bg_image
header

Fuzzing

Fuzzing is an automated software testing technique where large amounts of random or semi-structured data (also called 'fuzz') are inputted into a program or system to discover unexpected behavior. The goal is to uncover vulnerabilities such as security flaws, crashes, or performance issues by bombarding the system with inputs that may not be properly handled.

The fuzzing process can be conducted in various ways, including using specially designed fuzzing tools or frameworks. These tools automatically generate a variety of inputs to be sent to the software under test. The software's response to these inputs is monitored, and if unexpected behavior is detected (such as a crash or unexpected output), it is considered a potential vulnerability and documented.

Fuzzing is an extremely effective method for identifying software defects and vulnerabilities, especially in complex and error-prone systems such as operating systems, network services, browsers, and embedded systems. It is used by both security researchers and software developers to enhance the robustness and reliability of software


Created 1 Year ago

Advanced Encryption Standard - AES

The Advanced Encryption Standard (AES) is a symmetric encryption technique used to secure data. It was developed by the National Institute of Standards and Technology (NIST) in the United States and officially recognized as a standard in 2001. AES replaces the outdated Data Encryption Standard (DES) due to its improved security and efficiency.

AES uses an algorithm that takes a message and a key as input and converts the message into an encrypted form. The recipient can then use the same key to restore the encrypted message. AES supports various key lengths, including 128, 192, and 256 bits, with 128 bits being the most commonly used key length.

Since AES is a symmetric encryption method, this means that the same key is used both to encrypt and decrypt the data. This makes AES fast and efficient for encrypting large amounts of data, making it a widely adopted standard for securing data in areas such as network security, database encryption, and data storage.

 


Created 1 Year ago

Heartbleed-Bug

The Heartbleed Bug was a severe security vulnerability in the OpenSSL library that was publicly disclosed in April 2014. OpenSSL is a widely-used open-source implementation of SSL/TLS protocols used for encrypting data transmissions over the internet.

The Heartbleed Bug allowed an attacker to retrieve sensitive information from a server's memory by sending specially crafted requests to a server using OpenSSL. This information could include private keys, user login credentials, and other sensitive data. The severity of the vulnerability lay in its ability to allow an attacker to intercept sensitive information unnoticed and without leaving a trace.

The security flaw was quickly publicized, and developers worked to patch OpenSSL to address the Heartbleed Bug. Website operators and service providers were urged to update their systems and reissue certificates to ensure the security of their data and that of their users.

Heartbleed underscores the potential risks posed by security vulnerabilities in critical open-source software projects and highlights the importance of swift responses and updates to ensure internet security.

 


Created 1 Year ago

Data Encryption Standard - DES

The Data Encryption Standard (DES) is a widely-used symmetric encryption algorithm developed in the 1970s. It was established as a standard for encrypting sensitive data by the U.S. government agency NIST (National Institute of Standards and Technology).

DES uses a symmetric key, meaning the same key is used for both encryption and decryption of data. The key is 56 bits long, which is relatively short and considered less secure by today's standards.

DES operates using a Feistel structure, where the input is divided into blocks and encrypted in a series of rounds. Each round employs a substitution-permutation network structure to manipulate the data, working with a portion of the key.

Despite its past widespread use, DES is now considered insecure due to its relatively short key length and advancements in cryptography, particularly in brute-force analysis. It has been replaced by more modern encryption algorithms such as Triple DES (3DES) and the Advanced Encryption Standard (AES).

 


Created 1 Year ago

Browser Exploit Against SSL TLS - BEAST

BEAST (Browser Exploit Against SSL/TLS) was a security vulnerability discovered in September 2011. This vulnerability primarily affected the TLS (Transport Layer Security) protocol, specifically the Cipher Block Chaining (CBC) encryption mode in conjunction with the SSLv3 and TLS 1.0 protocols.

BEAST allowed an attacker to eavesdrop on and decrypt encrypted traffic between a web browser and a server. This was achieved by exploiting a weakness in the way CBC encryption was implemented in SSL/TLS.

To protect against BEAST attacks, it was recommended to upgrade to newer versions of TLS and to use alternative encryption methods that were not vulnerable to this weakness. Many web servers and browsers also implemented patches to mitigate the impact of BEAST.

 


Created 1 Year ago

Padding Oracle On Downgraded Legacy Encryption - POODLE

POODLE (Padding Oracle On Downgraded Legacy Encryption) was a security vulnerability in the SSLv3 (Secure Sockets Layer version 3) encryption protocol, discovered in October 2014. This vulnerability allowed an attacker to eavesdrop on and manipulate encrypted traffic between a web browser and a server. The attack exploited a weakness in the way SSLv3 processed blocks of encrypted data with padding. By exploiting this vulnerability, an attacker could, under certain circumstances, steal sensitive information such as cookies.

Due to the severity of the vulnerability, security experts recommended disabling the use of SSLv3 and upgrading to newer and more secure encryption protocols such as TLS (Transport Layer Security). Many web servers and browsers removed or disabled SSLv3 support to protect against POODLE attacks.

 


Created 1 Year ago

Common Weakness Enumeration - CWE

CWE stands for "Common Weakness Enumeration." It is a standardized list of known security vulnerabilities and weaknesses commonly found in software applications and systems. Managed and maintained by the MITRE Corporation, a nonprofit organization, CWE serves as a reference for security professionals, developers, and organizations to identify, understand, and address vulnerabilities.

CWE contains several hundred entries, each with a unique number and description, categorized into various groups, including injection flaws, cross-site scripting (XSS), authentication issues, sensitive data exposure, and cryptographic weaknesses.

It serves as a valuable tool for risk assessment, security analysis, and software development, helping developers understand and mitigate security vulnerabilities before they can be exploited. CWE is often used in conjunction with other security standards and guidelines, such as the Common Vulnerability Scoring System (CVSS) and the OWASP Top Ten.

 


Created 1 Year ago

Obfuscation

Obfuscation is a process where the source code of a program is altered to make it difficult for humans to understand while maintaining its functionality. This is often done to protect the source code from reverse engineering or to make it more compact without affecting functionality. Techniques such as renaming variables and functions, adding unnecessary code, or altering the program's structure are used. Obfuscation is commonly employed in software development, especially in the creation of commercial software products or in providing software as a service (SaaS), to protect intellectual property and make unwanted manipulation more difficult


Created 1 Year ago

Firewall

A firewall is a network security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between a trusted internal network and untrusted external networks, such as the internet, to prevent unauthorized access to or from the internal network.

Firewalls can be implemented in various forms:

  1. Network Firewall: This type of firewall is typically deployed at the perimeter of a network, such as between an organization's internal network and the internet. It examines packets of data as they pass through, filtering them based on predefined rules to allow or block traffic.

  2. Host-Based Firewall: Host-based firewalls are installed on individual computers or devices to control traffic at the device level. They provide an additional layer of defense by filtering traffic based on specific rules configured for that host.

Firewalls operate based on different filtering methods:

  • Packet Filtering: Packet-filtering firewalls examine packets of data as they pass through the network based on criteria such as source and destination IP addresses, port numbers, and protocols. They make decisions to allow or block packets based on predefined rules.

  • Stateful Inspection: Stateful inspection firewalls keep track of the state of active connections and use this information to make decisions about whether to allow or block traffic. They maintain a record of the state of connections, such as TCP handshakes, and only allow traffic that corresponds to legitimate, established connections.

  • Proxy Firewalls: Proxy firewalls act as intermediaries between clients and servers, intercepting and inspecting traffic before forwarding it to its destination. They can provide additional security by hiding the internal network's IP addresses and applying advanced security measures such as content filtering and application-layer inspection.

Firewalls are a fundamental component of network security and help protect against unauthorized access, data breaches, malware infections, and other cyber threats by enforcing access control policies and filtering potentially harmful traffic.

 


Created 1 Year ago

Intrusion Detection Systems - IDS

Intrusion Detection Systems (IDS) are security solutions designed to continuously monitor networks or computer systems and look for potential security breaches or attacks. The purpose of an Intrusion Detection System is to detect suspicious activities that may indicate an intrusion into a network or system, and subsequently trigger alerts or take actions to ensure security.

There are two main types of Intrusion Detection Systems:

  1. Network-based Intrusion Detection Systems (NIDS): These systems monitor the traffic within a network and look for anomalies or known attack patterns. They analyze packets being transmitted across the network to detect suspicious activities that may indicate an attack or security breach.

  2. Host-based Intrusion Detection Systems (HIDS): In contrast to NIDS, HIDS monitor activities on individual hosts or computers. They monitor system logs, file systems, and other system resources for signs of attacks or unusual behavior that may indicate a security breach.

An Intrusion Detection System can be either signature-based or behavior-based:

  • Signature-based IDS: These detect attacks based on pre-defined patterns or signatures of known attacks. They compare network traffic or system behavior to a database of known attack signatures and trigger an alert when matches are found.

  • Behavior-based IDS: These analyze the normal behavior of the network or system and look for deviations or anomalies that may indicate potential attacks. They operate on the principle that attacks often cause unusual activities that deviate from normal operational behavior.

Intrusion Detection Systems play a crucial role in monitoring and securing networks and computer systems by responding early to potential threats and detecting security breaches to take appropriate countermeasures.

 


Created 1 Year ago
Categories
Object-oriented programming 25 Applications 60 Design Patterns 20 Strategies 120 Continuous Integration - CI 2 Testing 11 Characteristic 54 Protocols 20 Communication 9 Data Structure 5 Version Control 6
PHP 53 Python 4 Ruby 1 TypeScript 3 JavaScript 23 Erlang 2 Java 3 General 4 Python 0 Go 3 Perl 2 Swift 1
NoSQL 9 Relational Databases 16 Concepts 14 General 5 Data Warehouse 2 Time Series Databases 1 Data Types 1
Terraform 1 Cloud Computing 13 Server 4 Network 26 Virtualization 3 Ansible 1 Architecture 7 Characteristics 4
Cascading Style Sheets - CSS 3 Leaner Style Sheets - LESS 1 Syntactically Awesome Stylesheets - Sass 1
Attack Methods 18 Security Mechanisms 12 Organisations 1 Famous Security Loopholes 3
HTML 3 XML 6 Extensible Hypertext Markup Language - XHTML 1 Markdown 1
CSS 1
Kuenstliche Intelligenz 5
SCRUM 5 General 1 Kanban 1 Extreme Programming - XP 1 Crystal 5 Dynamic Systems Development Method - DSDM 1 Feature Driven Development - FDD 1
Applications 2
Characteristics 3 Strategies 2 Applications 2
Tags
Remote Code Execution - RCE 2 Number of entries with this tag Entity-Header 1 Number of entries with this tag PSR-12 1 Number of entries with this tag Graphical User Interface - GUI 6 Number of entries with this tag Joomla 1 Number of entries with this tag Facebook 3 Number of entries with this tag Dritte Normalform - 3NF 4 Number of entries with this tag Model-View-Presenter - MVP 1 Number of entries with this tag Software 300 Number of entries with this tag Kubernetes 2 Number of entries with this tag Web Application Firewall - WAF 2 Number of entries with this tag Broadcast 3 Number of entries with this tag Join Point 1 Number of entries with this tag Data Manipulation Language - DML 1 Number of entries with this tag Magento 1 Number of entries with this tag
Latest Article

Contentful

in Category

DevelopmentPrinciplesApplications

Created 5 Days 13 Hours ago
Random Article

RabbitMQ

in Category

DevelopmentPrinciplesApplications

Created 1 Year ago
Random Tech

Magento

Magento_Logo.png