Search Results

add one proton, electron, or neutron to every atom in your body? You need to: patch outdated systems harden configurations upgrade to more secure versions of OSs Vulnerability scanning uses specialized tools to identify potential weaknesses in digital...

who is the single guy from pyeongyang, north korea on steam Generally Good Ideas Look for: open ports active IP addresses running apps/services missing IMPORTANT/critical updates/patches active default/guest user accounts default or blank passwords ...

Software designed to manage security data inputs and provide reporting and alerting. The core function of SIEM tools are to collect and correlate data from network sensors and appliance/host/app logs, from: Windows hosts Linux hosts Network switches, rou...

We need to make sure the REAL Epstein files don't leak. DLP automates the discovery and classification of data types and enforce rules so that data is not viewed or transferred without proper authorization. DLP uses three main components: a policy server ...

There are a variety of options at your disposal. Choose the method based on the use/purpose of the network. Pre-shared Key (PSK) Most commonly used. Share a passphrase with users that wish to access the network. Wi-Fi Protected Setup (WPS) Requires a netw...

There are lots of them. In fact, here's a list of them. Privilege Escalation Pointer/object deference Buffer Overflows Resource Exhaustion Memory Leaks Race Conditions Error Handling Improper Input Handling Replay Attacks Pass the Hash API Attack...

A type of web app attack. Most attacks are some form of privilege escalation. There are two types: Horizontal This is when an attacker gains data that belongs to another user with the same privilege level as themselves (like a co-worker). Vertical ...

A type of web app attack. Dereferencing a pointer is retrieving the value stored in memory. Pointers store memory addresses. Page protections protect the kernel from user access. However, it can be exploited by a DoS attack through a null pointer reference. I...

A type of web app attack. Buffers are temporary data storage areas that have limited space. By writing more memory than the buffer is capable of storing, memory can be stored in areas that aren't properly protected by the kernel. This can lead to arbitrary co...

The most widely used software development model. Waterfall requires each step to be fully completed, so the step "flows" to the next. Get it? Flows? Like water? Like $H_{2}O$? Step Description Requirements All requirements for the applicatio...

A more agile approach to software development. Agile depicts software development as a never ending cycle of version control, bug fixes, and feature additions/enhancements. Development Development is split into smaller time frames called Sprints. Each Sprin...

A security mechanism used in software development used to isolate running processes from each other. Sandboxing is also used to prevent the process from accessing the system they are running on using highly restrictive rules. This containment (where have I he...

The process of scrutinizing source code to identify potential problems and non-compliant coding practices. SCA prevents common vulnerabilities like SQL injection and cross-site scripting. SCA supports secure coding and is performed using specialized tools tha...

We must protect our code from getting skidded! Thou shalt release an application that is globally supported and is universally usable and stable across all platforms.Try using Microsoft's SDL and/or the OWASP Software Assurance Maturity Model. Concepts No...

Pay Microsoft and promise your code is safe and secure and totally isn't spyware or adware. Code signing uses digital signatures to verify the integrity and authenticity of software code.

Cookies are small pieces of data stored on a computer by a web browser while accessing a website. Cookies maintain session states, remember user preferences, and track user behavior (!) and other settings. They are highly exploitable if not properly secured, ...

A technology that allows network and security professionals to manage, control, and make changes to a network. SDN is basically a giant UI wrapper for the many different text-based configuration files scattered across the many services and machines that compo...

An enumeration of the many types of embedded/IoT devices. Device Types Home Appliances Environment Controls (HVAC) Building/Facility Automation Lighting Controls Security Systems Door Locks Sprinkler Systems Garage Doors Smart Meters Wearabl...