The same key is used to encrypt and decrypt (e.g., Caesar, Vigenere)
One key encrypts, a different key decrypts.
Public key encryption is a type of asymmetric key encryption. There’s one key that encrypts the information and there is a different key that decrypts the information.
The output from any input that has been processed through a hashing algorithm / function.
The word hashing literally means to scramble. Hashing changes a message into an unreadable string of text for the purpose of verifying the message’s contents, but not hiding the message itself. It must be easy to compute the output (the digest) for any input, but hard to compute the input for any output. A hash function takes an input string of arbitrary length and produces a fixed- size, short output called a digest . It’s always the same length no matter how big the input is AND the output is always the same hash for any given input. Unlike symmetric and asymmetric algorithms, there are no “keys” in hashing functions.
whenever 2 inputs map to the same output.
whenever you can work backwards through an algorithm (like a Caesar cipher)
Finds the remainder after division of one number by another (sometimes called modulus). Example: 14 ➗ 4 = 3 remainder 2 14 mod 4 = 2 14 % 4 = 2
The science of protecting information by encrypting and transforming it into a secure format.
When the same key is used to both encrypt and decrypt.
When one key encrypts and a different key decrypts.
Changes one character or symbol into another.
Groups bits into blocks of plaintext before applying the encryption.
Shifts the positions of plaintext character (or groups of characters) according to a regular system.
A symmetric, block cipher that groups data into 65-bit blocks and uses a 56-bit key along with an algorithm and 16 rounds of encryption.
A symmetric, block cipher that groups data into 128-bit blocks and uses a 128-, 192- or 256-bit key along with an algorithm and 10, 12, or 14 rounds of encryption.
A method in cryptography by which keys (public or private) are exchanged between two parties.
One of the first asymmetric key implementations and was responsible for securing the exchange of keys.
Occurs when someone secretly intercepts communications between two parties by impersonating one or both parties.
The first widely used asymmetric algorithm used for both signing and encryption.
A small data file that digitally binds a public cryptographic key to an organization.
Will secure one domain or subdomain.
Will secure one domain and an unlimited number of its subdomains.
Will secure multiple domains.
Belongs to the Certificate Authority.
Acts as a “middle-man” between the root certificate and the server certificate.
Issued to the domain.
Allows a server to validate their own SSL certificate by bundling a time-stamped response signed by the certificate authority.
The process of associating a host with their expected certificate or public key.
Cross-site scripting (XSS) is a security bug that can affect websites. If present in your website, this bug can allow an attacker to add their own malicious JavaScript code onto the HTML pages displayed to your users. Once executed by the victim's browser, this code could then perform actions such as completely changing the behavior or appearance of the website, stealing private data, or performing actions on behalf of the user.
The process of identifying, assessing and prioritizing potential risks for an organization or company.
Designed and used to assess computers, networks or applications for known weaknesses.
The practice of gathering, collecting, and logging some or all packets that pass through a computer network.
A situation when a device or system has two or more operations running at the same time that must be completed in proper sequence.
A situation when too much data is placed into a fixed-sized buffer that can cause data corruption.
When a value higher than the maximum or lower than the minimum is used which can result in logic errors.
When a company hires a white hat hacker to assess the security of a system by finding and exploiting vulnerabilities.
Collecting information about a target without directly accessing the system (social media, news, website, etc).
Collecting information about a target by actively engaging a system and analyzing responses (network and port scans).
When the tester is first able to gain access into the target system.
Using a compromised trusted system to gain access to a target system within the same network.
Using tools to gain higher levels of privilege.
When the tester has no knowledge of the target system (simulates an external attack).
When the tester has intimate knowledge of the target system (simulates an internal attack).
When the tester is limited knowledge of the target system.
Risk assessment that gives a numerical (typically monetary) value to the impact of a threat occuring.
How much money could be lost at any one time which is determined by the formula: AV * EF + SLE
How much an asset is worth.
The amount of the asset that would be impacted (amount of time, % of data, etc) by a threat event.
How much can be expected to be lost in a year due to a single threat event which is determined by the formula: SLE * ARO = ALE
How often a threat event per year (typically determined by historical data).
Risk assessment that defines an event’s level of risk in words rather than numbers which is determined by the potential level of impact and the likelihood of occurrence.
Risk response that removes the risk by avoiding the behavior completely.
Risk response that shares the responsibility of the risk with someone else.
Risk response that accepts the risk as is.
Risk response that takes steps to avoid the risk or minimize the impact or likelihood.
Indentation is the visual structure of how your code is laid out. It uses tabs to organize code into a hierarchy.
a set of data that describes and gives information about other data.
The connection between one HTML page to another HTML page
Allows adding an image to a web page. It is self-closing. The attributes of an `<img>` tag include `src`, which specifies where to get the image from (the url for an image ), and `width` and `height` attributes, which specify the size of the image in pixels.
Way to organize information with a simple structure that is easy to read and write on a webpage. There are ordered and unordered HTML lists.
Defines an unordered list in HTML.
defines a list item inside an HMTL list.
Tables display information in a grid.
Allows adding several different types of styles to HTML elements.
Cascading Style Sheets. The language for designing web pages and adding style.
Defines which HTML elements a CSS rule applies to.
`class` is an attribute we can add to HTML tags in order to style a specific group of elements.
`id` is an attribute we can add to an HTML tag to style that specific element.
Stands for Uniform Resource Locator. You are locating a resource that exists somewhere on the internet.
A SQL clause that sorts the returned query results by one or more columns
Ascending order; the default sort direction
Descending order; used to reverse the default sorting
A SQL operation that combines rows from two or more tables based on a related column.
A join where each row in one table is paired with every row in another.
A field in one table that refers to the primary key in another table.
A temporary name assigned to a column or table using the `AS` keyword in SQL
A SQL keyword used to rename fields or tables in the query result
