Distributed Denial of Service (DDoS) attacks aim to take an organization or service offline and originate from multiple, distributed hosts. The difficult part of defending against DDoS attacks is that the hosts are distributed – if it were a single host or small group, you could easily block the traffic with…
Cross Site Scripting is the second most prevalent issue in the Open Source Foundation for Application Security (OWASP) top 10 – it's found in roughly 2/3 of all applications. While automated tools can find some of these problems, there are also automated tools designed to detect and exploit these vulnerabilities.…
Cryptography is the science of using codes and ciphers to protect messages. And encryption involves encoding messages so that only the intended recipient can understand the meaning of the message. It's often used to protect data in transit. Encryption is a two way function – that is, you need to be…
CSRF occurs when a malicious site or program causes a user's browser to perform an unwanted action on a trusted site when the user is authenticated. Any malicious action is limited to the capability of the website to which the user is authenticated. For example, Jane might login to her…
A buffer overflow occurs when the size of information written to a memory location exceeds what it was allocated. This can cause data corruption, program crashes, or even the execution of malicious code. While C, C++, and Objective-C are the main languages which have buffer overflow vulnerabilities (as they deal…
SQL injection is the insertion or injection of a SQL query via input data from the client to the application. Successful attacks can lead to an attacker accessing sensitive data from the database, modifying database data, potentially shutting the database down or issuing other admin commands, recovering the contents of…
A quick and dirty guide to some of the most commonly asked interview questions in entry-level security jobs. What's the difference between an allowlist and a denylist? Allowlist: Everything is denied access, except items which are on the list. For example, a company might compile a list of all authorized…
It's January, which means for a lot of people, it's New Year's Resolution time. Personally, I've never liked the idea of waiting until January to set resolutions for change, but I do like using it as a chance to review what I've accomplished in the last year and set goals…
