1/75
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
---|
No study sessions yet.
Zed Attack Proxy (ZAP)
An open-source tool by OWASP for finding web app vulnerabilities. It scans, spiders, and intercepts traffic to help with security testing.
Burp Suite
A web vulnerability scanner and proxy tool used for testing and exploiting security flaws in web apps. Popular in penetration testing.
Automated Scanners
Use pre-defined rules to identify known vulnerabilities quickly (e.g., open ports, outdated libraries).
Manual Pen Testing
Human-driven testing focusing on logic flaws, business logic issues, and chained vulnerabilities.
Key Difference between Automated and Manual Pen Testing
Automation finds common issues fast; manual testing uncovers complex, logic-based flaws.
Focus of Vulnerability Assessment
Discovery only, not exploitation — ensures systems aren't harmed during the test.
Why Focus on Discovery Only?
Prevents system damage or disruption, ensures compliance with ethical/legal boundaries, prioritizes risk identification over causing harm.
Continuous Vulnerability Scanning
Recommendation: Yes, regularly scan systems to detect new vulnerabilities as systems, code, and threats evolve.
Authenticated Scans
Run with valid credentials; more thorough.
Unauthenticated Scans
External perspective; less coverage.
Cloud Security Challenges
Shared responsibility model, dynamic resources and ephemeral services, lack of visibility into cloud provider infrastructure.
National Vulnerability Database (NVD)
U.S. government repository of known software vulnerabilities.
National Vulnerability database Usage in Reports
Reference CVEs (Common Vulnerabilities and Exposures) to validate and support findings.
Penetration Testing Process
Phases include Scoping, Reconnaissance, Discovery, Exploitation, and Reporting.
Scoping
Define scope, rules, and goals of engagement.
Reconnaissance
Gather information about targets.
Discovery
Scan for vulnerabilities.
Exploitation
Attempt to manipulate discovered vulnerabilities (in real pen tests).
Reporting
Document findings, risks, and mitigation strategies.
Types of Penetration Testing
Includes Application Testing, Network Testing, and Physical Pen Testing.
Application Testing
Focus on web apps, mobile apps, APIs, and other software to find flaws like injection attacks, authentication/authorization issues, insecure storage, and misconfigurations.
Network Testing
Focus on internal and external network infrastructure (routers, firewalls, switches, servers) to identify vulnerabilities like open ports, weak protocols, insecure configurations, or privilege escalation paths.
Physical Pen Testing
Focus on physical security controls — facilities, data centers, office spaces to test access controls like locks, ID checks, cameras, and employee vigilance.
Social Engineering
Focus: Human vulnerabilities and behavior.
Example of Social Engineering
Phishing emails, pretexting phone calls, or impersonation to get login credentials or access to restricted areas.
Static Testing (SAST)
Analyze code without executing it.
Dynamic Testing (DAST)
Analyze application during runtime.
Black Box Testing
No prior knowledge of the system.
White Box Testing
Full access to source code and infrastructure.
Grey Box Testing
Limited internal knowledge (balanced).
Red Team
Offensive security experts simulating attackers.
Blue Team
Defensive security experts protecting the organization.
Buffer Overflow
A vulnerability where more data is written to a buffer than it can hold, potentially overwriting memory and enabling code execution.
Race Conditions
A flaw that occurs when a system’s outcome depends on the timing of uncontrolled events, leading to unexpected or unsafe behavior.
Input Validation
The process of checking user input to ensure it's safe and expected, preventing attacks like XSS, SQL injection, and more.
How to defend Authentication/Authorization Attacks
Use multi-factor auth and role-based access control.
How to fix Password Vulnerabilities
Enforce strong policies, hash + salt storage.
How to fix Authorization Bypass
Validate user permissions on server side.
Client-Side Attacks XSS
An attack where malicious scripts are injected into web pages, executed in the user’s browser to steal data or hijack sessions.
Server-Side Attacks :SQL & Path
SQL Injection manipulates DB queries to access or alter data. Path Traversal accesses files outside intended directories using sequences like ../
.
Juice Shop Review
Practice identifying and exploiting common vulnerabilities like injection, access control, XSS, etc.
AI-Generated Code Caution
Always audit and test for vulnerabilities — code from AI may miss security best practices.
Broken Access Control
Example: Users accessing data they shouldn't. Prevention: Enforce server-side access control.
Injection
Example: SQL, command, or path injection. Prevention: Use parameterized queries, input sanitization.
Insecure Design
Example: Unauthenticated endpoints. Prevention: Threat modeling, secure design practices.
Security Misconfiguration
Example: Exposed stack traces. Prevention: Harden systems, review and validate configurations.
Identity and Access Management (IAM)
Authentication Methods: Something you know: Password, Something you have: Token, phone, Something you are: Biometrics.
Multi-Factor Authentication (MFA)
Combines two or more authentication factors for increased security.
Mutual Authentication
Both parties verify each other; prevents man-in-the-middle attacks.
Authentication vs Authorization
Authentication: Verifying identity. Authorization: Determining access rights.
Out-of-Band Authentication
Uses separate channel (e.g., SMS code) for verification.
Linux Password Policies
Options: Minimum length, complexity, expiration, reuse restrictions.
Access Control Models
RBAC (Role-Based Access Control): Access based on user roles.
RBAC
Allow access based on user
Tracking Techniques
Organizations and third parties use various methods to monitor user activity and gather behavioral data.
Mobile Apps Tracking
Often request access to location, contacts, camera, microphone, and storage.
Web Cookies
Small text files stored in your browser that track user sessions and preferences. Third-party (from advertisers) allow cross-site tracking.
DNS Queries
Every website visit involves a DNS request. These can be logged by ISPs or other intermediaries, revealing browsing behavior even if the user uses HTTPS.
Email Pixels
Invisible 1x1 images embedded in emails. When the email is opened, the pixel loads and notifies the sender, revealing when, where, and on what device the email was viewed.
Browser Fingerprints
A set of unique attributes about a user's browser and device that can be combined to identify and track users without cookies.
Collected Data Includes
Browser type and version, screen resolution, installed fonts and plugins, time zone, operating system, and language settings.
Private Browsing (Incognito Mode)
Prevents local storage of browsing history, cookies, and form data. Helpful on shared devices to prevent casual snooping.
Limitations of Private Browsing
Does not stop websites, advertisers, your employer, or your ISP from tracking your activity. Does not block fingerprinting, IP-based tracking, or DNS logging. Does not protect against malware or phishing.
Mobile Privacy
Mobile devices pose unique and significant privacy challenges.
Permissions Model
Apps may ask for permissions that exceed their functionality (e.g., a flashlight app requesting location).
Persistent Identifiers
Devices use unique IDs (IMEI, MAC address, advertising ID) that can be used to track across apps and services.
Background Data Collection
Apps may collect and transmit data even when not in use, such as location and user habits.
Location Tracking
GPS, Wi-Fi networks, and cell towers can be used to pinpoint a user's movements in real-time or over time.
Microphone & Camera Access
Apps with granted permissions can access these features without immediate user interaction.
Laws and Compliance
Legal obligations, protect users, avoid fines and lawsuits.
Consequences of Non-Compliance
Fines, legal action, reputation damage.
Information Security Policy
Components: Title, authorship, date, applicability, scope.
Purpose of Information Security Policy
Outline security requirements and responsibilities.
Control Types
Technical: OS hardening, firewall, access controls. Administrative: Documented policies and procedures. Physical: Badges, security cameras, locked doors.
Key Regulations
HIPAA: Health data protection. PCI-DSS: Payment card security. FERPA: Student education records. GDPR: EU data protection law.
Right to be Forgotten
Users can request erasure of their data.