Identity theft, stealing money, stealing private information, controlling private computers.
Ransomware is a type cyber attack that threatens to publish the victim's data or block access to it unless a ransom is paid.
The Internet of Things (IoT) is the network of physical devices, vehicles, home appliances, and other items embedded with electronics, software, sensors, actuators, and connectivity which enables these things to connect and exchange data.
Protection of computer systems, networks, and data from digital attacks.
Protocols for encrypting/decrypting information. Most cybersecurity breaches happen due to human error, not software bugs.
The study of computational thinking, the thinking humans need to in order to describe a step by step process to a computer.
The usage of deceptive emails and websites to maliciously gather personal information
The CIA Triad is a widely-accepted security measure that should be guaranteed in every secure system. It stands for Confidentiality, Integrity, and Availability.
The protection of information from people who are not authorized to view it.
Aims at ensuring that information is protected from unauthorized or unintentional alteration.
The assurance that systems and data are accessible by authorized users when and where needed.
how company's use your data
protecting your data online
secure data transfer protocol when on the internet
Legal document outlining how a company can collect and use your data
attempting to find computer security vulnerabilities and exploit them for personal financial gain or other malicious reasons
a computer security specialist who breaks into protected systems and networks to test and assess their security
The information about a particular person that exists on the Internet as a result of their online activity
the use of electronic communication to bully a person
Information literacy is having the ability to find information, evaluate information credibility, and use information effectively.
A law that grants the creator of an original work exclusive rights to its use, distribution, and sale
Objects in the public domain are not subject to copyright laws, and thus may be freely used by the general public.
A term used in programming for the set of instructions that can be run or executed by a computer.
Translates and executes program code line by line into machine code.
Translates, or “compiles” the entire code into machine code and then runs the program, or sets aside to run later.
Uses tags to format and define elements within a document. The tags are not shown when the document is displayed.
Used to make queries, or searches, in databases and information systems.
A programming language that is very close to machine code and used for a specific type of processor.
Uses a series of commands within a file that is capable of being executed without being compiled.
An identifier that stores data or information and can be changed at any time.
An identifier that stores data or information and cannot be changed.
A number can be positive, negative, or zero WITHOUT a decimal component. -50; 0; 5
A number can be positive, negative, or zero WITH a decimal component. 3.2; 0.0; 4.5652
Contains text or a sequence of letters, numbers, punctuation, spaces, etc. "Hello, world!"; "abc123"
Contains a single character or punctuation. a; z; 1; !; #
Binary and evaluates to either true or false. true; false
Defining a function means to teach the computer a new command and explain what it should do when receiving that command.
Calling a function actually gives the command, so the computer will run the code for that function.
A set of steps that uses the structural conventions of programming but is intended for human reading.
Phrases entered into code to provide information or direction.
A diagram made up of shapes and arrows used to display the order of steps in a program or process.
An if statement lets you ask a question to the program and only run code if the answer is true.
Control structure that lets us run either one section of code or another depending on a test.
A control structure lets us change the flow of the code.
Using a condition to determine which part of an algorithm is executed.
A fixed container that stores an ordered collection of items.
A resizable container that stores an ordered collection of items.
Can store combinations of keys and values where the value can be accessed by its associated key.
The variables that are attached to the object.
An object’s characteristics.
Defines what an object can do.
An encryption method in which each letter of the message is shifted by a certain amount, called the key
A physical machine used in WWII that built on the complexity of substitution ciphers.
An encryption method that uses a series of interwoven Caesar ciphers based on the letters of a keyword
Scrambling digital information into an unreadable form. Only those with verified authority (password, key, etc) can unscramble it to read it.
The process of decrypting coded messages without being told the key.
The practice of solving and writing encryptions
The primary software that runs applications and manages all the hardware, memory and other software on a computer.
A set of computer instructions that tells the computer how to work.
Most commonly used on a desktop or laptop computer and can perform many tasks without an internet connection.
An operating system used on mobile devices, such as a mobile phone or tablet.
Used on specialized computers that take in requests and send back a response (mail server, web server, etc).
Will only perform one type of task and are used in machines such as an ATM or a GPS system.
An operating system that is permanently etched into a hardware device such as a keyboard or a video card.
Operating systems that are most commonly used to run multiple operating systems on a computer system at the same time.
An operating system such as Windows, Mac OS, Android or iOS.
Software that only works on one platform, such as only on Android phones, or only on Mac computers.
Software that works on multiple platforms.
Used to log in to a computer, comprised of a username, password, personalized settings and set permissions.
Has full access and full control to manage other users, set permissions and change computer settings and programs.
Authorization given to user accounts that grants them certain privileges and enables them to access specific folders and files.
The main, controlling account responsible for providing security updates, antivirus software and setting permissions for anyone on the same network.
An agreed upon set of rules and permissions.
Specifying access rights and permissions for each user.
Proving the identity of the user.
An open-source and community-developed operating system.
An operating system that uses a graphical user interface designed by Apple Inc. for use on desktops and laptops.
An operating system that uses a graphical user interface designed by Microsoft for use on desktops and laptops.
A method of organizing files and retrieving them from storage.
Software that manages data and files along with the ability to create, modify, and move these files.
A type of interface that uses interactive graphical elements such as windows, buttons, and icons.
Updates that address and fix security vulnerabilities within a program or product.
A type of computer program that can spread by modifying other computer programs and inserting its own code (rules).
A copy or snapshot of the state of your computer.
Backs up everything on your computer.
Backs up only what has changed since the last backup.
Used to navigate the world wide web and view HTML files.
A collection of data and files used to increase the speed of the browser.
Program code, usually written in JavaScript, that is executed on the client's browser.
An intermediary between the user and the Internet that takes requests from the user and returns a response.
Confirms the identity and authenticity of a website.
Processes commands to a computer program in the form of lines of text.
The suffix at the end of a filename that indicates what the type of file.
The electronic part of a computer that executes the instructions that are passed to it by the operating system. It’s also called a CPU, or central processing unit.
Legally binding guidelines for use and distribution of software.
Software that is available for anyone to access and modify.
Software that is owned by an individual or company.
Refers to the design of the essential parts of an application and how they are connected to each other.
Software installation that is performed on your local computer.
Software installation that is performed on a local area network (LAN).
Software that is installed, hosted and accessed entirely from a remote server or location.
Open Web Application Security Project; highly-regarded organization and much used by cybersecurity professionals.
refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application's database server (also commonly referred to as a Relational Database Management System – RDBMS).
Structured Query Language; Programming language for managing and querying data from a relational database.
A question (noun) or to ask a question (verb) - often in relation to a database.
How we define what is stored in a table.
Represents a piece of information (or attribute).
A set of data elements (values) using a model of vertical columns (shown by a name) and horizontal rows (fields), the cell (record) being the unit where a row and column intersect. A table has a specified number of columns by design, but can have any number of rows.
One entry in a table. Each row has an ID that is unique to the table.
A statement in SQL that allows you to ask for a row or multiple rows from a table in a database.
a clause in SQL that allows you to filter results of s SELECT with certain conditions.
An injection risk where the website returns errors that the hacker can use to explore the database more. This is the first clear test that an attacker can use to test to see if a site is vulnerable. It is usually displayed as an unhandled internal exception error. This info is meant for the developer and is not meant to go back and deliver it to a person’s webpage.
An injection risk where the attacker can add a condition that’s always true, like 1=1, often by appending it to the query to pull up even more in a results set. This fundamentally changes the query and can allow someone to pull the entire contents of the database.
Often used when error-based and union-based SQLi do not work. It essentially involves asking the database a series of targeting questions and based on the results gives clues as to how to get the DB to give up its contents.
A set of rules or procedures for transmitting data between electronic devices. In order for computers to exchange information, there must be an agreement as to how the information will be structured and how each side will send and receive it.
A group of two or more computer systems linked together.
The amount of data (in bits) that can be sent in a fixed amount of time.
The capacity of data transfer in a system. Measured by bitrate.
The latency of a system is the time it takes for a bit to travel from sender to receiver. Fiber optic cables have low latency.
A new 128 bit version of the Internet Protocol.
The protocol that defines the payout of an an Internet address.
Used to translate domain names into IP addresses.
The process of sending data between two computers on the internet. The data is sent through routers that determine the route.
When multiple paths exist between two points. This improves reliability and makes the internet fault tolerable. Makes the routing system scalable.
Packets are the units of data that are sent over the network.
a set of data that describes and gives information about other data.
Standardizes the layout of all packets. All packets must have a destination IP address, a from IP address, and the actual data being sent. Defines the layout of a SINGLE packet.
Allows for sending MULTIPLE packets between two computers. TCP checks that all packets arrived and can be put back in the proper order. The metadata must include a destination IP address, a from IP address, the message size and the packet order number.
Protocol that standardizes the language for talking to web servers to send and receive web resources. Defines how computers send and receive hypertext information. (HTTPS: The “S” denotes a secure connection using HTTP.)
Stands for Uniform Resource Locator. You are locating a resource that exists somewhere on the internet.
Defines how numbers are represented, which digits are used, and what each position (place) in a number means.
A number system that only uses two symbols: typically "0" and "1".
A number system that uses 16 symbols: 0-9 and A-F
A basic unit of information in computing and digital communications.
A circuit board with ports and sockets used to connect the main devices of a computer.
A special kind of firmware that runs programs strictly to start up your computer.
The core component of a device that accepts and executes instructions.
A fast type of computer memory which temporarily stores all the information your device needs right away.
A fast access storage device used in computers.
A component designed to speed up the creation of images and output them to a display device, like a monitor.
A component with a built in wired network port that allows the computer to connect to a network.
A location where information is sent from one computer to another.
Checks to see which ports on a network are open.
A device or software that blocks unwanted Internet traffic while allowing legitimate traffic.
A device that will be recognized by your computer and install on its own.
A group of files that allows a device to communicate with the computer’s operating system.
A short-range wireless communication technology that uses radio waves to transmit information.
Enables short-range communication between compatible devices.
An electronic device which is required for communication between devices.
An internal component of a computer that is used for communicating over a network.
A network device that allows a device to connect to the Internet.
Enables wired connections between more than one computer or device.
A network device that allows other Wi-Fi devices to connect to a wired network.
An access point that allows for network management and security configuration.
Storage that is available only while the system is on and disappears when the system is turned off.
Storage that is saved and available even when the system is shut down.
Storage that contains one or more drives that can be accessed over a network.
Network attached storage that is equipped with powerful network adapters.
A wireless LAN that uses radio frequency technology to send and receive data.
A virtual LAN that allows for the setup of separate networks by configuring a network device.
A set of protocols that specify how your Wi-Fi network and other data transmissions work.
Processes commands to a computer program in the form of lines of text.
A list of specific routing destinations; essentially a map for the router.
The use of science or technology in the investigation and collection of evidence in a court of law.
The use of digital media from a computer, mobile phone, server or network as evidence in a court of law.
Ensures an unbroken audit trail of collected digital data and media.
A file that records events that occur in an operating system (or other software) and/or messages between different users of a communication software.
Data about data.
A snapshot of all information captured in a system’s Random Access Memory (RAM).
A SQL clause that sorts the returned query results by one or more columns
Ascending order; the default sort direction
Descending order; used to reverse the default sorting
A SQL operation that combines rows from two or more tables based on a related column.
A join where each row in one table is paired with every row in another.
A field in one table that refers to the primary key in another table.
A temporary name assigned to a column or table using the `AS` keyword in SQL
A SQL keyword used to rename fields or tables in the query result
Indentation is the visual structure of how your code is laid out. It uses tabs to organize code into a hierarchy.
The connection between one HTML page to another HTML page
Allows adding an image to a web page. It is self-closing. The attributes of an `<img>` tag include `src`, which specifies where to get the image from (the url for an image ), and `width` and `height` attributes, which specify the size of the image in pixels.
Way to organize information with a simple structure that is easy to read and write on a webpage. There are ordered and unordered HTML lists.
Defines an unordered list in HTML.
defines a list item inside an HMTL list.
Tables display information in a grid.
Allows adding several different types of styles to HTML elements.
Cascading Style Sheets. The language for designing web pages and adding style.
Defines which HTML elements a CSS rule applies to.
`class` is an attribute we can add to HTML tags in order to style a specific group of elements.
`id` is an attribute we can add to an HTML tag to style that specific element.
The process of identifying, assessing and prioritizing potential risks for an organization or company.
Designed and used to assess computers, networks or applications for known weaknesses.
The practice of gathering, collecting, and logging some or all packets that pass through a computer network.
A situation when a device or system has two or more operations running at the same time that must be completed in proper sequence.
A situation when too much data is placed into a fixed-sized buffer that can cause data corruption.
When a value higher than the maximum or lower than the minimum is used which can result in logic errors.
When a company hires a white hat hacker to assess the security of a system by finding and exploiting vulnerabilities.
Collecting information about a target without directly accessing the system (social media, news, website, etc).
Collecting information about a target by actively engaging a system and analyzing responses (network and port scans).
When the tester is first able to gain access into the target system.
Using a compromised trusted system to gain access to a target system within the same network.
Using tools to gain higher levels of privilege.
When the tester has no knowledge of the target system (simulates an external attack).
When the tester has intimate knowledge of the target system (simulates an internal attack).
When the tester is limited knowledge of the target system.
Risk assessment that gives a numerical (typically monetary) value to the impact of a threat occuring.
How much money could be lost at any one time which is determined by the formula: AV * EF + SLE
How much an asset is worth.
The amount of the asset that would be impacted (amount of time, % of data, etc) by a threat event.
How much can be expected to be lost in a year due to a single threat event which is determined by the formula: SLE * ARO = ALE
How often a threat event per year (typically determined by historical data).
Risk assessment that defines an event’s level of risk in words rather than numbers which is determined by the potential level of impact and the likelihood of occurrence.
Risk response that removes the risk by avoiding the behavior completely.
Risk response that shares the responsibility of the risk with someone else.
Risk response that accepts the risk as is.
Risk response that takes steps to avoid the risk or minimize the impact or likelihood.
The same key is used to encrypt and decrypt (e.g., Caesar, Vigenere)
One key encrypts, a different key decrypts.
Public key encryption is a type of asymmetric key encryption. There’s one key that encrypts the information and there is a different key that decrypts the information.
The output from any input that has been processed through a hashing algorithm / function.
The word hashing literally means to scramble. Hashing changes a message into an unreadable string of text for the purpose of verifying the message’s contents, but not hiding the message itself. It must be easy to compute the output (the digest) for any input, but hard to compute the input for any output. A hash function takes an input string of arbitrary length and produces a fixed- size, short output called a digest . It’s always the same length no matter how big the input is AND the output is always the same hash for any given input. Unlike symmetric and asymmetric algorithms, there are no “keys” in hashing functions.
whenever 2 inputs map to the same output.
whenever you can work backwards through an algorithm (like a Caesar cipher)
Finds the remainder after division of one number by another (sometimes called modulus). Example: 14 ➗ 4 = 3 remainder 2 14 mod 4 = 2 14 % 4 = 2
The science of protecting information by encrypting and transforming it into a secure format.
When the same key is used to both encrypt and decrypt.
When one key encrypts and a different key decrypts.
Changes one character or symbol into another.
Groups bits into blocks of plaintext before applying the encryption.
Shifts the positions of plaintext character (or groups of characters) according to a regular system.
A symmetric, block cipher that groups data into 65-bit blocks and uses a 56-bit key along with an algorithm and 16 rounds of encryption.
A symmetric, block cipher that groups data into 128-bit blocks and uses a 128-, 192- or 256-bit key along with an algorithm and 10, 12, or 14 rounds of encryption.
A method in cryptography by which keys (public or private) are exchanged between two parties.
One of the first asymmetric key implementations and was responsible for securing the exchange of keys.
Occurs when someone secretly intercepts communications between two parties by impersonating one or both parties.
The first widely used asymmetric algorithm used for both signing and encryption.
A small data file that digitally binds a public cryptographic key to an organization.
Will secure one domain or subdomain.
Will secure one domain and an unlimited number of its subdomains.
Will secure multiple domains.
Belongs to the Certificate Authority.
Acts as a “middle-man” between the root certificate and the server certificate.
Issued to the domain.
Allows a server to validate their own SSL certificate by bundling a time-stamped response signed by the certificate authority.
The process of associating a host with their expected certificate or public key.
an object-oriented computer programming language commonly used to create interactive effects within web browsers.
in computer programming languages and especially JavaScript, is the process of removing all unnecessary characters from source code without changing its functionality.
An organized collection of data (e.g., text, images, videos, audio, geospatial, tabular) An electronic system that allows data to be easily accessed, manipulated and updated via a Database Management System (DBMS).
A set of data elements (values) using a model of vertical columns (shown by a name) and horizontal rows (fields), the cell (record) being the unit where a row and column intersect. A table has a specified number of columns by design, but can have any number of rows.
Let you quickly perform an action on a table in a database like apply changes or retrieve information.
Client devices are typically personal computing devices with network software applications installed that request and receive information over the network or Internet. Mobile devices like your smart phone, tablets, iPads, laptops and also desktop computers can can all function as clients.
Examples of servers include web servers, mail servers, and file servers. Each of these servers provide resources to client devices. Most servers have a one-to-many relationship with clients, meaning a single server can provide multiple resources to multiple clients at one time.
Client-server applications are programs or apps that run on our client devices AND need to access resources from a server. In other words, they need help and can’t do what they need to do alone.
A server computer program or application provides functionality for client programs or devices. So a single overall computation is distributed across multiple processes or devices. Servers can provide various functionalities, often called "services", such as sharing data or resources among multiple clients, or performing computation for a client.
Client devices and applications are often referred to as the “front end” - meaning what the user actually sees.
Server devices and applications are often referred to as the “back end” - meaning the user doesn’t actually SEE what is happening; it’s hidden from their view and they just see the results on their end.
Clients and servers communicate over a computer network on separate hardware, but both client and server may reside in the same system. A server host runs one or more server programs which share their resources with clients. A client does not share any of its resources, but requests a server's content or service function. Servers store and protect data and process requests from clients. Clients make requests and format data on the device for the end user.
Using charts, graphs, or images to visualize complex data.
