Search Results

There are lots of them. In fact, here's a list of them. Privilege Escalation Pointer/object deference Buffer Overflows Resource Exhaustion Memory Leaks Race Conditions Error Handling Improper Input Handling Replay Attacks Pass the Hash API Attack...

A type of web app attack. Most attacks are some form of privilege escalation. There are two types: Horizontal This is when an attacker gains data that belongs to another user with the same privilege level as themselves (like a co-worker). Vertical ...

A type of web app attack. Dereferencing a pointer is retrieving the value stored in memory. Pointers store memory addresses. Page protections protect the kernel from user access. However, it can be exploited by a DoS attack through a null pointer reference. I...

A type of web app attack. Buffers are temporary data storage areas that have limited space. By writing more memory than the buffer is capable of storing, memory can be stored in areas that aren't properly protected by the kernel. This can lead to arbitrary co...

The most widely used software development model. Waterfall requires each step to be fully completed, so the step "flows" to the next. Get it? Flows? Like water? Like $H_{2}O$? Step Description Requirements All requirements for the applicatio...

A more agile approach to software development. Agile depicts software development as a never ending cycle of version control, bug fixes, and feature additions/enhancements. Development Development is split into smaller time frames called Sprints. Each Sprin...

A security mechanism used in software development used to isolate running processes from each other. Sandboxing is also used to prevent the process from accessing the system they are running on using highly restrictive rules. This containment (where have I he...

The process of scrutinizing source code to identify potential problems and non-compliant coding practices. SCA prevents common vulnerabilities like SQL injection and cross-site scripting. SCA supports secure coding and is performed using specialized tools tha...

We must protect our code from getting skidded! Thou shalt release an application that is globally supported and is universally usable and stable across all platforms.Try using Microsoft's SDL and/or the OWASP Software Assurance Maturity Model. Concepts No...

Pay Microsoft and promise your code is safe and secure and totally isn't spyware or adware. Code signing uses digital signatures to verify the integrity and authenticity of software code.

Cookies are small pieces of data stored on a computer by a web browser while accessing a website. Cookies maintain session states, remember user preferences, and track user behavior (!) and other settings. They are highly exploitable if not properly secured, ...

megachad simulator Create a File System Wipe Partitions The goal of this section is to create 3 partitions: efi (boot), swap, and root. Search for partitions using fdisk -l. wipefs <path_to_partition> for whatever partitions you decide to nuke. fdisk to ...

A technology that allows network and security professionals to manage, control, and make changes to a network. SDN is basically a giant UI wrapper for the many different text-based configuration files scattered across the many services and machines that compo...

An enumeration of the many types of embedded/IoT devices. Device Types Home Appliances Environment Controls (HVAC) Building/Facility Automation Lighting Controls Security Systems Door Locks Sprinkler Systems Garage Doors Smart Meters Wearabl...

its actually real? A mainframe computer is a large, powerful computer that is capable of processing extremely large amounts of data, usually running proprietary operating systems that are rarely updated.

lock them in a white room. Smart devices are popular, but they are a black box. The consumer usually has little ot no control over the technology being used within said smart devices, and vendors are known to be slow with rolling out security updates for thei...