid leaves, Annual Bonus on Dashain festival and Provident Fund;
- Maternity leave 60 days, paternity leave 5 days, mourning leave 10 days;
- Friendly teams;
- Timely performance review and individual development plan creation.
Don’t stay behind the door. An Opportunity is striking right in-front of you.
Apply with your CV: hr-ktm@p2h.com
- Evaluate the organization’s information security and privacy policies and practices.
- Evaluate physical and environmental controls to determine whether information assets are adequately safeguarded.
- Evaluate logical security controls to verify the confidentiality,integrity, and availability of information.
- Evaluate data classification practices for alignment with the organization’s policies and applicable external requirements.
- Perform technical security testing to identify potential threats and vulnerabilities.
- Evaluate potential opportunities and threats associated with emerging technologies, regulations, and industry practices.
- Evaluate IT operations to determine whether they are controlled effectively and continue to support the organization’s objectives.
- Evaluate IT maintenance practices to determine whether they are controlled effectively and continue to support the organization’s objectives.
- Evaluate database management practices.
- Evaluate data governance policies and practices.
- Evaluate problem and incident management policies and practices.
- Evaluate change, configuration, release, and patch management policies and practices.
- Evaluate end‐user computing to determine whether the processes are effectively controlled.
- Evaluate the organization’s ability to continue business operations.
- Evaluate policies and practices related to asset lifecycle management.
- Evaluate whether the business case for proposed changes to information systems meet business objectives.
- Evaluate the organization’s project management policies and practices.
- Evaluate controls at all stages of the information systems development lifecycle.
- Evaluate the readiness of information systems for implementation and migration into production.
- Conduct post-implementation review of systems to determine whether project deliverables, controls, and requirements are met.
- Evaluate the IT strategy for alignment with the organization’s strategies and objectives.
- Evaluate the effectiveness of IT governance structure and IT organizational structure.
- Evaluate the organization’s management of IT policies and practices.
- Evaluate the organization’s IT policies and practices for compliance with regulatory and legal requirements.
- Evaluate IT resource and portfolio management for alignment withthe organization’s strategies and objectives.
- Evaluate the organization’s risk management policies andpractices.
- Evaluate IT management and monitoring of controls.
- Evaluate the monitoring and reporting of IT key performance indicators (KPIs).
- Evaluate whether IT supplier selection and contract management processes align with business requirements.
- Identify opportunities for process improvement in the organization’sIT policies and practices.
- Evaluate potential opportunities and threats associated withemerging technologies, regulations, and industry practices.
- Conduct periodic review of information systems and enterprise architecture.
- Evaluate the information security program to determine itseffectiveness and alignment with the organization’s strategies andobjectives.
- Evaluate whether IT service management practices align withbusiness requirements.
CISA Certification is strongly recommended for Inforamtion System Auditing processes if you as an auditor
- Plan audit to determine whether information systems are protected, controlled, and provide value to the organization.
- Conduct audit in accordance with IS audit standards and a risk-based IS audit strategy.
- Communicate audit progress, findings, results, andrecommendations to stakeholders.
- Conduct audit follow-up to evaluate whether risks have been sufficiently addressed.
- Utilize data analytics tools to streamline audit processes.
- Provide consulting services and guidance to the organization inorder to improve the quality and control of information systems.
WAFW00F is a Python tool to helps in fingerprinting and identifyng Web Application Firewall (WAF) products. It is an active reconnaissance tool as it actually connects to the web server, but it starts out with a normal HTTP response and escalates as necessary.
How does WAFW00F work?
- Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions
- If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is
- If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks
Nmap is a free open source tool which can be used for foot-printing/ reconnaissance to discover hosts and services on a computer network by sending packets and analyzing the retrieved responses. Nmap is a noisy scanner and can be easily detected by firewalls. “The quieter you become, the more you are able to hear”. Thus, as a security analyst, one must learn how to do it quietly and anonymously.
- Nmap can provide information on targets, including reverse DNS names, device types, and MAC addresses.
- Host discovery – Identifying hosts on a network. For example, listing the hosts that respond to TCP and/or ICMP requests or have a particular port open.
- Port scanning – Enumerating the open ports on target hosts.
- OS detection – Determining the operating system and hardware characteristics of network devices.
- Version detection – Interrogating network services on remote devices to determine the application name and version number.
- Scriptable interaction with the target support using the Nmap Scripting Engine (NSE).
Commands of Nmap
Nmap scans against ip or hosts: These commands will help to scan against ip or hostname.
nmap 1.1.1.1
nmap scanme.nmap.org
Nmap ping scans: It helps in detecting hosts on any network, however, in most cases remote hosts block ip-based ping packets, thus ARP-based requests are recommended.
nmap -sp 192.168.5.0/24
Specific ports or entire port range on a remote or local server: This results in the scan for all 65535 ports on localhost computer. Further, specific ports on specific ip or hosts can be scanned using nmap.
nmap -p 1-65535 localhost
nmap-p 80, 443 scanme.nmap.org
nmap-p 80, 443 1.1.1.1
Scan multiple IP Addresses: Multiple ip or hosts can be scanned or range of hosts, consecutive ip, or entire subnet, or random hosts, or excluding targets
nmap 192.168.0.1 192.168.0.2
nmap -p 192.168.0.1,2,3,4
nmap 192.168.0.1-10
nmap 192.168.0.1/24
nmap -iR 0
nmap 192.168.0.1/24 –exclude 192.168.0.100, 192.168.0.200
Scan popular ports: Specifying 10 limits the popular ports on the host/ip
nmap --top-ports 10 192.168.1.106
ARP Ping: Using traceroute, force reverse DNS resolution, alternative DNS lookup
nmap –traceroute 192.168.0.1
nmap -R 192.168.0.1
nmap –system-dns 192.168.0.1
References:
On Nov 21, 2019, a meeting was held in between Cyber Security Experts from Nepal and Mr. Jeffrey Ringel, Director of Operation, The Soufan Group, New York and team.
The Soufan Group is a global intelligence and security consultancy that helps clients in the public and private sectors enhance their ability to identify, assess, and successfully operate in high-risk, high opportunity environments. They focus on the most important geostrategic challenges of time, addressing existing fault lines and anticipating emerging trend lines. They enable and support informed strategic and tactical decisions that maximize opportunity and minimize risk.
The meeting was carried with discussion on private sector perspective and cases of Cyber Crime such as Ransomware, Sabotage, Hack, Identity Theft, Disinformation etc. Mr. Ringel was kind enough to help us understand the extension of Cyber in to modern disintermediation strategic and tactical threats – disinformation model, indemnification/ quantification, response strategies and counter measures, regulatory/ legislative context. The data privacy perspective plus legislation including General Data Protection Regulation (EU GDPR 2016/679), California Consumer Privacy Act (CCPA 2018).
On Nov 21, 2019, a meeting was held in between John Jay College of Criminal Justice and Cyber Security and Cyber Crime Experts from Nepal. Professor Douglas Salane – Program Director, Professor Shweta Jain – Program Advisor, Digital Forensics and Cyber Security Degree Program briefed about the growing resources needs in US in the field of Cyber Security, Cyber Crime, Digital Forensics.
John Jay College of Criminal Justice meets the challenges of fighting cyber crime by providing professional science education in digital forensic science and cyber security with concern for justice. The Digital Forensics and Cyber Security program offers a Master of Science in Digital Forensics and Cyber Security Degree and two advanced certificate programs. The MSc in Digital Forensics and Cyber Security degree program offers a balance of practice and theory through study in computer sicence, law and criminal justice. The program produces professional qualified as digital forensic scientist who can apply and sustain their expertise as new technological and societal challenges emerge; who understand the scientific, legal and criminal justice context of high technology crime; and who can effectively communicate their knowledge to others.