CSRF occurs when a malicious site or program causes a user's browser to perform an unwanted action on a trusted site when the user is authenticated. Any malicious action is limited to the capability of the website to which the user is authenticated. For example, Jane might login to her…
A buffer overflow occurs when the size of information written to a memory location exceeds what it was allocated. This can cause data corruption, program crashes, or even the execution of malicious code. While C, C++, and Objective-C are the main languages which have buffer overflow vulnerabilities (as they deal…
SQL injection is the insertion or injection of a SQL query via input data from the client to the application. Successful attacks can lead to an attacker accessing sensitive data from the database, modifying database data, potentially shutting the database down or issuing other admin commands, recovering the contents of…
A quick and dirty guide to some of the most commonly asked interview questions in entry-level security jobs. What's the difference between an allowlist and a denylist? Allowlist: Everything is denied access, except items which are on the list. For example, a company might compile a list of all authorized…
It's January, which means for a lot of people, it's New Year's Resolution time. Personally, I've never liked the idea of waiting until January to set resolutions for change, but I do like using it as a chance to review what I've accomplished in the last year and set goals…
Bug bounty programs allow independent security researchers to report bugs to an organization and receive rewards or compensation. These bugs are usually security exploits and vulnerabilities, though they can also include process issues, hardware flaws, and so on. The reports are typically made through a program run by an independent…
Often in technology, we assume that everyone else is as excited about our product as we are. This tends to be a problem across the board in the tech sector (and even amongst teams, like security and developers, or operations and developers). There's a reason that DevOps and DevSecOps were…
Cover letters, like résumés, are hard. And most people are bad at them. This makes sense – you probably only write a cover letter or résumé every few years. It involves selling yourself and your skills, which is something most people struggle with. On top of this, it's difficult to sort…
